-
-
Save mattifestation/a195c2b1e2cf2572cee5cef386b33bc2 to your computer and use it in GitHub Desktop.
Sample Device Guard CI policy to merge into a base policy to block csc.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy"> | |
<VersionEx>10.0.0.0</VersionEx> | |
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID> | |
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
<Rules> | |
<Rule> | |
<Option>Enabled:Unsigned System Integrity Policy</Option> | |
</Rule> | |
<Rule> | |
<Option>Enabled:Audit Mode</Option> | |
</Rule> | |
<Rule> | |
<Option>Enabled:Advanced Boot Options Menu</Option> | |
</Rule> | |
<Rule> | |
<Option>Required:Enforce Store Applications</Option> | |
</Rule> | |
<Rule> | |
<Option>Enabled:UMCI</Option> | |
</Rule> | |
</Rules> | |
<!--EKUS--> | |
<EKUs /> | |
<!--File Rules--> | |
<FileRules> | |
<Deny ID="ID_DENY_CSC" FriendlyName="csc.exe FileRule" FileName="csc.exe" MinimumFileVersion="65535.65535.65535.65535" /> | |
</FileRules> | |
<!--Signers--> | |
<Signers /> | |
<!--Driver Signing Scenarios--> | |
<SigningScenarios> | |
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Kernel mode rules"> | |
<ProductSigners /> | |
</SigningScenario> | |
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="User mode rules"> | |
<ProductSigners> | |
<FileRulesRef> | |
<FileRuleRef RuleID="ID_DENY_D_1" /> | |
</FileRulesRef> | |
</ProductSigners> | |
</SigningScenario> | |
</SigningScenarios> | |
<UpdatePolicySigners /> | |
<CiSigners /> | |
<HvciOptions>0</HvciOptions> | |
</SiPolicy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment