Skip to content

Instantly share code, notes, and snippets.

@mattifestation
Created January 25, 2018 09:01
Show Gist options
  • Save mattifestation/c88fc1bcb3e1b47008ad8c451c2caa13 to your computer and use it in GitHub Desktop.
Save mattifestation/c88fc1bcb3e1b47008ad8c451c2caa13 to your computer and use it in GitHub Desktop.
$ScrObjBlockRule = New-CIPolicyRule -DriverFilePath $Env:windir\System32\scrobj.dll -Level FileName -Deny -AppID $Env:windir\System32\regsvr32.exe
# Merge the block rule into the allow all template rule included in the OS
Merge-CIPolicy -OutputFilePath CustomASRPolicy.xml -PolicyPaths $Env:windir\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml -Rules $ScrObjBlockRule
# This must be run elevated. Convert the policy to binary form and copy it to where WDAC will consume it.
ConvertFrom-CIPolicy -XmlFilePath .\CustomASRPolicy.xml -BinaryFilePath $Env:windir\System32\CodeIntegrity\SIPolicy.p7b
# Now reboot and the policy will take effect.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment