wdormann/mandiant.xml

## mandiant.xml
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
  <VersionEx>10.0.0.0</VersionEx>
  <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
  <Rules>
    <Rule>
      <Option>Enabled:Unsigned System Integrity Policy</Option>
    </Rule>
    <Rule>
      <Option>Enabled:Audit Mode</Option>
    </Rule>
    <Rule>
      <Option>Enabled:Advanced Boot Options Menu</Option>
    </Rule>
    <Rule>
      <Option>Required:Enforce Store Applications</Option>
    </Rule>
  </Rules>
  <!--EKUS-->
  <EKUs />
  <!--File Rules-->
  <FileRules>
    <Deny ID="ID_DENY_D_5" FriendlyName="c:\tmp\driver7.sys Hash Sha1" Hash="87C2E547126B4EEBFA51142625B14EB4312A53CC" />
    <Deny ID="ID_DENY_D_6" FriendlyName="c:\tmp\driver7.sys Hash Sha256" Hash="7FBA2584BB4FB801F322E3A63253FFAC36A76D9DC5F0A4747746B0791E2A0D0B" />
    <Deny ID="ID_DENY_D_7" FriendlyName="c:\tmp\driver7.sys Hash Page Sha1" Hash="560FB13C8E78B9EA183B20783CDCA7603F87323F" />
    <Deny ID="ID_DENY_D_8" FriendlyName="c:\tmp\driver7.sys Hash Page Sha256" Hash="BAD3FB7189BB70B1C6606F4FE963957C9D1E9FBD4DBF9A416F6F82AF1E4A95B4" />
    <Deny ID="ID_DENY_D_9" FriendlyName="c:\tmp\ene.sys Hash Sha1" Hash="CE280412DD778CAFBE6DBB05B8CAB42E98D3AE56" />
    <Deny ID="ID_DENY_D_A" FriendlyName="c:\tmp\ene.sys Hash Sha256" Hash="795E5774AEFD74200D552BF7EDE17491C254FA7A73E2A00EB0E1462F18211FF5" />
    <Deny ID="ID_DENY_D_B" FriendlyName="c:\tmp\ene.sys Hash Page Sha1" Hash="6CAFC03207391464AB7E69F47228CB82539BEBDE" />
    <Deny ID="ID_DENY_D_C" FriendlyName="c:\tmp\ene.sys Hash Page Sha256" Hash="3F88ABF8908108207DA38DBC9E8690B3D63DB7F856B16E9F0D3A3B389FC72561" />
    <Allow ID="ID_ALLOW_A_1_1" FriendlyName="" FileName="*" />
    <Allow ID="ID_ALLOW_A_2_1" FriendlyName="" FileName="*" />
  </FileRules>
  <!--Signers-->
  <Signers />
  <!--Driver Signing Scenarios-->
  <SigningScenarios>
    <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 03-09-2023">
      <ProductSigners>
        <FileRulesRef>
          <FileRuleRef RuleID="ID_DENY_D_5" />
          <FileRuleRef RuleID="ID_DENY_D_6" />
          <FileRuleRef RuleID="ID_DENY_D_7" />
          <FileRuleRef RuleID="ID_DENY_D_8" />
          <FileRuleRef RuleID="ID_DENY_D_9" />
          <FileRuleRef RuleID="ID_DENY_D_A" />
          <FileRuleRef RuleID="ID_DENY_D_B" />
          <FileRuleRef RuleID="ID_DENY_D_C" />
          <FileRuleRef RuleID="ID_ALLOW_A_1_1" />
        </FileRulesRef>
      </ProductSigners>
    </SigningScenario>
    <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 03-09-2023">
      <ProductSigners>
        <FileRulesRef>
          <FileRuleRef RuleID="ID_ALLOW_A_2_1" />
        </FileRulesRef>
      </ProductSigners>
    </SigningScenario>
  </SigningScenarios>
  <UpdatePolicySigners />
  <CiSigners />
  <HvciOptions>0</HvciOptions>
  <BasePolicyID>{6C024E7D-8728-42E8-BC62-F56D23EF58EB}</BasePolicyID>
  <PolicyID>{6C024E7D-8728-42E8-BC62-F56D23EF58EB}</PolicyID>
</SiPolicy>
	<?xml version="1.0" encoding="utf-8"?>
	<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
	<VersionEx>10.0.0.0</VersionEx>
	<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
	<Rules>
	<Rule>
	<Option>Enabled:Unsigned System Integrity Policy</Option>
	</Rule>
	<Rule>
	<Option>Enabled:Audit Mode</Option>
	</Rule>
	<Rule>
	<Option>Enabled:Advanced Boot Options Menu</Option>
	</Rule>
	<Rule>
	<Option>Required:Enforce Store Applications</Option>
	</Rule>
	</Rules>
	<!--EKUS-->
	<EKUs />
	<!--File Rules-->
	<FileRules>
	<Deny ID="ID_DENY_D_5" FriendlyName="c:\tmp\driver7.sys Hash Sha1" Hash="87C2E547126B4EEBFA51142625B14EB4312A53CC" />
	<Deny ID="ID_DENY_D_6" FriendlyName="c:\tmp\driver7.sys Hash Sha256" Hash="7FBA2584BB4FB801F322E3A63253FFAC36A76D9DC5F0A4747746B0791E2A0D0B" />
	<Deny ID="ID_DENY_D_7" FriendlyName="c:\tmp\driver7.sys Hash Page Sha1" Hash="560FB13C8E78B9EA183B20783CDCA7603F87323F" />
	<Deny ID="ID_DENY_D_8" FriendlyName="c:\tmp\driver7.sys Hash Page Sha256" Hash="BAD3FB7189BB70B1C6606F4FE963957C9D1E9FBD4DBF9A416F6F82AF1E4A95B4" />
	<Deny ID="ID_DENY_D_9" FriendlyName="c:\tmp\ene.sys Hash Sha1" Hash="CE280412DD778CAFBE6DBB05B8CAB42E98D3AE56" />
	<Deny ID="ID_DENY_D_A" FriendlyName="c:\tmp\ene.sys Hash Sha256" Hash="795E5774AEFD74200D552BF7EDE17491C254FA7A73E2A00EB0E1462F18211FF5" />
	<Deny ID="ID_DENY_D_B" FriendlyName="c:\tmp\ene.sys Hash Page Sha1" Hash="6CAFC03207391464AB7E69F47228CB82539BEBDE" />
	<Deny ID="ID_DENY_D_C" FriendlyName="c:\tmp\ene.sys Hash Page Sha256" Hash="3F88ABF8908108207DA38DBC9E8690B3D63DB7F856B16E9F0D3A3B389FC72561" />
	<Allow ID="ID_ALLOW_A_1_1" FriendlyName="" FileName="*" />
	<Allow ID="ID_ALLOW_A_2_1" FriendlyName="" FileName="*" />
	</FileRules>
	<!--Signers-->
	<Signers />
	<!--Driver Signing Scenarios-->
	<SigningScenarios>
	<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 03-09-2023">
	<ProductSigners>
	<FileRulesRef>
	<FileRuleRef RuleID="ID_DENY_D_5" />
	<FileRuleRef RuleID="ID_DENY_D_6" />
	<FileRuleRef RuleID="ID_DENY_D_7" />
	<FileRuleRef RuleID="ID_DENY_D_8" />
	<FileRuleRef RuleID="ID_DENY_D_9" />
	<FileRuleRef RuleID="ID_DENY_D_A" />
	<FileRuleRef RuleID="ID_DENY_D_B" />
	<FileRuleRef RuleID="ID_DENY_D_C" />
	<FileRuleRef RuleID="ID_ALLOW_A_1_1" />
	</FileRulesRef>
	</ProductSigners>
	</SigningScenario>
	<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 03-09-2023">
	<ProductSigners>
	<FileRulesRef>
	<FileRuleRef RuleID="ID_ALLOW_A_2_1" />
	</FileRulesRef>
	</ProductSigners>
	</SigningScenario>
	</SigningScenarios>
	<UpdatePolicySigners />
	<CiSigners />
	<HvciOptions>0</HvciOptions>
	<BasePolicyID>{6C024E7D-8728-42E8-BC62-F56D23EF58EB}</BasePolicyID>
	<PolicyID>{6C024E7D-8728-42E8-BC62-F56D23EF58EB}</PolicyID>
	</SiPolicy>