In Windows 10 and Windows 11, Windows Defender Application Control (WDAC) and AppLocker are available as features security on Windows 10/11 Enterprise editions. THE Microsoft then he published a list of proposed exclusion rules in mid-May 2022.
Microsoft's proposed exclusion policy, dated May 13, 2022, lists the applications that should be excluded by default in WDAC on Windows 10, Windows 11, and Windows Server (2016 and later).
The list of applications below was created in collaboration with members of the security community. Microsoft recommends blocking the following applications or files because they could be used by an attacker to circumvent application acceptance policies and control Windows Defender applications.
See the list:
- addinprocess.exe
- addinprocess32.exe
- addinutil.exe
- aspnet_compiler.exe
- bash.exe
- bginfo.exe
- cdb.exe
- cscript.exe
- csi.exe
- dbghost.exe
- dbgsvc.exe
- dnx.exe
- dotnet.exe
- fsi.exe
- fsiAnyCpu.exe
- infdefaultinstall.exe
- kd.exe
- kill.exe
- lxssmanager.dll
- lxrun.exe
- Microsoft.Build.dll
- Microsoft.Build.Framework.dll
- Microsoft.Workflow.Compiler.exe
- msbuild.exe2
- msbuild.dll
- mshta.exe
- ntkd.exe
- ntsd.exe
- powershellcustomhost.exe
- rcsi.exe
- runscripthelper.exe
- texttransform.exe
- visualuiaverifynative.exe
- system.management.automation. Dll
- wfc.exe
- windbg.exe
- wmic.exe
- wscript.exe
- wsl.exe
- wslconfig.exe
- wslhost.exe
Regarding BGInfo, it should be noted that a security flaw in bginfo.exe has been fixed in version 4.22 (the current version is 4.28). Those who use BGInfo should download the latest version to be safe. Versions of BGInfo before 4.22 are still vulnerable and should be excluded.
