ما هو برنامج Windows Defender التحكم في التطبيق؟

 

إذا كنت لم تكن مألوفة مع ويندوز المدافع مراقبة التطبيق (الإذنين WDac), اسمحوا لي أن أطلعكم. وينبغي عدم الخلط مع ويندوز المدافع الحرس التطبيق, حل الحاويات لمايكروسوفت إيدج يستخدم Hyper-V لعزل جلسات المتصفح, WDAC is one part of Windows Device Guard. Just to add to the confusion, Microsoft uses Windows Device Guard to refer to the use of WDAC and hypervisor-protected code integrity (HVCI) together.

For more information on Windows Defender Application Guard, نرى Revisiting Application Guard in the Windows 10 أبريل 2018 تحديث on Petri.

Windows Device Guard was introduced in Windows 10 as a new, robust application control solution designed to be more flexible than AppLocker. But Microsoft promoted Device Guard along with HVCI and many IT administrators wrongly assumed that the application control part of Device Guard couldn’t be used without HVCI, which has some hardware requirements that many older devices don’t meet.

العام الماضي, Microsoft announced that the two technologies that makeup Device Guard had been separated into Windows Defender Application Control, which deals with application whitelisting, and Windows Defender Exploit Guard would handle protecting WDAC using HVCI if required. By separating Device Guard into two distinct technologies, Microsoft hopes that IT administrators will understand that HVCI isn’t required to use WDAC.

Windows Defender Application Control

Application control first appeared in Windows XP as Software Restriction Policies (SRP), but it was not widely adopted because it was difficult to implement. AppLocker in Windows 7 was designed to solve that problem. But AppLocker isn’t without its shortcomings. Not least of which is that its implementation isn’t very robust. فمثلا, users with administrative privileges can disable AppLocker.

Windows Defender Application Control uses Code Integrity (CI) policies that are implemented by the Windows kernel right from early in the boot sequence before most other OS code starts running. CI policies also extend to kernel mode code, such as drivers and Windows components, unlike AppLocker that can only be used to whitelist user mode code. Administrators can be prevented from tampering with WDAC by digitally signing CI policies. To change a policy, a user would need administrator privilege and access to the organization’s digital signing process.

Exploit Guard, HVCI, Memory Integrity, VBS – Take Your Pick

بالإضافة إلى, the entire process can be further protected using virtualization-based security (VBS) if your devices meet the necessary hardware requirements. This is enabled using Windows Defender Exploit Guard. Sometimes this is also referred to in Microsoft’s documentation as HVCI. To further muddy the waters, the feature is labeled Memory integrity under Device Security in the Windows Defender Security Center.

Enable HVCI in the Windows Defender Security Center (Image Credit: Russell Smith)

Enable HVCI in the Windows Defender Security Center (Image Credit: Russell Smith)

If you want to enable HVCI using Group Policy or MDM, you need to look for the Turn on Virtualization Based Security setting under Computer Configuration > قوالب الإدارة > النظام > Device Guard. For more information on enabling HVCI, see Microsoft’s website هنا. You can find out if your devices support HVCI by downloading the Device Guard and Credential Guard Readiness Tool من Microsoft.

Windows Defender Application Control is a robust application whitelisting technology that when implemented can significantly reduce the risk of being infected by Advanced Persistent Threats (APTs) and zero-day malware. But as it stands, the lack of a centralized GUI management tool is likely to limit uptake. The PowerShell configuration tools also involve a steep learning curve and require a substantial investment in testing. Some drivers might not be compatible with HVCI. Microsoft has more information on this issue هنا. Organizations interested in deploying WDAC might look to enabling it first on servers where the software portfolio is relatively static.

المنشور ما هو برنامج Windows Defender التحكم في التطبيق؟ ظهرت للمرة الأولى في بيتري.

منشور له صلة

اترك رد

يستخدم هذا الموقع أكيسمت للحد من البريد المزعج. تعلم كيفية معالجة البيانات تعليقك.