Important Notes and Tips about App Control policies
Supplemental App Control Policy Considerations
Verify Policy type
Verify Policy Rule options
Deny Rules in Supplemental Policy Are Invalid
Rule Precedence
Signing a Supplemental Policy
Removing Supplemental Policies
What if You Deployed an Unsigned Supplemental Policy for a Signed Base Policy?
How Deny Rules for Files and Certificates/Signers Are Specified
Denied File Rules
Denied Certificates/Signer
Guidance on Creating App Control Deny Policies
How to Verify the Status of User-Mode and Kernel-Mode Application Control on the System
Using PowerShell
Using System Information
Refreshing App Control Policies
Using the built-in CiTool
About <SigningScenarios> Node in the App Control Policy XML
Merging Policies
App Control Forces Allow-list Architecture by Nature
About Microsoft Recommended Block Rules
How to Manually Consume the Microsoft Recommended Block Rules
How Do the Allow All Rules Work
Microsoft Recommended Driver Block Rules
Miscellaneous
Blocking Individual Windows components
Blocking Microsoft Store
How to Remove Flight Signing Certificates From Default Example Policies
How to Remove App Control Policy Refresh Tool Certificates From Default Example Policies
Allowing Questionable Software in an App Control Policy
Performing System Reset While Signed App Control Policy Is Deployed
The .CIP Binary File Can Have Any Name or No Name at All
Policies with Required:EV Signers rule option
The Following Policy Rule Options Only Apply to User Mode Binaries/Drivers
You Can Merge the Same Policy XML File With Itself
-Audit Parameter of the ConfigCi Cmdlets
About Double-Signed Files and Filepublisher Level
An example
Some Notes
What Does HVCI option Set to Strict Mean?
About Certificates and Certificate Chains
MSI Files and Their Applicable Rule Levels
The Length of the IDs in the policy XML file has no effect on the size of the generated CIP file
Continue reading about BYOVD protection with App Control for Business
App Control policy for BYOVD Kernel mode only protection