• WDAC Policy for BYOVD Kernel Mode Only Protection
• There Are 3 Types of Kernel Mode Drivers That Can Run on Windows
• Regular drivers
• WHQL drivers
• EV Signed Drivers
• What Is the Solution?
• How to make a strict Kernel mode App Control policy
• From the EKUs section
• From the FileRules section
• From the Signers section
• From the SigningScenarios section
• In the Kernel Mode Signing Scenario block
• In the User Mode Signing Scenario block
• Flight root signers - Optional
• From CiSigners
• How to Use and Automate This Entire Process
• What About User-mode Binaries?
• A rule of thumb
• Supplemental policy
• About ELAM (Early Launch Anti-Malware)
• Continue reading about important App Control notes
• Important Notes and Tips about App Control policies