Best Practice WDAC

[premiumhdx]

Hello

Thanks for the great APP!

What are the best practices for setting up WDAC?
For an environment where each department has the same apps but also its own apps. Approximately 30 different software programs.
The following questions arise

1. One supplemental policy per app?
   1.1 Would this cause performance issues with approximately 30 subpolicies?
2. Is there only one base policy or several?
   2.1 Is Microsoft Windows Recommended User Mode BlockList an additional base policy or supplemental? Does this also apply to the Downloads Run block?
3. For a simple but secure environment, FilePublisher, Publisher, or FileName?

Thank you very much!

[HotCakeX]

Hi, my pleasure 🙏

Your setup is pretty straightforward and it's good that you already have a list of apps that will need to be allowed.

Yes, it is recommended have one policy per app. Windows doesn't have any limit on how many policies you can deploy. You need to choose 1 base policy, all your Supplemental policies will be associated with the same base policy.

You do need the 2 block lists, recommended user-mode and recommended kernel-mode block lists. The latter is already enabled since Windows 11 22H2. They are both base policy types.

AppControl Manager has the default level set to WHQL File Publisher, if a file doesn't meet the requirements for it, it will use File Publisher, if not then it will use Publisher and if not then it will fall back to Hash which is mainly for Unsigned files.

Will be happy to help further if needed!