Create Supplemental App Control Policy
Use AppControl Manager to create Supplemental App Control policies for your base policies. Use Supplemental policies to expand the scope of your base policies by allowing more files or applications.
With AppControl Manager, you can easily create a supplemental policy by scanning files or folders. If an application or file is being blocked by Application Control, use this feature to scan its files or installation directory. This process enables you to generate a supplemental policy that ensures the application or file can run seamlessly on your system.
-
Browse For Files: Use this button to browse for files on the system. Multiple files can be added at once.
-
Browse for Folders: Use this button to browse for folders on the system. Multiple folders can be added at once.
-
Policy Name: Enter a name for the Supplemental policy. You will be able to use this name to detect it after deployment in the System Information section of the AppControl Manager.
-
Base Policy File: Browse for the path to the base policy XML file that this Supplemental policy will be expanding.
-
Scalability: Use this gauge to set the number of concurrent threads for the scan. By default, 2 threads are used. Increasing this number will speed up the scan but will also consume more system resources.
-
Select Scan Level: You can choose from different scan levels. Refer to this page for all the information about them.
Tip
Use the View Detected File Details section to view highly detailed results of the files and folder scans.
If you have certificate .cer files, you can use this feature to scan them and create a Supplemental App Control policy based on them. Once deployed, it will allow any file signed by those certificates to run on the system.
-
Browse For Certificates: Use this button to browse for certificate
.cerfiles on the system. Multiple files can be added at once. -
Policy Name: Enter a name for the Supplemental policy. You will be able to use this name to detect it after deployment in the System Information section of the AppControl Manager.
-
Base Policy File: Browse for the path to the base policy XML file that this Supplemental policy will be expanding.
-
Signing Scenario: Choose between User Mode or Kernel Mode signing scenarios. If you choose User Mode, the supplemental policy will only allow User Mode files signed by that certificate to run and Kernel mode files such as drivers will remain blocked.
This supplemental policy does not explicitly permit any files or applications by default. Instead, it leverages the Intelligent Security Graph (ISG) to dynamically evaluate and automatically authorize trusted files and applications.
-
Policy Name: Enter a name for the Supplemental policy. You will be able to use this name to detect it after deployment in the System Information section of the AppControl Manager.
-
Base Policy File: Browse for the path to the base policy XML file that this Supplemental policy will be expanding.
This supplemental policy can be created only for Kernel-mode files/drivers, typically after creating and deploying the Strict Kernel-mode base policy. When you press the Create Supplemental Policy button, any logs available in the View Detected Kernel-mode files section will be included in the policy. You can select and delete logs that you don't want to be included.
-
Auto Driver Detection: Use this feature to automatically detect all drivers on the system. The results will be available in the
View Detected Kernel-mode filessection at the bottom. -
Scan for All Kernel-mode logs: Use this button to scan the entire Code Integrity logs for Kernel-mode files and display the results in the
View Detected Kernel-mode filessection. -
Scan for All Kernel-mode logs Since Last Reboot: Use this button to scan the Code Integrity logs that were generated since the last computer reboot for Kernel-mode files and display the results in the
View Detected Kernel-mode filessection. -
Policy Name: Enter a name for the Supplemental policy. You will be able to use this name to detect it after deployment in the System Information section of the AppControl Manager.
-
Base Policy File: Browse for the path to the base policy XML file that this Supplemental policy will be expanding.
- Create AppControl Policy
- Create Supplemental Policy
- System Information
- Configure Policy Rule Options
- Simulation
- Allow New Apps
- Build New Certificate
- Create Policy From Event Logs
- Create Policy From MDE Advanced Hunting
- Create Deny Policy
- Merge App Control Policies
- Deploy App Control Policy
- Get Code Integrity Hashes
- Get Secure Policy Settings
- Update
- Sidebar
- Validate Policies
- View File Certificates
- Introduction
- How To Generate Audit Logs via App Control Policies
- How To Create an App Control Supplemental Policy
- The Strength of Signed App Control Policies
- App Control Notes
- How to use Windows Server to Create App Control Code Signing Certificate
- Fast and Automatic Microsoft Recommended Driver Block Rules updates
- App Control policy for BYOVD Kernel mode only protection
- EKUs in App Control for Business Policies
- App Control Rule Levels Comparison and Guide
- Script Enforcement and PowerShell Constrained Language Mode in App Control Policies
- How to Use Microsoft Defender for Endpoint Advanced Hunting With App Control
- App Control Frequently Asked Questions (FAQs)
- Create Bootable USB flash drive with no 3rd party tools
- Event Viewer
- Group Policy
- How to compact your OS and free up extra space
- Hyper V
- Overrides for Microsoft Security Baseline
- Git GitHub Desktop and Mandatory ASLR
- Signed and Verified commits with GitHub desktop
- About TLS, DNS, Encryption and OPSEC concepts
- Things to do when clean installing Windows
- Comparison of security benchmarks
- BitLocker, TPM and Pluton | What Are They and How Do They Work
- How to Detect Changes in User and Local Machine Certificate Stores in Real Time Using PowerShell
- Cloning Personal and Enterprise Repositories Using GitHub Desktop
- Only a Small Portion of The Windows OS Security Apparatus
- Rethinking Trust: Advanced Security Measures for High‐Stakes Systems
- Clean Source principle, Azure and Privileged Access Workstations
- How to Securely Connect to Azure VMs and Use RDP
- Basic PowerShell tricks and notes
- Basic PowerShell tricks and notes Part 2
- Basic PowerShell tricks and notes Part 3
- Basic PowerShell tricks and notes Part 4
- Basic PowerShell tricks and notes Part 5
- How To Access All Stream Outputs From Thread Jobs In PowerShell In Real Time
- PowerShell Best Practices To Follow When Coding
- How To Asynchronously Access All Stream Outputs From Background Jobs In PowerShell
- Powershell Dynamic Parameters and How to Add Them to the Get‐Help Syntax
- RunSpaces In PowerShell
- How To Use Reflection And Prevent Using Internal & Private C# Methods in PowerShell
