Default Code Integrity policy for Windows Server

After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in Windows Server 2016, I wrote a blog post on it, it was a very effective way to do application whitelisting, and get secure! When engaging with customers to get their feedback and help deploy WDAC, the consistent feedback has been “it’s…


Overview of Device Guard in Windows Server 2016

With thousands of new malware released every day, it may not be sufficient to only use signature-based detection to fight against malware. Device Guard on Windows Server 2016 changes from a mode where apps are trusted unless blocked by an antivirus or other security solution, to a mode where the operating system trusts only apps…