Monday 06 July 2026 13:55:57 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Windows Defender Application Control

A Microsoft feature that can enforce script restrictions and related controls on Windows systems.

Windows Defender Application Control (WDAC) is a Microsoft application-control feature that lets administrators decide which code is allowed to run on a Windows device. It can enforce rules for executables, scripts, DLLs, and drivers based on hashes, paths, publishers, or signing policies. In practice, WDAC is used to block untrusted or unsigned code and to restrict script execution, including common abuse paths such as WScript, PowerShell, or other living-off-the-land tools.

WDAC matters because many attacks depend on running code that looks legitimate enough to blend in. If a policy only allows approved software and trusted scripts, malware has fewer ways to launch or persist. Defenders often pair WDAC with script restrictions, telemetry, and endpoint protection to reduce the risk of malware that uses native Windows automation. It is not a silver bullet: signed malicious code, weak policies, or overly broad allow lists can still leave gaps, so WDAC works best as part of a layered hardening strategy.

← WIKICROOK index