Generate Windows Defender Application Control (WDAC) policies

This online service lets you create .xml and .cip Code Integrity (CI) policy files for Windows Defender Application Control (WDAC). Such policies facilitate whitelisting or blacklisting of applications and drivers and are hence a powerful mechanism to protect your Windows PC from malware. WDAC policies are effective on all editions of Windows 10 and 11, including Home and Pro.

Unlike Microsoft's WDAC Policy Wizard, you do not need to install any software on your computer. Simply download the generated .cip file, place it in the C:\Windows\System32\CodeIntegrity\CiPolicies\Active\ folder and restart your computer. You can also download the corresponding .xml file and augment it further.

Windows version

Auditing

GUID

If you want to replace an existing CI policy, enter its GUID here. Otherwise, use the generated pseudo-random GUID.

Whitelisting of Windows folder

Script enforcement

See Script Enforcement for details.

Well-known block rules

Path and name rules

Allow
Block

You can allow or block apps and scripts by specifying their file name or file path:

  • To create a name rule, simply type the literal name of the file, e.g. OneDriveSetup.exe.
  • On the other hand, path rules contain fully qualified paths or parts thereof. You can use one wildcard (*), either at the beginning or at the end of the path, but not in the middle. You can also use the following macros:
    • %OSDRIVE%
    • %WINDIR%
    • %SYSTEM32%

Allow files by publisher

Select files that are digitally signed with a certificate to create a Publisher Rule based on that certificate. For example, .NET developers may want to select C:\Program Files\dotnet\dotnet.exe, which is signed by a certificate with subject CN=.NET, O=Microsoft Corporation, L=Redmond, S=Washington, C=US.

Allow executable files by hash

Executable files include the following: .exe .dll .ocx .mui

Allow script files by hash

Script files include the following: .vbs .ps1 .bat .cmd

⚠ Files selected here are uploaded and processed on the server. They are deleted immediately after processing. Their total size must be less than 32 MiB.