F
ForgottenSeer 107474
Thread author
Hi, I was searching the internet on the differences of SAC - WDAC ISG and Defender in Zero Trust mode, when I stumbled on this very detailed and informational study
Hi, I was searching the internet on the differences of SAC - WDAC ISG and Defender in Zero Trust mode, when I stumbled on this very detailed and informational study
In our humble opinion, SAC may be considered as a kind of automatic way to use WDAC. The trade-off for the user or organization is to provide optional diagnostic data to Microsoft. This acceptance of this trade-off should be evaluated by any organization. Configuring a WDAC policy for many computers in an organization and maintaining it for different kind of users can be a complex task. By “outsourcing” the WDAC policy definition to the Microsoft’s cloud-based backend evaluation related to Microsoft Defender Antivirus, SAC automatizes the full process of WDAC policy definition and maintenance. That way, the files are executed in the system if and only if their reputations are known to be good. This design introduces three direct consequences:
...
From a pure security point of view what would you recommend for a new Windows installation: SAC or WHH?I read it in January. Interesting stuff.
From a pure security point of view (with limited ability of new application installations):From a pure security point of view what would you recommend for a new Windows installation: SAC or WHH?