Set-CMWdacSetting
Modify an existing Microsoft Defender Application Control policy.
Syntax
Set-CMWdacSetting
[-WdacSettings] <CMWdacSettings>
[-EnforcementMode <CMWDACEnforcementMode>]
[-EnforceRestart <Boolean>]
[-EnableIntelligentSecurityGraph <Boolean>]
[-TrustedFolders <DirectoryInfo[]>]
[-TrustedFiles <FileInfo[]>]
[-PassThru]
[-Name <String>]
[-Description <String>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Modify an existing Microsoft Defender Application Control policy. Use New-CMWdacSetting to create a new management policy, and Get-CMWdacSetting to get an existing management policy.
Examples
Example 1: Add trusted binaries to an existing setting
This example gets an existing Microsoft Defender Application Control policy by name. It then passes that object to the Set-CMWdacSetting cmdlet to add two new trusted files.
Get-CMWdacSetting -Name "My App Control setting" | Set-CMWdacSetting -TrustedFiles "xyz.exe", "abc.dll"Parameters
-Description
Specify a new description for the policy object.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableIntelligentSecurityGraph
Use this parameter to authorize software that the Microsoft Intelligent Security Graph trusts. This service includes Windows Defender SmartScreen and other Microsoft services. For this software to be trusted, the device must be running Windows Defender SmartScreen and Windows 10 version 1709 or later.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnforcementMode
Choose one of the following enforcement methods for Microsoft Defender Application Control:
EnforceMode: Only trusted executables can run.AuditMode: Allow all executables to run. Add an entry to the Windows event log when untrusted executables run.
| Type: | CMWDACEnforcementMode |
| Accepted values: | AuditMode, EnforceMode |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnforceRestart
After the client processes the policy, a restart is scheduled on the client. It follows the client settings for Computer Restart. Applications currently running on the device won't have the new Application Control policy applied to them until after the device restarts.
Set this parameter to $true to force the device to restart after the client applies the policy.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Use this parameter to change the name of the specified policy object.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you're working. By default, this cmdlet may not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TrustedFiles
Add trust for specific files.
| Type: | FileInfo[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TrustedFolders
Add trust for specific folders.
| Type: | DirectoryInfo[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WdacSettings
Specify a policy object to modify. Use the Get-CMWdacSettings cmdlet to get this object.
| Type: | CMWdacSettings |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.PowerShell.Cmdlets.EP.WDAC.CMWdacSettings
Outputs
Microsoft.ConfigurationManagement.PowerShell.Cmdlets.EP.WDAC.CMWdacSettings