Modify an existing Microsoft Defender Application Control policy. Use New-CMWdacSetting to create a new management policy, and Get-CMWdacSetting to get an existing management policy.
Examples
Example 1: Add trusted binaries to an existing setting
This example gets an existing Microsoft Defender Application Control policy by name. It then passes that object to the Set-CMWdacSetting cmdlet to add two new trusted files.
Get-CMWdacSetting -Name "My App Control setting" | Set-CMWdacSetting -TrustedFiles "xyz.exe", "abc.dll"
Parameters
-Description
Specify a new description for the policy object.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnableIntelligentSecurityGraph
Use this parameter to authorize software that the Microsoft Intelligent Security Graph trusts. This service includes Windows Defender SmartScreen and other Microsoft services. For this software to be trusted, the device must be running Windows Defender SmartScreen and Windows 10 version 1709 or later.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnforcementMode
Choose one of the following enforcement methods for Microsoft Defender Application Control:
EnforceMode: Only trusted executables can run.
AuditMode: Allow all executables to run. Add an entry to the Windows event log when untrusted executables run.
Parameter properties
Type:
CMWDACEnforcementMode
Default value:
None
Accepted values:
AuditMode, EnforceMode
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-EnforceRestart
After the client processes the policy, a restart is scheduled on the client. It follows the client settings for Computer Restart. Applications currently running on the device won't have the new Application Control policy applied to them until after the device restarts.
Set this parameter to $true to force the device to restart after the client applies the policy.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Name
Use this parameter to change the name of the specified policy object.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PassThru
Returns an object representing the item with which you're working. By default, this cmdlet may not generate any output.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-TrustedFiles
Add trust for specific files.
Parameter properties
Type:
FileInfo[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-TrustedFolders
Add trust for specific folders.
Parameter properties
Type:
DirectoryInfo[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WdacSettings
Specify a policy object to modify. Use the Get-CMWdacSettings cmdlet to get this object.
Parameter properties
Type:
CMWdacSettings
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
1
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.