{"id":23441,"date":"2022-02-22T00:17:00","date_gmt":"2022-02-21T23:17:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=23441"},"modified":"2022-02-21T19:48:05","modified_gmt":"2022-02-21T18:48:05","slug":"windows-10-ungewollte-neustarts-wegen-microsoft-defender-application-control-wdac","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/02\/22\/windows-10-ungewollte-neustarts-wegen-microsoft-defender-application-control-wdac\/","title":{"rendered":"Windows 10: Unwanted reboots due to Microsoft Defender Application Control (WDAC)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Windows\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=262813\" target=\"_blank\" rel=\"noopener\">German<\/a>]Today, another short post for administrators who are using Microsoft Defender Application Control (WDAC) in a Windows 10 Enterprise environment or on Windows 11 Enterprise or Windows Server counterparts from 2016 to 2022 and are annoyed by unwanted restarts. These unwanted restarts are caused by a policy setting, as one MVP found out. I'll post the information here on the blog, maybe it will help.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/93772e6b08d84f8aaf1888848162266a\" width=\"1\" height=\"1\">Windows Defender Application Control, or WDAC for short, is only available in some versions of Windows for enterprise environments. WDAC application control, <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-application-control\/windows-defender-application-control\" target=\"_blank\" rel=\"noopener\">according to Microsoft<\/a>, can help mitigate these types of security threats by limiting the applications users are allowed to run and the code that runs in the system core (kernel).<\/p>\n<p><a href=\"https:\/\/twitter.com\/GerryHampson\/status\/1495477578286743554\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Windows-Reboot from WDAC\" alt=\"Windows-Reboot from WDAC\" src=\"https:\/\/i.imgur.com\/jJpEz3M.png\"><\/a><\/p>\n<p>On February 20, 2022, I came across the above <a href=\"https:\/\/twitter.com\/GerryHampson\/status\/1495477578286743554\" target=\"_blank\" rel=\"noopener\">tweet<\/a> from MVP Gerry Hampson. This came to the attention of a customer again with the problem that Windows 10 machines there were rebooting without warning. There was a warning to the user that they would be logged off and the system would restart in 10 minutes.<\/p>\n<p>When analyzing what could be the cause of this unwanted behavior, the problem could be narrowed down to Microsoft Defender Application Control in Microsoft Endpoint Manager. According to <a href=\"https:\/\/docs.microsoft.com\/de-de\/windows\/client-management\/mdm\/applocker-csp\" target=\"_blank\" rel=\"noopener\">this Microsoft documentation<\/a> on AppLocker CSP, a restart is scheduled when a policy is applied or a wipe is performed using the AppLocker\/ApplicationLaunchRestrictions\/Grouping\/CodeIntegrity\/Policy URI. <\/p>\n<p>Gerry Hampson was able to verify that it was exactly the application of a policy that caused this unwanted restart of Windows systems. This was also the case when the policy was removed. In the blog post here, various solutions were suggested by colleagues. <\/p>\n<p><img decoding=\"async\" src=\"https:\/\/i.imgur.com\/xy8bkDw.png\"><\/p>\n<p>Hampson writes that, interestingly, he was able to solve the restart problem by using ConfigMgr for configuration. There is an option there called <em>Enforce a restart &#8230;<\/em> which can be unticked. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Today, another short post for administrators who are using Microsoft Defender Application Control (WDAC) in a Windows 10 Enterprise environment or on Windows 11 Enterprise or Windows Server counterparts from 2016 to 2022 and are annoyed by unwanted restarts. These &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/02\/22\/windows-10-ungewollte-neustarts-wegen-microsoft-defender-application-control-wdac\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,2],"tags":[773,466,194],"class_list":["post-23441","post","type-post","status-publish","format-standard","hentry","category-issue","category-windows","tag-defender","tag-problem","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=23441"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23441\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=23441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=23441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=23441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}