MSIs and WDAC

Alex Sivchev enn00th at gmail.com
Thu Jun 10 16:20:51 UTC 2021


Hi,

The MSIs' customactions.dll is unsigned and therefore only Hash or
FileName rules [1] can be used to allow it in WDAC policies. Can it be
signed like the rest so that more reasonable and update-proof policies
could be created?

A patch is attached.

Regards,
Alex

[1] https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create#windows-defender-application-control-file-rule-levels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: installer-build-sign.patch
Type: text/x-patch
Size: 1592 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20210610/51a57436/attachment.bin>


More information about the WireGuard mailing list