I can't make deny rules work #473
Unanswered
VictorM700
asked this question in
Q&A
Replies: 3 comments
-
|
So I say to myself, maybe Brave Browser Does use reg.exe, so I removed all deny reg.exe from the policy. It could not have any possiblity of needing Regedit.exe. Copied the 2 policies to acitve. Still no go. Brave doesnt work. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi VictorM700,
The issue you're running into is because you have two base policies and only one of the base policies actually allows brave browser. The solution is to add the rules that you added in your first baseball policy to allow brave browser into your second. Windows works baseball policy as well.
Application control for business, formerly WDAC, no longer constrains the number of base policies on a system.
Thanks,
Jordan
Thanks,
Jordan
…________________________________
From: VictorM700 ***@***.***>
Sent: Thursday, May 8, 2025 9:18:39 PM
To: MicrosoftDocs/WDAC-Toolkit ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [MicrosoftDocs/WDAC-Toolkit] I can't make deny rules work (Discussion #473)
So I say to myself, maybe Brave Browser Does use reg.exe, so I removed all deny reg.exe from the policy. It could not have any possiblity of needing Regedit.exe.
Copied the 2 policies to acitve. Still no go. Brave doesnt work.
—
Reply to this email directly, view it on GitHub<#473 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFP2L2GFJLTPAXNWUCPLUTT25P667AVCNFSM6AAAAAB4X3CEZSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGMBYGIZTSOI>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
So I was mistaken to try to put all the deny's into a separate policy?
But then what is allowing multiple base policies meant to do?
…On Fri, May 9, 2025 at 9:28 AM Jordan Geurten ***@***.***> wrote:
Hi VictorM700,
The issue you're running into is because you have two base policies and
only one of the base policies actually allows brave browser. The solution
is to add the rules that you added in your first baseball policy to allow
brave browser into your second. Windows works baseball policy as well.
Application control for business, formerly WDAC, no longer constrains the
number of base policies on a system.
Thanks,
Jordan
Thanks,
Jordan
________________________________
From: VictorM700 ***@***.***>
Sent: Thursday, May 8, 2025 9:18:39 PM
To: MicrosoftDocs/WDAC-Toolkit ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [MicrosoftDocs/WDAC-Toolkit] I can't make deny rules work
(Discussion #473)
So I say to myself, maybe Brave Browser Does use reg.exe, so I removed all
deny reg.exe from the policy. It could not have any possiblity of needing
Regedit.exe.
Copied the 2 policies to acitve. Still no go. Brave doesnt work.
—
Reply to this email directly, view it on GitHub<
#473 (comment)>,
or unsubscribe<
https://github.com/notifications/unsubscribe-auth/AFP2L2GFJLTPAXNWUCPLUTT25P667AVCNFSM6AAAAAB4X3CEZSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGMBYGIZTSOI>.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
—
Reply to this email directly, view it on GitHub
<#473 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BNNCRVD6Q2SKBLR7ZLIPXOL25SUOXAVCNFSM6AAAAAB4X3CEZSVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGMBZGEYDCMA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I am having difficulties applying a deny policy I think.
I made a base policy WindowsWorks. Then I modified it adding allow for a FolderScan FilePath rule for Brave Browser directory.
That works. Brave runs.
Then I added another Base policy of WindowsWorks, with Denying access to All Occurances of reg.exe and regedit.exe using Path rules. I used file explorer to search for them, and used copyaspath to paste the path into the rule.
Then Brave Browser doesn't work no more.
I understand that Multiple Base policies are allowed. I cannot make a deny policy another way since supplimentary policies cannot add Deny rules.
But I cannot possibly see that Brave Browser can possibly use Reg or Regedit. Yet Brave Browser no longer works when I added this second policy.
What am I doing wrong?
Beta Was this translation helpful? Give feedback.
All reactions