Q: You sign WDAC / App Control policies with the application publisher's certificate, right?

No. You sign the policy with the deploying organisation's code-signing certificate -- typically an internal PKI leaf, with the private key on a hardware token or in a sealed vault [ 1 ] . The application publisher's certificate is what the policy evaluates against at image-load time (signer rules in the policy reference publisher subjects). The two are entirely different roles. A common misreading is to assume that "signed policy" means "policy that allows signed apps" -- it does not. Signed policy means the .cip file itself carries a signature that prevents a SYSTEM attacker from removing or replacing it.

Q: There is a Microsoft feature called Intelligent Trusted List or ITL, right?

No such feature exists. A search of Microsoft Learn produces zero results for ITL or Intelligent Trusted List ; URLs cited by AI summaries return 404; and the definitions offered by AI summaries contradict each other. The closest real Microsoft features are the Intelligent Security Graph [ 27 ] , the Microsoft Recommended Block Rules [ 32 ] , and Smart App Control [ 41 ] . If you see ITL in a security blog or AI-generated summary, treat it as a fabrication and ignore it.

Q: AaronLocker is the AppLocker bypass catalogue, right?

No. AaronLocker is Aaron Margosis's deployment tool [ 14 ] . It is a PowerShell-based generator that authors thorough audit and enforce policies for AppLocker and App Control. The canonical AppLocker bypass catalogue is Oddvar Moe's UltimateAppLockerByPassList [ 15 ] . The canonical App Control bypass catalogue is Jimmy Bayne's bohops/UltimateWDACBypassList [ 16 ] . Microsoft's own bypass list is the Applications that can bypass App Control page [ 32 ] . Four different artefacts, four different roles.

TL;DR

Windows ships two application-control systems in parallel in 2026: AppLocker, a per-user policy evaluator that lives in the user-mode Application Identity service, and App Control for Business (still widely called WDAC), a kernel policy evaluator built into ci.dll. Microsoft itself states that AppLocker "doesn't meet the servicing criteria for being a security feature" while App Control was designed as one under the MSRC servicing criteria. That single sentence explains why both still ship. AppLocker handles per-user policy on devices that have no code-signing PKI. App Control, with a signed policy and HVCI on, is the only configuration that survives an admin-equivalent attacker. This article walks the architecture of each, the structural ceilings of both, the role of ISG and the Recommended Block Rules, and the five-question decision tree for picking between them in 2026.

1. Two Locks on the Same Door

Sit down on a Windows 11 24H2 device in 2026. Open gpedit.msc. Navigate to Computer Configuration -> Windows Settings -> Security Settings, and you will find a node called AppLocker, with five rule collections waiting to be populated. Now walk one branch over to Computer Configuration -> Administrative Templates -> System -> Device Guard. That node, despite the obsolete name in the GPO tree, is where you author policy for what Microsoft now calls App Control for Business ^[1] -- the same kernel-enforced application-control engine that has been renamed twice since launch (Configurable Code Integrity in 2015, Windows Defender Application Control in 2017, App Control for Business in 2024) ^[2] but never replaced.

Two completely separate policy nodes. Two completely separate deployment surfaces. Two completely separate enforcement architectures. Both shipping in the same SKU on the same device in 2026. Both documented as currently supported on Microsoft Learn ^[1]. Which one is "the right one"? The honest answer turns out to be neither, and both, and the reason is a single sentence on a single Microsoft Learn page that draws a line between security feature and operational hygiene control sharper than most practitioners realise.

Application control

A policy mechanism that decides, at process-launch or image-load time, whether a given binary, script, or installer is allowed to execute on a Windows device. An application-control policy is an enumerated set of allow rules (an allowlist), deny rules (a blocklist), or both. The decision is made by an OS-resident evaluator before the binary's main entry point runs.

Microsoft's own App Control and AppLocker Overview page makes the line explicit. AppLocker ^[1], in Microsoft's own words, "helps to prevent end-users from running unapproved software on their computers but doesn't meet the servicing criteria for being a security feature." App Control for Business, in contrast, was "designed as a security feature under the servicing criteria, defined by the Microsoft Security Response Center" ^[1]. The MSRC servicing criteria are not marketing copy. They are the rule that decides whether a defect in a Windows feature gets a CVE ^[3]. AppLocker bypasses do not get CVEs. App Control bypasses, with the right configuration, do.

Ctrl + scroll to zoom

Diagram source

flowchart LR
Root["Computer Configuration"]
Sec["Windows Settings"]
Adm["Administrative Templates"]
SecSet["Security Settings"]
Sys["System"]
AL["AppLocker node
(user-mode AppIDSvc)"]
DG["Device Guard node
(kernel ci.dll / App Control for Business)"]
Root --> Sec
Root --> Adm
Sec --> SecSet
SecSet --> AL
Adm --> Sys
Sys --> DG

Diagram source

flowchart LR
Root["Computer Configuration"]
Sec["Windows Settings"]
Adm["Administrative Templates"]
SecSet["Security Settings"]
Sys["System"]
AL["AppLocker node
(user-mode AppIDSvc)"]
DG["Device Guard node
(kernel ci.dll / App Control for Business)"]
Root --> Sec
Root --> Adm
Sec --> SecSet
SecSet --> AL
Adm --> Sys
Sys --> DG

Two parallel GPO trees on a Windows 11 24H2 device: AppLocker under Security Settings, App Control under Administrative Templates / Device Guard. Same device, two policies.

The rest of this article pays off that one sentence. The first half walks the architecture of each system at the level of who evaluates what, where in the operating system, and against which attacker. The second half makes the practitioner decision tractable: which one to deploy in 2026, what to pair it with, and what no allowlist of any generation can do.

AppLocker and App Control for Business are not two generations of the same product. They are two different products solving two different problems. AppLocker is an operational hygiene control whose enforcement Microsoft itself disclaims as a security boundary. App Control for Business, when its policy is signed by the deploying organisation and HVCI is on, is the security boundary. Both still ship because neither is a strict superset of the other.

If both are shipping and both are recommended in different Microsoft Learn pages, what exactly does each one do? And why is the line between them drawn in Microsoft's servicing criteria rather than in its feature inventory? To answer that, we have to start before either product existed.

2. Pre-History -- Why an OS Needs Application Control at All

The 1999-2001 macro-virus and worm era -- ILOVEYOU ^[4], Code Red ^[5], Nimda ^[6] -- made it unsurvivable for Windows to trust any binary the user had Execute permission on. The default behaviour of a Windows desktop in that era was: if the bits are on disk and the user can read them, they run. There was no per-binary policy gate. The OS-level answer Microsoft shipped in October 2001 was Software Restriction Policies, an XP RTM feature documented at length the following year by John Lambert at Virus Bulletin 2002 ^[7].

SAFER API

The user-mode Windows API (WinSafer*) that SRP used to evaluate a candidate executable against the configured rule set. The SAFER evaluator returned one of three security levels -- Disallowed, Basic User, or Unrestricted -- on each CreateProcess. The decision lived entirely in user mode, in the same address space as the loader, which is the architectural defect AppLocker partially inherited and App Control later corrected.

SRP supported five rule conditions ^[8]: hash, certificate, path, Internet zone, and registry path. Each condition tested a candidate file against an administrator-authored allow or deny rule, returning a SAFER security level that the user-mode evaluator honoured at CreateProcess. The model was right: a per-machine GPO-administered policy evaluated against a defined file taxonomy.

Authenticode

The Microsoft code-signing format that binds a publisher identity (an X.509 certificate chain) to a PE binary via a cryptographic signature embedded in the binary's optional header. Authenticode is the plumbing every Windows application-control system uses to answer the question "who published this binary?" -- but it cannot answer "what will this binary do once it runs?". Authenticode mechanics are out of scope here; the companion Authenticode article covers them in full.

But SRP's management surface was a series of footguns. There were no per-user rules. There was no audit-only mode -- you authored a rule and immediately enforced it. There was no PowerShell module; configuration was an MMC snap-in click path. And the Internet-Zone rule was structurally fragile: it depended on the Zone.Identifier Alternate Data Stream, which exists only on NTFS and which any user can strip with streams.exe -d. The Zone.Identifier ADS is also silently stripped by FAT and exFAT copies, by many archive formats during extraction, and by any process that rewrites the file. SRP's zone rule was therefore reliable only against the most casual download paths -- exactly the threat model SRP claimed to address. The structural reason AppLocker dropped Internet Zone as a rule condition in 2009 starts here.

SRP is genealogy, not subject matter, for the rest of this article. Microsoft never formally deprecated it, but practitioners abandoned it within a year of AppLocker's 2009 release, and Microsoft Learn now points anyone arriving at the SRP page toward AppLocker or App Control. The three operational defects -- no per-user, no audit, no PowerShell -- sketch the brief that the AppLocker team would inherit. What did Microsoft actually ship in 2009, and where did its designers draw the line between manageability and security?

Ctrl + scroll to zoom

Diagram source

flowchart TD
SRP["2001 -- Software Restriction Policies
(Windows XP RTM)
user-mode SAFER API"]
AL["2009 -- AppLocker
(Windows 7 / Server 2008 R2)
user-mode AppIDSvc + AppID.sys minifilter"]
CCI["2015 -- Configurable Code Integrity
(Windows 10 1507, under Device Guard umbrella)
kernel ci.dll"]
WDAC["2017 -- Windows Defender Application Control
(Windows 10 1709)
same kernel ci.dll, new brand"]
ACfB["2024 -- App Control for Business
(Windows 11 24H2 / Server 2025)
same kernel ci.dll, third brand"]
Now["2026 -- both AppLocker and App Control for Business ship in the same SKU"]
SRP -- effectively orphaned --> AL
AL -- peer mechanism added, not replaced --> CCI
CCI -- renamed --> WDAC
WDAC -- renamed --> ACfB
AL -- still ships --> Now
ACfB -- still ships --> Now

Diagram source

flowchart TD
SRP["2001 -- Software Restriction Policies
(Windows XP RTM)
user-mode SAFER API"]
AL["2009 -- AppLocker
(Windows 7 / Server 2008 R2)
user-mode AppIDSvc + AppID.sys minifilter"]
CCI["2015 -- Configurable Code Integrity
(Windows 10 1507, under Device Guard umbrella)
kernel ci.dll"]
WDAC["2017 -- Windows Defender Application Control
(Windows 10 1709)
same kernel ci.dll, new brand"]
ACfB["2024 -- App Control for Business
(Windows 11 24H2 / Server 2025)
same kernel ci.dll, third brand"]
Now["2026 -- both AppLocker and App Control for Business ship in the same SKU"]
SRP -- effectively orphaned --> AL
AL -- peer mechanism added, not replaced --> CCI
CCI -- renamed --> WDAC
WDAC -- renamed --> ACfB
AL -- still ships --> Now
ACfB -- still ships --> Now

The 25-year generational arc of Windows application control. Each row is a generation; the right-most column shows whether the technology still ships in 2026.

3. AppLocker (2009) -- The Architecture Microsoft Documents

October 22, 2009. AppLocker ships in Windows 7 Enterprise / Ultimate and in Windows Server 2008 R2 ^[9] ^[10]. What did Microsoft actually build, exactly as Microsoft Learn documents it?

Five rule collections ^[11]:

Executable -- .exe, .com
DLL -- .dll, .ocx (off by default; opt-in for performance reasons)
Script -- .ps1, .vbs, .js, .bat, .cmd
Windows Installer -- .msi, .msp, .mst
Packaged App -- .appx, .msix

The script collection's inclusion of .bat and .cmd is a coverage detail that survives into 2026 as one of the few capabilities AppLocker has and App Control does not ^[12]. Hold that thought; it returns in section 10.

Three rule conditions:

Publisher -- the Authenticode subject name, product name, file name, and minimum file version. The load-bearing usability win over SRP: a single Publisher rule for "binaries signed by Microsoft Corporation with product Office, version 16.0 or higher" survives every patch the vendor ships.
Path -- with environment-variable and wildcard support (%ProgramFiles%\Contoso\*.exe).
File Hash -- the SHA-256 of the binary. Stable but brittle; one update breaks the rule.

Publisher rule

An AppLocker (or App Control) rule that allows or denies execution based on the Authenticode signer subject, the file's signed metadata (Original Filename, Product Name), and an optional minimum version. The publisher gate trusts the certificate authority's binding of signer name to private key; it does not evaluate what the signed code will do at runtime. The structural limit of any publisher-gate allowlist is that signed code can be made to load and execute attacker-controlled data -- this is what the Microsoft Recommended Block Rules in section 8 enumerate.

AppLocker also added the three management capabilities SRP lacked: per-user / per-group rule assignment via the AppLocker PowerShell module (Get-AppLockerPolicy, Set-AppLockerPolicy, Test-AppLockerPolicy, New-AppLockerPolicy), audit-only mode that logs would-be denials without enforcing them, and a real GPO editor experience under Security Settings. The per-user capability is still, in 2026, the operational reason AppLocker has not gone away ^[12]; we will return to that in section 11.

The architecture is the part most readers underestimate. AppLocker is a kernel-mode minifilter that asks a user-mode service for the verdict. Microsoft's AppLocker Architecture and Components page documents the user-mode side at the service-and-callback level ^[13]: the policy decision is deferred to the user-mode Application Identity service (AppIDSvc) running as LocalService, which evaluates policy via SeAccessCheckWithSecurityAttributes or AuthzAccessCheck against the calling user's group memberships, with interception points at process create, DLL load, and script run. The kernel-side component is the AppId.sys minifilter shipped in %SystemRoot%\System32\drivers\; it issues the callbacks at process creation, optional DLL load, script-host invocation, MSI execution, and packaged-app activation, and the kernel honours the verdict the service returns.

Application Identity service (AppIDSvc)

The Windows service that evaluates AppLocker rules. Runs as LocalService under a service host process. The kernel minifilter AppID.sys collects the candidate file's metadata at the relevant lifecycle hook (process create, image load, script host start) and waits for AppIDSvc to return an access decision derived from the active AppLocker policy and the calling user's token. Stopping AppIDSvc stops AppLocker enforcement -- this is the architectural fact the next section turns on.

Ctrl + scroll to zoom

Diagram source

sequenceDiagram
participant U as User
participant K as Kernel (CreateProcess)
participant Min as AppID.sys minifilter
participant Svc as AppIDSvc (user mode)
participant Pol as Active AppLocker policy
U->>K: CreateProcess foo.exe
K->>Min: process-create callback
Min->>Svc: query verdict for foo.exe and caller token
Svc->>Pol: AuthzAccessCheck against publisher / path / hash rules
Pol-->>Svc: allow or deny
Svc-->>Min: verdict
Min-->>K: honour verdict
K-->>U: process starts or STATUS_ACCESS_DENIED

Diagram source

sequenceDiagram
participant U as User
participant K as Kernel (CreateProcess)
participant Min as AppID.sys minifilter
participant Svc as AppIDSvc (user mode)
participant Pol as Active AppLocker policy
U->>K: CreateProcess foo.exe
K->>Min: process-create callback
Min->>Svc: query verdict for foo.exe and caller token
Svc->>Pol: AuthzAccessCheck against publisher / path / hash rules
Pol-->>Svc: allow or deny
Svc-->>Min: verdict
Min-->>K: honour verdict
K-->>U: process starts or STATUS_ACCESS_DENIED

An EXE launch under AppLocker. The kernel minifilter intercepts the operation but defers the decision to a user-mode service.

The five-by-three matrix below is the policy surface a practitioner authors against:

Collection / Condition	Publisher	Path	File Hash
Executable (`.exe`, `.com`)	yes	yes	yes
DLL (`.dll`, `.ocx`)	yes	yes	yes
Script (`.ps1`, `.vbs`, `.js`, `.bat`, `.cmd`)	yes	yes	yes
Windows Installer (`.msi`, `.msp`, `.mst`)	yes	yes	yes
Packaged App (`.appx`, `.msix`)	yes (publisher only)	no	no

The DLL collection is off by default for a reason Microsoft Learn warns about plainly ^[11]: "When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used." That cost is paid for every load of every DLL by every running process; on a workstation that loads thousands of DLLs at boot it is observable in startup time. The Packaged App collection is publisher-only because the Universal Windows Platform packaging format always carries an Authenticode signature.

AppLocker's design is admirable. It fixed every operational defect of SRP, it shipped per-user rules a decade before App Control's kernel evaluator caught up, and its PowerShell module is still the most ergonomic Windows application-control authoring surface in 2026. But notice one thing about that sequence diagram: the policy decision lives in a user-mode service. What happens to enforcement if the attacker is running as SYSTEM?

4. AppLocker's Structural Limit -- Why It Was Never a Security Boundary

A single PowerShell line. sc.exe stop AppIDSvc from a LocalSystem context -- the canonical first-step bypass catalogued in UltimateAppLockerByPassList ^[15] and reproduced in Oddvar Moe's December 2017 case study [@oddvarmoe-applocker-case-study; @oddvarmoe-applocker-case-study-part2]. Enforcement degrades until the next reboot. Is that a bug?

It is not. It is the design. And three converging pieces of evidence -- Microsoft's own words, the documented architecture, and the public bypass record -- agree on the scope.

1. Microsoft's own servicing-criteria language. The App Control and AppLocker Overview page says, verbatim ^[1]: "AppLocker helps to prevent end-users from running unapproved software on their computers, but it doesn't meet the servicing criteria for being a security feature." The MSRC Windows Security Servicing Criteria document ^[3] is the rule the MSRC uses to decide whether a defect in a Windows feature qualifies for a CVE. Defects in a security boundary receive CVEs and a coordinated patch. Defects in a defense-in-depth feature may not -- they are documented and, when convenient, fixed, but Microsoft does not promise that every bypass will be treated as a vulnerability. AppLocker is the second category. App Control, when configured to qualify, is the first.

2. The user-mode AppIDSvc architecture is the proximate reason. Restate the section-3 diagram: the kernel minifilter AppID.sys collects the file metadata, but the verdict is returned by AppIDSvc running in user mode as LocalService. Any process running as LocalSystem or with administrator privilege can stop AppIDSvc. Stopping the service does not just bypass a rule; it removes the evaluator that the kernel was waiting for. The Microsoft Learn architecture page describes the evaluation surface explicitly ^[13]: "AppLocker policies are conditional access control entries (ACEs), and policies are evaluated by using the attribute-based access control SeAccessCheckWithSecurityAttributes or AuthzAccessCheck functions." AuthzAccessCheck is a user-mode Authz API; the evaluation chain ends in a process that an admin can stop.

3. The published bypass corpora. Oddvar Moe's UltimateAppLockerByPassList ^[15] catalogues rundll32.exe, regsvr32.exe, mshta.exe, installutil.exe, msbuild.exe, and a long list of others, each documented to bypass the default AppLocker rule set without administrator privileges. Moe's December 2017 case study ^[17] paired a defined test environment (Windows 10 1703 Enterprise with the default AppLocker rules applied and no third-party software) against a defined adversary capability (an unprivileged interactive user) and demonstrated fourteen distinct bypass techniques. That made "AppLocker is bypassable in practice without admin" an empirical claim, not a theoretical one.

And -- this is the part that closes the argument -- the Microsoft-org-hosted AaronLocker README ^[14] states the same scope plainly: "AaronLocker does not try to stop administrative users from running anything they want -- and application control solutions cannot meaningfully restrict administrative actions anyway. A determined user with administrative rights can bypass any application control solution." The bypass community and the Microsoft-employee-maintained deployment baseline agree.

This is the article's first reorientation. The convergence of the Microsoft servicing-criteria language, the kernel-defers-to-user-mode architecture, and the published bypass record is not three independent observations; it is one observation viewed from three angles. AppLocker is a hygiene control. The bypassability against an admin-equivalent attacker is a scope statement, not a defect. The misconception that AppLocker was ever supposed to defend against an attacker with SYSTEM lives in the reader, not in the product.

The three pieces of evidence, tabulated:

Evidence	Source	What it establishes
MSRC servicing-criteria language	Microsoft Learn App Control and AppLocker Overview ^[1]	AppLocker is not a security feature under MSRC criteria
User-mode `AppIDSvc` architecture	Microsoft Learn AppLocker Architecture and Components ^[13]	A `LocalSystem` or admin attacker can stop the evaluator
Public bypass corpora	Oddvar Moe `UltimateAppLockerByPassList` ^[15]; Moe 2017 case study ^[17]	Demonstrated bypasses without admin against default rules
Microsoft-org-hosted deployment baseline	AaronLocker README, Aaron Margosis ^[14]	Microsoft-employee-maintained tool states the scope identically

JavaScript-style pseudocode The sc.exe stop AppIDSvc degradation, in pseudocode read-only

// Pseudocode walk of what happens when an admin or LocalSystem process
// stops AppIDSvc. The actual demonstration requires admin on a Windows
// host; this is the logic the kernel minifilter follows.

function onProcessCreate(candidateExe, callerToken) {
const svc = queryService('AppIDSvc');
if (svc.state !== 'Running') {
  // No evaluator. The minifilter cannot block on the verdict
  // because the verdict source is gone. Enforcement degrades.
  return ALLOW;
}
const verdict = svc.evaluate(candidateExe, callerToken);
return verdict; // honoured by the kernel as ALLOW or DENY
}

// After: sc.exe stop AppIDSvc  (requires admin / SYSTEM)
//   queryService('AppIDSvc').state === 'Stopped'
//   onProcessCreate(...) returns ALLOW for every candidate
//   until AppIDSvc restarts (typically next reboot)

If AppLocker cannot defend against an admin-equivalent attacker by design, and that became obvious inside Microsoft by the early 2010s, the question is no longer "why is AppLocker not enough?" It is: what would a Windows application-control system designed against an admin-equivalent attacker actually look like? Microsoft answered that question with Windows 10.

5. The Generational Pivot -- Configurable Code Integrity, WDAC, App Control for Business

With Windows 10, Microsoft introduces Device Guard. The framing in the official October 2017 retrospective is unusually candid for a Microsoft product communication: "With Windows 10 we introduced Windows Defender Device Guard" -- and the new mechanism's value proposition, the retrospective explains, is that its enforcement does not depend on a user-mode service an administrator can turn off ^[2]. Where AppLocker's AppIDSvc evaluator can be stopped from a LocalSystem shell, the new mechanism's evaluator lives in the kernel and validates its policy file cryptographically. Microsoft was not hiding what changed. Microsoft was announcing what changed.

The 2014-2015 threat-model shift inside Microsoft is well documented in retrospect ^[2]. Post-Pass-the-Hash, post-APT, the working assumption was that the adversary reaches administrator quickly -- and that any control whose enforcement could be turned off by an administrator was therefore not, in itself, a defense against the modern adversary. AppLocker could not be retrofitted to defend against that model because its evaluator lives in user mode by design. The fix was structural: build a peer mechanism in the kernel Code Integrity component.

Code Integrity (ci.dll)

The Windows kernel component that enforces signature and policy checks on every image loaded into memory. The same ci.dll enforces driver signing (KMCS) and Driver Signature Enforcement (DSE); the App Control for Business policy is a peer of the driver signing policy, evaluated by the same kernel code at the same hook points. There is no service to stop because there is no service -- the evaluator runs in the kernel itself.

Device Guard

The umbrella brand Microsoft used in 2015-2017 for a bundle of hardware-rooted security features that included HVCI and Configurable Code Integrity. The brand was retired because customers consistently believed the bundle required hardware that, in fact, only HVCI required. The configurable CI policy that was the application-control half of Device Guard is what Microsoft now calls App Control for Business ^[2].

HVCI (Hypervisor-protected Code Integrity)

The configuration in which the kernel CI evaluator runs inside a Virtualization-Based Security (VBS) enclave at Virtual Trust Level 1 (VTL1), separated from the normal kernel at VTL0 by the Windows hypervisor. The marketing name in Windows 11 Settings is memory integrity ^[18] ^[19]. The companion HVCI article in this pipeline covers the mechanism in depth; for this article the relevant fact is that with HVCI on, even a kernel-mode attacker in VTL0 cannot tamper with the code-integrity decision.

The connecting insight that made the architecture work: do not fix AppLocker. Build a peer mechanism in ci.dll, the same component that already enforces driver signing, and make the new application-control policy a peer of the driver-signing policy. The decision lives in the kernel. The policy file lives on disk under %SystemRoot%\System32\CodeIntegrity\CiPolicies\Active\. There is no user-mode service to stop.

The three-era naming timeline is the question every practitioner asks first about this product, so it is worth laying out cleanly:

Era	Name	Released	Source
Launch	Configurable Code Integrity, under the Device Guard umbrella	Windows 10 1507, July 29 2015	^[2]
Rename 1	Windows Defender Application Control (WDAC)	Windows 10 1709 (Fall Creators Update GA October 17, 2017; WDAC rename announced October 23, 2017)	^[2]
Rename 2	App Control for Business	Windows 11 24H2 / Server 2025, autumn 2024 ^[20] ^[21]	^[1] ^[22]

Microsoft's October 2017 retrospective is the cleanest explanation of the first rename ^[2]: the Device Guard umbrella "unintentionally left an impression for many customers that the two features were inexorably linked and could not be deployed separately" -- which Configurable CI and HVCI never were. The rename to WDAC was brand management, not a technology change. The 2024 rename to App Control for Business ^[1] is similarly a rebrand; Microsoft Learn states "App Control for Business was originally released as part of Device Guard and called configurable code integrity. The terms 'Device Guard' and 'configurable code integrity' are no longer used with App Control except when deploying policies through Group Policy." The same kernel code path has worn three names in nine years.

The naming convention this article uses: lead with "App Control for Business (still widely called WDAC)" on first mention, then use the names interchangeably. The community search term "WDAC" stays in the title and tags because most practitioner content still uses it.

Ctrl + scroll to zoom

Diagram source

flowchart TD
Kernel["Kernel CI evaluator (ci.dll)
peer of driver signing / DSE / KMCS
unchanged 2015 -- 2026"]
Brand1["Configurable Code Integrity
under Device Guard umbrella
(Windows 10 1507, 2015)"]
Brand2["Windows Defender Application Control (WDAC)
(Windows 10 1709, 2017)"]
Brand3["App Control for Business
(Windows 11 24H2 / Server 2025, 2024)"]
Brand1 --> Kernel
Brand2 --> Kernel
Brand3 --> Kernel

Diagram source

flowchart TD
Kernel["Kernel CI evaluator (ci.dll)
peer of driver signing / DSE / KMCS
unchanged 2015 -- 2026"]
Brand1["Configurable Code Integrity
under Device Guard umbrella
(Windows 10 1507, 2015)"]
Brand2["Windows Defender Application Control (WDAC)
(Windows 10 1709, 2017)"]
Brand3["App Control for Business
(Windows 11 24H2 / Server 2025, 2024)"]
Brand1 --> Kernel
Brand2 --> Kernel
Brand3 --> Kernel

Three product-name eras sitting on top of a single unchanged kernel CI code path. The rename history is brand management, not a technology change.

A peer mechanism in the kernel CI component is a deliberate, specific architectural choice. What does App Control for Business actually check at policy-evaluation time, and what makes its policy itself tamper-resistant against a SYSTEM-equivalent attacker?

6. The Mechanism in Detail -- How App Control for Business Actually Enforces

A LoadImage callback enters the kernel. Where does the policy decision happen, who reads the policy file, and what stops the attacker from just deleting or replacing the policy file?

Where it runs. Inside ci.dll, loaded by the Windows kernel. The same component that enforces driver signing / DSE / KMCS ^[18]. The callback path is the documented kernel API surface: PsSetLoadImageNotifyRoutine ^[23] registers the image-load callback, and PsLookupProcessByProcessId ^[24] resolves the loading PID to an EPROCESS so the evaluator can attribute the load to the right process. A user-mode sc.exe stop has no effect because there is no service to stop. The evaluator is the kernel.

What it evaluates. For each candidate image, ci.dll checks:

The file's Authenticode signature -- signer subject, EKU (Extended Key Usage), leaf certificate attributes.
The file's signed metadata -- Original Filename, version, product name (analogous to AppLocker's Publisher rule).
SHA-1, SHA-256, and page hashes of the file content.
The file's path, introduced in Windows 10 1903, with a mandatory runtime user-writeability check that distinguishes App Control path rules from AppLocker's ^[25]. An App Control path rule that resolves to a directory writable by a non-administrator is rejected at evaluation time.
The file's Managed Installer lineage -- whether the file was written by a process tagged as a managed installer ^[26].
The file's ISG reputation -- covered in section 7 ^[27].

Code Integrity policy

The XML / binary .cip policy file that ci.dll consults at every image-load callback. Authored in XML via the New-CIPolicy and Merge-CIPolicy cmdlets (the ConfigCI PowerShell module) and compiled to a binary .cip via ConvertFrom-CIPolicy. The kernel reads the active policies from %SystemRoot%\System32\CodeIntegrity\CiPolicies\Active\*.cip at boot and on policy refresh.

Managed Installer

A trust-propagation feature in App Control. An administrator designates a process (typically a configuration-management agent such as Configuration Manager, Intune, or a third-party tool such as Patch My PC) as a managed installer. Any file written by that process is automatically tagged with an Extended Attribute marking it as installed by trusted infrastructure. App Control policy can then allow files bearing the tag. The Managed Installer rule collection is implemented as an AppLocker rule set ^[26], which is the most-cited example of AppLocker enforcement plumbing being reused by App Control rather than replaced.

Policy file format. XML in, binary in the kernel. The cmdlet sequence:

New-CIPolicy   -> Merge-CIPolicy -> ConvertFrom-CIPolicy -> .cip file -> drop into Active/ -> reboot or refresh

The PowerShell module that exposes these cmdlets is still partly named after the WDAC era. ConvertFrom-CIPolicy, Set-CIPolicySetting, Set-CIPolicyVersion, Add-SignerRule, and the rest all retain the CIPolicy / ConfigCI naming through the 2024 rebrand. Microsoft has not renamed the cmdlets to App Control for Business. The App Control Wizard ^[28] is an open-source MSIX-packaged C# tool that uses these same cmdlets under the hood.

Signed vs unsigned policies -- the load-bearing distinction. This is the single most common practitioner confusion in App Control deployments, and it is worth several paragraphs of care.

An unsigned App Control policy is fully supported and widely deployed. The policy XML is authored, compiled, and dropped into the active-policies directory. The kernel reads it and enforces it. But the policy file itself has no cryptographic binding to the device. Any process with write access to %SystemRoot%\System32\CodeIntegrity\CiPolicies\Active\ -- which includes anything running as SYSTEM or administrator -- can simply del the .cip file and reboot. Enforcement vanishes. The defect is not in ci.dll; it is in the policy not being signed.

A signed App Control policy is signed by the deploying organisation's code-signing certificate -- not by the application publisher's certificate, which is the misconception most often imported from the AppLocker mental model. The deploying organisation typically uses an internal PKI leaf, the signing private key kept on a hardware token or in a sealed key vault. When the policy is signed, the kernel CI evaluator validates the signature against the trusted signer set baked into the policy at first application; a subsequent attempt to remove or replace the .cip file is rejected at boot because the unsigned (or alternately-signed) replacement does not match. Even SYSTEM cannot bypass this without the corresponding private key. This is the only configuration that survives an admin-equivalent attacker.

App Control policies are signed by the deploying organisation's code-signing certificate, not by the application publisher's. The signed policy is bound to the device such that even SYSTEM cannot remove or replace it without the organisation's signing key.

Dimension	Unsigned policy	Signed policy
Tamper-resistance against `SYSTEM` / admin	None -- the `.cip` file can be deleted	Strong -- removal requires the signing key
Deployment complexity	Low -- copy file and reboot	High -- requires PKI, signing infra, key custody
Signing PKI requirement	None	Internal code-signing CA leaf required
Removal mechanism	`del *.cip` + reboot	Sign and deploy a replace policy with the same key
Suitable as MSRC security boundary	No	Yes (with HVCI on)

HVCI integration. When Virtualization-Based Security is on, the kernel CI evaluator itself runs in VTL1 inside HVCI (memory integrity, in Windows 11 Settings) ^[18] ^[19]. A kernel-mode attacker in VTL0 -- even one who has loaded an arbitrary kernel driver and corrupted kernel memory at will -- cannot tamper with the code-integrity evaluation path. The decision lives behind the hypervisor boundary.

VTL0 / VTL1

Virtual Trust Levels exposed by the Windows hypervisor. VTL0 is the normal Windows kernel and user mode. VTL1 is the secure kernel, an isolated execution environment with restricted memory access and a tighter trust model. With HVCI enabled, the code-integrity evaluator runs in VTL1; a kernel-mode attacker confined to VTL0 cannot read or write VTL1 memory directly. Companion HVCI article in this pipeline covers the VTL model in depth.

Ctrl + scroll to zoom

Diagram source

sequenceDiagram
participant P as Loading process
participant K as Kernel image loader
participant CI as ci.dll (CI evaluator)
participant Pol as Active .cip policies
P->>K: load module foo.dll
K->>CI: PsSetLoadImageNotifyRoutine callback
CI->>CI: parse Authenticode + compute hashes + check path
CI->>Pol: match against signer / hash / path / MI / ISG rules
Pol-->>CI: allow or deny
CI-->>K: honour verdict
K-->>P: image loaded or STATUS_INVALID_IMAGE_HASH

Diagram source

sequenceDiagram
participant P as Loading process
participant K as Kernel image loader
participant CI as ci.dll (CI evaluator)
participant Pol as Active .cip policies
P->>K: load module foo.dll
K->>CI: PsSetLoadImageNotifyRoutine callback
CI->>CI: parse Authenticode + compute hashes + check path
CI->>Pol: match against signer / hash / path / MI / ISG rules
Pol-->>CI: allow or deny
CI-->>K: honour verdict
K-->>P: image loaded or STATUS_INVALID_IMAGE_HASH

An image load under App Control. The decision lives in the kernel; no user-mode service participates in the verdict.

Ctrl + scroll to zoom

Diagram source

flowchart LR
subgraph VTL0["VTL0 -- normal Windows kernel"]
K0["NTOS kernel"]
Drv["Loaded drivers"]
Att["kernel-mode attacker"]
end
subgraph VTL1["VTL1 -- secure kernel"]
SK["Secure kernel"]
CIeval["ci.dll evaluator"]
end
Hyper["Windows Hypervisor (VBS)"]
K0 -- regulated calls --> Hyper
Hyper -- mediated entry --> SK
SK --> CIeval
Att -. blocked .- Hyper

Diagram source

flowchart LR
subgraph VTL0["VTL0 -- normal Windows kernel"]
K0["NTOS kernel"]
Drv["Loaded drivers"]
Att["kernel-mode attacker"]
end
subgraph VTL1["VTL1 -- secure kernel"]
SK["Secure kernel"]
CIeval["ci.dll evaluator"]
end
Hyper["Windows Hypervisor (VBS)"]
K0 -- regulated calls --> Hyper
Hyper -- mediated entry --> SK
SK --> CIeval
Att -. blocked .- Hyper

VTL0 / VTL1 split under HVCI. The CI evaluator runs in VTL1; a kernel-mode attacker in VTL0 cannot reach into VTL1 to tamper with the verdict.

Multi-policy support. From Windows 10 1903 (May 2019) the kernel supported up to 32 active App Control policies whose interactions follow two distinct rules: multiple base policies intersect (an app must be allowed by every base policy that applies), while a base policy and its supplemental policies union (an app is allowed if any of them allow it), and deny rules always win in either combination. The cap was lifted by the April 9, 2024 cumulative security updates: KB5036893 for Windows 11 22H2 and 23H2 (OS Builds 22621.3447 and 22631.3447) ^[29], and KB5036892 for Windows 10 21H2 and 22H2 (OS Builds 19044.4291 and 19045.4291) ^[30]. Microsoft's Deploy multiple App Control for Business policies page is explicit on the version scope ^[31]: "The policy limit was not removed on Windows 11 21H2 and will remain limited to 32 policies." No published Microsoft documentation gives the new ceiling on the platforms where the cap was lifted; the practical limit is policy parsing time at boot.

Kernel evaluator, signed policy, HVCI-isolated evaluator, multi-policy merge. That is the security boundary Microsoft sells. But none of those facts tells you what signals the policy can act on -- and one of those signals (ISG) is the single most misunderstood piece of the App Control vocabulary.

7. ISG -- The Reputation Signal Everyone Calls a List

Open any practitioner thread about App Control in 2024-2026 and you will see the phrase "the ISG list of trusted apps." There is no such list. Microsoft has said so for years. The misconception is institutional.

The verbatim Microsoft Learn quote, from the Use App Control with the Intelligent Security Graph page ^[27]:

The ISG isn't a "list" of apps. Rather, it uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having "known good," "known bad," or "unknown" reputation. This cloud-based AI is based on trillions of signals collected from Windows endpoints and other data sources, and processed every 24 hours.

"The ISG isn't a 'list' of apps." -- Microsoft Learn, Use App Control with the Intelligent Security Graph ^[27]

ISG is a reputation classifier. An App Control policy can be configured to treat ISG's "known good" verdict as an additive allow signal. ISG never blocks on App Control's behalf. The Microsoft Learn page is precise: "the ISG option only allows binaries that are known good. If a binary is unknown or known bad, it won't be allowed by the ISG" ^[27]. The classifier sits underneath the policy's explicit rules; it does not override them.

Intelligent Security Graph (ISG)

A Microsoft cloud service that ingests telemetry from Defender SmartScreen, Defender Antivirus, and partner products and produces a reputation classification for individual binaries. The classifier returns one of known good, known bad, or unknown. App Control can be configured to treat known good as an additional allow path, in addition to the explicit signer / hash / path / Managed Installer rules in the policy. ISG never blocks on its own; unknown and known bad simply mean ISG does not vote allow ^[27].

The mechanism. When ISG is enabled and a binary is classified known good, Windows tags the file with an Extended Attribute named \$KERNEL.SMARTLOCKER.ORIGINCLAIM, so the CI evaluator can honour the verdict at subsequent image loads without a fresh cloud call. The cloud reputation model itself is processed every 24 hours ^[27]; App Control's client-side requeries are documented only as periodic, without a fixed interval. The policy option Enabled:Invalidate EAs on Reboot discards the tags across reboot, forcing a re-evaluation.

The extended attribute \$KERNEL.SMARTLOCKER.ORIGINCLAIM is the same EA-tag mechanism the Managed Installer feature uses to propagate the "installed by trusted infrastructure" signal ^[26]. Two adjacent App Control features therefore share the same persistence layer -- one populated by a local trusted-process designation, the other populated by a cloud reputation classifier. The kernel evaluator does not care which source wrote the tag.

The misconception this section closes is that ISG is a list of curated allowed apps -- a corporate-managed allowlist administered by Microsoft. It is not. The original 00-input.md for this article framed ISG as "cloud-reputation-driven allow-listing", which is half-true in spirit and wrong in mechanism. ISG is reputation. The allowlist is what the App Control policy still has to author explicitly.

ISG turns an App Control policy into a hybrid: explicit rules plus a reputation tap. But it is still an allowlist, and an allowlist has a structural ceiling. Microsoft itself published the consequence as a block list. Why?

8. The Bypass Reality -- Recommended Block Rules and the LOLBin Corpus

Microsoft's own Microsoft Learn page lists approximately forty Microsoft-signed binaries that can bypass an App Control allow rule on themselves. The page is called Applications that can bypass App Control and how to block them ^[32]. Why does Microsoft publish a list of its own bypassable signed binaries?

Because if your App Control policy says "allow Microsoft-signed code", then it admits each of those forty binaries -- and each one is a way to run attacker-supplied code while complying with the policy. The publisher gate cannot evaluate side effects.

LOLBin (Living Off The Land Binary)

A binary already present on the operating system, typically signed by the OS vendor, that an attacker can repurpose to perform actions a security control would otherwise block. The canonical Windows LOLBin classes are script interpreters bundled with the OS or runtime (mshta.exe, wscript.exe), build tools that compile and execute attacker-supplied source (msbuild.exe, csi.exe, dotnet.exe), debuggers that script their own target (cdb.exe, windbg.exe), and registration utilities that load arbitrary DLLs into a signed host (regsvr32.exe, rundll32.exe). The community-curated LOLBAS Project ^[33] catalogues hundreds.

The named-researcher chain that drove the Recommended Block Rules is a who-is-who of mid-2010s Windows offensive research:

cdb.exe -- Matt Graeber, August 2016, preserved in the Wayback Machine ^[34]. The Windows debugger ships signed by Microsoft and includes a scripting facility that runs arbitrary shellcode in memory. Graeber's blog post asked, in his own words, "what is a tool that's signed by Microsoft that will execute code, preferably in memory?" and answered "WinDbg/CDB of course!"
csi.exe -- Casey Smith, September 2016, preserved in the Wayback Machine ^[35]. The C# interactive compiler, distributed with Visual Studio, is signed by Microsoft and runs arbitrary C# fragments via Assembly.Load().
dnx.exe -- Matt Nelson, November 2016 ^[36]. The early .NET Core host that loads and executes arbitrary .NET assemblies under a signed Microsoft binary.
addinprocess.exe / addinprocess32.exe -- James Forshaw, July 2017 ^[37]. The Visual Studio add-in host that can be coerced into loading an attacker DLL while the parent process satisfies the signed-publisher policy.
dotnet.exe -- Jimmy Bayne, August 2019 ^[38]. The shipping .NET host with the same fundamental capability as dnx.exe but with a 2019-vintage attack surface and a live PoC against both AppLocker and WDAC.

The operational entries practitioners encounter most often are msbuild.exe (the C# / MSBuild compiler that can execute inline build tasks), mshta.exe (the HTML application host), wmic.exe (which can load XSL stylesheets that execute arbitrary script), wscript.exe (Windows Script Host), and bash.exe / wsl.exe (the WSL launchers, which provide an entirely separate execution environment outside the policy's reach).

Binary	Capability that enables the bypass	Original researcher	Source
`cdb.exe`	Debugger scripting facility executes shellcode in memory	Matt Graeber, Aug 2016	^[34]
`csi.exe`	C# interactive compiler, `Assembly.Load()` over arbitrary C#	Casey Smith, Sep 2016	^[35]
`dnx.exe`	Early .NET Core host, loads arbitrary assemblies	Matt Nelson, Nov 2016	^[36]
`addinprocess.exe`	Visual Studio add-in host loads attacker DLL	James Forshaw, Jul 2017	^[37]
`dotnet.exe`	Modern .NET host, AWL bypass via assembly loading	Jimmy Bayne, Aug 2019	^[38]
`msbuild.exe`	Inline `Task` in build XML compiles and runs C# at build time	community	^[32]
`mshta.exe`	HTA host evaluates VBScript / JScript	community	^[32]
`wmic.exe`	XSL stylesheet evaluation runs arbitrary script	community	^[32]
`bash.exe` / `wsl.exe`	Launches WSL kernel, an environment outside App Control	community	^[32]

The structural limit being demonstrated. A publisher-gate allowlist cannot evaluate what a signed binary will do after it starts. If the policy allows Microsoft-signed code, it has no way to know that msbuild.exe will compile and execute attacker-supplied C# at runtime. The same kind of structural ceiling that applied to AppLocker's user-mode evaluator applies to App Control's publisher gate. Different mechanism, different layer; same kind of structural ceiling.

Ctrl + scroll to zoom

Diagram source

flowchart LR
A["Signed binary loads"] --> B["Policy admits publisher"]
B --> C["Binary starts"]
C --> D["Binary reads attacker-controlled input"]
D --> E["Attacker-controlled code runs"]
note["No policy-time check can prevent this"]
E -. observed by .- note

Diagram source

flowchart LR
A["Signed binary loads"] --> B["Policy admits publisher"]
B --> C["Binary starts"]
C --> D["Binary reads attacker-controlled input"]
D --> E["Attacker-controlled code runs"]
note["No policy-time check can prevent this"]
E -. observed by .- note

The publisher-gate structural limit. The allow decision happens before the binary starts; the side effects happen after. No policy-time check spans both moments.

The community corpus. Jimmy Bayne's bohops/UltimateWDACBypassList ^[16] preserves per-binary attribution to Forshaw, Smith, Nelson, Graeber, Moe, and others. Pair with the LOLBAS Project ^[33] as the cross-platform LOLBin catalogue and you have the empirical record the Recommended Block Rules canonicalise.

Microsoft's response was institutional, not architectural. Publish the inverse list and update it continuously. The Microsoft Recommended Block Rules policy is the canonical mitigation ^[32]. Snapshots of the page through 2019, 2020, 2022, and 2023 show a monotonically growing enumeration: a handful of entries at first, around forty by 2026, with each addition traceable to a named-researcher write-up. Matt Graeber's original 2016 cdb.exe write-up URL www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html now serves an unrelated 2011 NTFS-ADS post (also by Graeber, but pre-cdb-era). The verbatim August 2016 LOLBin post is preserved in the Wayback Machine ^[34]. The attribution is independently triangulated by the Microsoft Recommended Block Rules page itself ("Microsoft recognizes ... Matt Graeber") ^[32] and by bohops/UltimateWDACBypassList ^[16].

The article must state plainly: "App Control with the Recommended Block Rules" and "App Control without them" are not the same product. The block list is load-bearing.

"DO NOT consider any application whitelisting solution to be secure against a bored member of staff." -- James Forshaw, DG on Windows 10 S ^[37]

Operational cost is non-zero. The webclnt.dll block in the Recommended Block Rules has a documented practitioner side effect. Peter Upfold's July 2024 write-up ^[39] documents a 5-15 second Word "not responding" hang on OneDrive / SharePoint saves caused specifically by that block, on machines with App Control for Business enforcing the Microsoft Recommended Block Rules. The mitigation has a cost. Honest deployment means measuring the cost against the threat it addresses.

Peter Upfold reported in July 2024 ^[39] that "users were experiencing a 5-15 second delay when saving a document to OneDrive or SharePoint, during which Word would show as 'not responding.' All machines in question use App Control for Business (WDAC)." The cause was the webclnt.dll entry in the Microsoft Recommended Block Rules, which blocks the WebDAV redirector. WebDAV is the underlying transport Office uses for some OneDrive / SharePoint save paths. The block exists because webclnt.dll has historically been used by attackers to coerce NTLM authentication to attacker-controlled UNC paths; the side effect is a Word hang on legitimate saves. This is the texture of "App Control with the Recommended Block Rules": not theoretical, not free.

Tie back to the thesis. The bypass corpus does not undermine App Control's security-boundary status. It underlines that without the Recommended Block Rules, an App Control "allow all Microsoft-signed code" policy is not a coherent security policy. The boundary holds because Microsoft and the community continuously update the inverse list.

If both AppLocker and App Control have structural ceilings, and Microsoft maintains them both, the question is not "which one is correct?" It is: what is Microsoft's third application-control product, who is it for, and how does it relate to the first two? That is Smart App Control.

9. Smart App Control -- The Adjacent Consumer Application

Windows 11 22H2 ships on September 20, 2022 ^[40] ^[20]. Microsoft introduces Smart App Control (SAC) for consumer Windows. It runs on the same kernel CI machinery as App Control for Business ^[41]. It is not App Control for Business. Why is it a distinct product?

The mechanism. SAC uses the same ci.dll evaluator as App Control for Business. Its decision source is ISG, with a fallback to "valid signature from a Trusted Root CA" when ISG has no verdict ^[41]. The enforcement is gated on by default on a clean install of Windows 11 22H2 or later.

The product is categorically different.

Unmanaged: no admin policy, no GPO, no Intune authoring surface.
All-or-nothing: there is no per-app rule list. Either SAC is on for the device, or it is off.
Auto-disables silently: when the device's telemetry suggests SAC would be disruptive, it can disable itself without prompting the user ^[41].
Enterprise-managed devices keep it off: SAC stays off if "your device is enterprise-managed or developer-mode has been configured" ^[42].

Smart App Control

A consumer-grade Windows 11 application-control feature that uses the same kernel CI evaluator as App Control for Business but provides no policy authoring surface. SAC consults the Intelligent Security Graph for reputation and a Trusted Root CA signature fallback for unknown binaries. SAC is binary: on (enforcing for the device) or off. It is enabled by default on clean installs of Windows 11 22H2 and later for unmanaged consumer devices ^[41] ^[42].

The 2026 update most older write-ups still get wrong. SAC can be re-enabled without a clean install on current Windows versions. The Microsoft Support FAQ ^[42] states: "Recent Windows updates allow Smart App Control to be enabled within the Windows Security App without requiring a clean installation" and "Recent Windows updates allow Smart App Control to be re-enabled without requiring a clean installation." If you read a blog post that claims SAC requires a Windows 11 reinstall to enable, that post pre-dates these updates. The current SAC state-machine vocabulary is evaluation mode (not audit mode) ^[41].

The Microsoft documentation about SAC is itself inconsistent on this point. The Smart App Control overview developer page still says SAC "can only be enabled on a clean install of a version of Windows that contains the Smart App Control feature" and lists "A clean Windows install" as a SAC requirement ^[41], while the Microsoft Support FAQ ^[42] documents the in-place re-enable surface. The FAQ is the more current source and is the one Microsoft updates when servicing changes the behaviour; the developer overview page lags. Practitioners reading the two pages back-to-back should treat the FAQ as authoritative for current Windows.

Why SAC is not "WDAC for consumers": the enforcement engine is approximately the same, but the product is categorically different. Unmanaged, all-or-nothing, ISG-gated, silently auto-disables. The kernel is the same; the management story is the inverse. The FAQ in section 15 flags this misconception explicitly.

Three products now sit in the inventory: AppLocker, App Control for Business, Smart App Control. The practitioner question is no longer "which one is best?" It is "which one fits which deployment?" That is the job of the next section.

10. Side-by-Side Comparison -- The Practitioner Matrix

Most comparisons of AppLocker and App Control are organised by feature inventory. That answers the wrong question. Organise the comparison by what the security practitioner actually needs to decide, and the line between the two becomes obvious.

Practitioner-decision dimension	AppLocker	App Control for Business
MSRC servicing-criteria classification	Defense-in-depth (not a security feature) ^[1]	Security feature when signed policy and HVCI ^[1]
Enforcement locus	User-mode `AppIDSvc` + kernel `AppID.sys` minifilter ^[13]	Kernel `ci.dll` (HVCI: VTL1) ^[18]
Survives `SYSTEM`-equivalent attacker	No -- `sc stop AppIDSvc` ends enforcement	Yes, when policy is signed and HVCI is on
Per-user / per-group rules	Yes ^[12]	No (whole-device) ^[12]
Driver coverage	No (drivers go through KMCS / DSE)	Yes -- App Control policy can govern drivers as a peer of KMCS
`.bat` / `.cmd` script enforcement	Yes ^[11]	No -- script enforcement is host-cooperative and `cmd.exe` is not enlightened ^[43] ^[12]
Signing infrastructure required	None	Internal code-signing PKI required for signed policy (the security-boundary configuration)
Reboot required to apply policy changes	No (immediate take-effect through AppIDSvc)	Yes for signed policies (because the trusted-signer set is sealed at boot)
GPO deployment	Mature dedicated UI	Single-policy XML through Administrative Templates -> System -> Device Guard
MDM / Intune deployment	AppLocker CSP (in maintenance) ^[44]	ApplicationControl CSP (multi-policy, where new feature work lands) ^[44] ^[45]
Active feature development	None -- "isn't getting new feature improvements" ^[1]	Yes -- multi-policy cap removed April 2024 ^[31], Server 2025 OSConfig integration ^[46]
Canonical bypass corpus	Oddvar Moe `UltimateAppLockerByPassList` ^[15]	Jimmy Bayne `bohops/UltimateWDACBypassList` ^[16]; Microsoft Recommended Block Rules ^[32]

The table does not say "AppLocker bad, App Control good." It says the two are non-substitutable. AppLocker gives you per-user policy on devices that do not have a code-signing PKI. App Control gives you a real security boundary on devices that do.

Every "App Control = Yes" row in the security-boundary direction is gated on the policy being signed and HVCI being on. Every "AppLocker = Yes" row in the per-user direction comes with the user-mode-service ceiling. The article repeats these gating conditions in the prose so the reader does not over-read the table.

Ctrl + scroll to zoom

Diagram source

flowchart TB
subgraph Quad["Threat-model fit"]
AL["AppLocker
per-user yes, admin-resistant no
(operational hygiene)"]
AC["App Control for Business
per-user no, admin-resistant yes
(security boundary, when signed and HVCI)"]
SAC["Smart App Control
per-user no, admin-resistant partial
(consumer, unmanaged)"]
None["No allowlist
per-user no, admin-resistant no
(default Windows)"]
end

Diagram source

flowchart TB
subgraph Quad["Threat-model fit"]
AL["AppLocker
per-user yes, admin-resistant no
(operational hygiene)"]
AC["App Control for Business
per-user no, admin-resistant yes
(security boundary, when signed and HVCI)"]
SAC["Smart App Control
per-user no, admin-resistant partial
(consumer, unmanaged)"]
None["No allowlist
per-user no, admin-resistant no
(default Windows)"]
end

Threat-model fit. Per-user requirement on the horizontal axis, admin-resistant requirement on the vertical. The three products land in different quadrants.

AppLocker and App Control for Business are non-substitutable. The line between them is not new vs old; it is per-user without PKI vs security boundary with PKI. A deployment that needs both -- per-user policy on some collections and a real security boundary on others -- runs both side by side, which is exactly the configuration Windows 11 24H2 supports.

The table makes the what explicit. The why both still ship is still left implicit. The next section makes the case explicit, including the load-bearing negative citation that AppLocker is not on Microsoft's deprecated-features page as of February 2026.

11. Why Both Still Ship -- and Why "AppLocker Is Deprecated" Is Folklore

A line that has circulated in community summaries since 2023: "AppLocker is being sunsetted, migrate to WDAC." Is that line true?

The load-bearing negative citation. As of the February 2, 2026 update of Microsoft Learn's Deprecated features in the Windows client page ^[47], AppLocker is not on the list. The page enumerates features Microsoft has formally deprecated -- WMIC, PowerShell 2.0, NTLM, DirectAccess, Maps, EdgeHTML, Paint 3D, the LPR/LPD print services, the UWP Map control. AppLocker is not among them.

What Microsoft does say, taken verbatim from the App Control and AppLocker Overview page ^[1]:

As established in §4, Microsoft's own servicing-criteria language disqualifies AppLocker as a security feature ^[1]; the load-bearing point for this section is the second half of the same page.
"Although AppLocker continues to receive security fixes, it isn't getting new feature improvements."

"Although AppLocker continues to receive security fixes, it isn't getting new feature improvements." -- Microsoft Learn, App Control and AppLocker Overview ^[1]

The October 8, 2024 cumulative update KB5044288 (OS Build 25398.1189, Windows Server, version 23H2) confirms the "continues to receive security fixes" claim with a concrete servicing fix ^[48]: the release notes specifically include "[AppLocker] Fixed: The rule collection enforcement mode is not overwritten when rules merge with a collection that has no rules. This occurs when the enforcement mode is set to 'Not Configured.'" The fix shipped on the Server SKU first; the AppLocker code path is shared, so the fix appears on the client SKUs through their parallel monthly servicing. AppLocker is in maintenance mode, not deprecation.

Five reasons AppLocker still ships in 2026.

Reason	Practitioner consequence	Source
Per-user rules	App Control is whole-device. Multi-user terminal-server, Citrix VDI, and education labs need per-user policy.	^[12]
No signing infrastructure required	App Control's tamper-resistance story requires an internal code-signing PKI; AppLocker requires none.	^[1]
GPO ergonomics	AppLocker has a mature dedicated GPO UI; App Control GPO deployment is single-policy format only (multi-policy requires the `ApplicationControl` CSP).	^[44]
Installed base	Existing AppLocker deployments work; ripping them out for a different security model has migration cost without a forced trigger.	^[1]
Threat-model fit	Some organisations only need to keep end users from running random downloads -- the operational hygiene threat model. AppLocker fits that model and admits its scope.	^[1]

The first reason is the load-bearing one. The kernel ci.dll evaluator does not consult per-user token context as a policy input; the App Control policy is whole-device by design. Until that changes, any environment whose risk model depends on different rule sets for different user identities -- terminal servers, RDS hosts, Citrix VDI, education labs, kiosks shared by multiple users -- has to keep AppLocker even if every other dimension would point toward App Control.

The community-folklore correction. The "AppLocker is deprecated" line is not Microsoft's position. The Microsoft position is the comparative one in App Control and AppLocker Overview: App Control is the recommended security feature; AppLocker is the supported parallel option for the scenarios above. The strongest defensible characterisation of AppLocker's roadmap is "feature complete, not actively developed, continues to receive security fixes" -- not "deprecated." Microsoft's Deprecated features in the Windows client page reinforces this in an unexpected direction ^[47]: when the page deprecated Microsoft Defender Application Guard for Office, it recommended transitioning to "Microsoft Defender for Endpoint attack surface reduction rules along with Protected View and Windows Defender Application Control" -- a Microsoft-curated recommendation that names App Control as the forward-looking layer, not the legacy one. The KB5044288 October 2024 fix ^[48] is the concrete proof-point that the "security fixes" claim is observable. It addresses a specific AppLocker rule-merge bug. A genuinely deprecated feature does not get bug fixes shipped on Patch Tuesday two years after rename.

If both still ship, the natural next question is not which one to use today but where the ceiling for any allowlist mechanism is. That ceiling is structural, it is the same for AppLocker, App Control, and SAC, and the research community has named it.

12. Theoretical Limits -- What No Allowlist Can Do

The publisher-gate structural limit shown in section 8 was specific to App Control. Here is the more general version of the same observation: application control cannot evaluate side effects. The same ceiling applies to AppLocker, App Control, SAC, ISG, every Microsoft Recommended Block Rules iteration, and every third-party product in the same market.

The structural claim is folklore-level but universally observed; no published impossibility theorem yet states it formally. The closest standard result is Rice's theorem: any non-trivial behavioural property of a Turing-complete program is undecidable in the general case. A publisher-gate allowlist asks a behavioural question -- "will this binary do something that violates policy?" -- and answers it with a structural fact -- "who signed it?" The mismatch is not a defect of any individual allowlist product; it is a working bound the field treats as a corollary of Rice. The policy evaluator runs before the binary starts. It knows what the binary is -- the signer subject, the file hash, the path on disk, the Authenticode metadata. It does not know what the binary will do. If msbuild.exe is signed by Microsoft and the policy allows Microsoft-signed binaries, the policy has no way to know that msbuild.exe will then read an attacker-controlled .csproj file containing an inline <Task> element and compile and execute the attached C# at runtime.

This is the structural reason Microsoft publishes the Recommended Block Rules ^[32]. It is also the structural reason "allow all Microsoft-signed code" is not a security policy -- it is a starting point.

As established in §4 and §8, the bound is observed from both sides of the asymmetric arms race. External offensive research arrives at the "bored member of staff" framing in the Windows 10 S analysis ^[37]; the Microsoft-employed authors of the canonical deployment baseline arrive at the "determined user with administrative rights" framing in the AaronLocker README ^[14]. Two independent perspectives, the same ceiling stated in their own vocabularies. §12's contribution is not to re-quote either; it is to name the structural reason both arrive at the same place.

The publisher-gate ceiling is not an artefact of AppLocker's user-mode design or App Control's kernel-but-publisher design. The ceiling is a property of the allowlist model whose allow signal is "this code is from a publisher I trust" instead of "this code's runtime behaviour matches a trusted policy." Closing the ceiling would require policy-time content semantics, which no Microsoft-shipped mechanism provides today.

If the ceiling is structural, what is the research community actively trying that might push it upward? Microsoft is not the only player; the field has named open problems.

13. Open Problems and Active Research

Seven open problems the field has named but not closed. The most honest framing is: each one has a Microsoft partial-mitigation, none has a clean solution. Each is treated below with the problem statement, the empirical or architectural evidence, the current Microsoft (and where relevant, regulatory) mitigation, and the residual gap.

1. Continuous catch-up against new Microsoft-signed LOLBins. Every new signed binary that takes a "run code from this file" argument is a candidate addition to the Recommended Block Rules ^[32]. The list is by construction monotonic and never complete. The empirical evidence is the lag between a LOLBin's public disclosure and its appearance on the Microsoft page, observable in Wayback Machine snapshots of the page. Three case studies bracket the lag range. Matt Graeber's August 2016 cdb.exe shellcode-runner write-up ^[34] appears on the recommended-block-rules page in the months that followed. Jimmy Bayne's August 2019 dotnet.exe write-up ^[38] appears in a batch of additions roughly a year later. Peter Upfold's mid-2024 webclnt.dll-via-Word issue ^[39] was a hang, not a LOLBin, but the WebDAV / WebClient surface had appeared in the page revisions of the prior couple of years. The case studies suggest a working practitioner bound: lags between a public LOLBin disclosure and a corresponding entry on the Microsoft Recommended Block Rules page range from several months to over a year, with longer tails for less load-bearing additions. A practitioner planning App Control deployments should not wait for the Microsoft page to catch up; merge community lists (LOLBAS ^[33], bohops/UltimateWDACBypassList ^[16]) into your own enforcement explicitly. The open research question is whether a binary's capability surface -- does it load arbitrary code? does it invoke a script host? -- can be inferred at scale, so the block list is generated rather than curated. Static analysis identifies some signals (a binary that imports LoadLibrary and GetProcAddress is at minimum suspect), but no Microsoft-shipped tool does this automatically across the signed-binary surface.

2. Signed-but-vulnerable drivers (BYOVD). WHQL-signed drivers with kernel-mode vulnerabilities remain App Control's hardest residual class. Microsoft layers three distinct mitigations against this class, each at a different point in the load path. Load-time: the Vulnerable Driver Blocklist ^[49] is a policy fragment enforced by ci.dll at every driver-load callback; the page itself admits the constraint plainly with "the vulnerable driver blocklist isn't guaranteed to block every driver found to have vulnerabilities." Write-time: the Defender for Endpoint Attack Surface Reduction rule "Block abuse of exploited vulnerable signed drivers" ^[50] intercepts an attempt to write a known-bad signed driver to disk, blocking the deployment step rather than the load step. Post-load: HVCI (memory integrity) ^[18] ^[19] running in VTL1 ensures that a driver that does load -- whether through a gap in the blocklist or because the device is not enrolled in ASR -- cannot grant attacker-controlled code write access to kernel memory or unsigned execution capability. The three layers compose: ASR is the perimeter, the blocklist is the gate, HVCI is the post-load containment.

Ctrl + scroll to zoom

Diagram source

flowchart TD
Attacker["Attacker with admin
brings vulnerable signed driver"]
L1["Write-time ASR rule
Block abuse of exploited
vulnerable signed drivers"]
L2["Load-time Vulnerable
Driver Blocklist
(ci.dll, kernel)"]
L3["Post-load HVCI
(VTL1, secure kernel)"]
Bypass["Residual: driver not on
blocklist + ASR disabled
+ HVCI off or vulnerability
HVCI does not contain"]
Attacker --> L1
L1 -- if not blocked --> L2
L2 -- if not blocked --> L3
L3 -- if not contained --> Bypass

Diagram source

flowchart TD
Attacker["Attacker with admin
brings vulnerable signed driver"]
L1["Write-time ASR rule
Block abuse of exploited
vulnerable signed drivers"]
L2["Load-time Vulnerable
Driver Blocklist
(ci.dll, kernel)"]
L3["Post-load HVCI
(VTL1, secure kernel)"]
Bypass["Residual: driver not on
blocklist + ASR disabled
+ HVCI off or vulnerability
HVCI does not contain"]
Attacker --> L1
L1 -- if not blocked --> L2
L2 -- if not blocked --> L3
L3 -- if not contained --> Bypass

The three-layer BYOVD mitigation. Write-time ASR rule blocks the driver landing on disk; load-time Vulnerable Driver Blocklist blocks the load; post-load HVCI in VTL1 contains a driver that does load. Residual risk: an attacker with admin who can disable ASR, evade the blocklist, and target a vulnerability that HVCI does not contain.

The Microsoft-recommended driver blocklist is published in two physical forms. The version baked into Windows ships through monthly Windows Update servicing. A separately downloadable XML at aka.ms/VulnerableDriverBlockList is updated on its own cadence and is usually more complete than the version in-box on a given Patch Tuesday. The companion Driver Signing article in this pipeline covers KMCS, DSE, and the BYOVD class in depth; this section's BYOVD treatment is intentionally scoped to App Control's layered-mitigation role.

3. Cloud-evaluated allow decisions (ISG, SAC). The decision authority for "is this binary allowed?" is moving off-device to Microsoft's reputation services. Latency, offline-mode behaviour, and policy-transparency consequences are open practitioner concerns. Known good reputation can lag for newly-signed binaries; unknown defaults can disrupt legitimate workflows; the verdict itself is opaque to the organisation deploying the policy. The mechanism is documented ^[27]; the operational implications continue to be discovered in production. The regulatory framing is the sharpest published constraint: the Australian Cyber Security Centre's Implementing application control page ^[51] is unambiguous that cloud-reputation-driven decisioning, by itself, does not qualify as application control under the Essential Eight maturity model.

The ACSC lists "checking the reputation of an application using a cloud-based service before it is executed" among the practices under the heading "What application control is not." -- Australian Cyber Security Centre, Implementing application control ^[51]

NIST SP 800-167 ^[52] uses gentler language but arrives at the same operational conclusion: cloud-evaluated reputation is an additive signal, not an authoritative one. The practitioner consequence: an App Control policy that relies on ISG for its allow decisions in a regulated cardholder, classified, or critical-infrastructure environment will be flagged by both regimes. ISG and SAC remain useful additive signals; they do not substitute for an explicit allow policy authored and signed on-premises.

4. AI-assisted policy generation. AaronLocker ^[14] ^[25] is the canonical example of a heuristic generator -- it builds "audit" and "enforce" rule sets from observed telemetry, with explicit user-writeability pruning via Sysinternals AccessChk ^[53]. ML-assisted variants are an active third-party space. The article is honest about not inventing specific Microsoft features that do not exist; the "ITL" fabrication is the failure mode this avoids. The honest 2026 status of generative policy authoring inside Microsoft's own tooling is that Microsoft has shipped a Security-Copilot-powered Policy Configuration Agent for Intune, scoped to the settings catalog (device-configuration profiles), with no App-Control-specific surface.

Intune Policy Configuration Agent does not author App Control policies

The Security-Copilot-powered Policy Configuration Agent in Microsoft Intune ^[54] ^[55] assists administrators with settings catalog policies. The agent's role requirement is the Intune Policy and Profile manager RBAC role; the surface it operates on is device-configuration profiles, not App Control XML. The Intune Copilot agent overview ^[56] confirms the inventory of shipped agents and does not include an App-Control-authoring agent. The article does not assert that Microsoft has shipped end-to-end generative App Control policy authoring because, as of June 2026, Microsoft has not. The closest production workflow is the audit-mode-then-merge loop in ConfigCI, and the closest automatic allow-listing signal is Intune-Management-Extension-as-managed-installer.

5. Per-user without losing the kernel boundary. App Control is whole-device; this is section 11's reason number one for why AppLocker still ships. No public Microsoft roadmap addresses per-user rules in App Control. Closing this would let App Control fully replace AppLocker in VDI / Citrix / terminal-server scenarios. The kernel evaluator has no per-user-token context by design, and adding it without compromising the boundary's tamper-resistance is a non-trivial design problem: per-user policy would have to be authored, signed, and refreshed at logon time without admitting an attacker who can forge a token into authoring their own per-user allow rule.

6. .bat / .cmd script enforcement. AppLocker's Script collection covers them ^[11]; App Control's script enforcement is host-cooperative ^[43] and cmd.exe is not an enlightened host. This is a documented gap ^[12] that has persisted since launch. Microsoft Learn is unusually direct about what the limitation actually means and what the recommended mitigation is.

"App Control doesn't directly control code run via the Windows Command Processor (cmd.exe), including .bat/.cmd script files. However, anything that such a batch script tries to run is subject to App Control control. If you don't need to run cmd.exe, it's recommended to block it outright or allow it only by exception based on the calling process." -- Microsoft Learn, Script enforcement with App Control ^[43]

The architectural fix would require either cmd.exe enlightenment (a substantial change to a binary with three decades of behavioural compatibility) or a kernel-side script-execution hook that does not exist today. Until then, the recommended mitigation is the one Microsoft itself names: deny cmd.exe by default in the App Control policy and allow it by exception based on the calling process, or rely on AppLocker's Script collection on the same device in parallel for the .bat / .cmd workload.

7. AppLocker's end state. It is not deprecated ^[47]; it is not actively developed ^[1]; it continues to receive security fixes ^[48]; and Microsoft Learn explicitly recommends the App Control / AppLocker pair as the substitute path for the now-deprecated Microsoft Defender Application Guard for Office ^[47]. The article should not speculate about a deprecation date Microsoft has not announced. The open question is operational: when, if ever, will the practitioner reasons in section 11 (per-user, no-PKI, GPO ergonomics, installed base, threat-model fit) be obsolete? Until App Control gains per-user rules, the answer is not soon. The lifecycle-quantification evidence is unambiguous on the direction of travel: the negative citation on the deprecated-features page, the comparative-recommendation positive characterisation in App Control and AppLocker Overview, the KB5044288 Patch Tuesday servicing fix, and the AppLocker recommended as MDAG-substitution finding from the deprecated-features page itself all point the same way.

The structural ceiling is real and the research direction is open. Within the bounds that exist today, what should a 2026 practitioner actually do? That is a decision tree, not an essay.

14. The Practitioner Decision Tree -- Picking and Deploying in 2026

Five questions, in order. Answer them and you have a deployment plan.

1. Do you need per-user rules and you do not have a code-signing PKI? -> Deploy AppLocker. Use AaronLocker ^[14] ^[25] as the deployment-tooling baseline. AaronLocker's Create-Policies.ps1 runs Sysinternals AccessChk ^[53] against %ProgramFiles% and %SystemRoot% to identify user-writable subdirectories and produce a thorough audit policy you tune from telemetry before flipping enforcement on.

2. Do you need a real security boundary against admin-equivalent attackers? -> Deploy App Control for Business with a signed policy (signed by your organisation's PKI, not by the publisher of any individual application) and HVCI on. Anything less and you do not have the configuration the MSRC servicing criteria treat as a security boundary.

3. Do you have a managed software distribution mechanism (Configuration Manager, Intune, Patch My PC, third-party tooling)? -> App Control for Business with Managed Installer enabled ^[26] ^[45]. Tagging the deployment agent as a managed installer trust-propagates that agent's installs into the policy without requiring you to enumerate every binary it deploys.

4. Do you have a long tail of unmanaged user apps you cannot enumerate? -> App Control for Business with ISG enabled ^[27]. But never as the only authorisation path for business-critical apps. ISG is additive, not authoritative.

5. Consumer or un-managed Windows 11 device? -> Smart App Control, if eligible ^[41] ^[42]. Otherwise nothing.

Ctrl + scroll to zoom

Diagram source

flowchart TD
Q1{"Need per-user rules and no PKI?"}
Q2{"Need admin-resistant boundary?"}
Q3{"Have managed software distribution?"}
Q4{"Have long tail of unmanaged apps?"}
Q5{"Consumer or unmanaged device?"}
AL["AppLocker (with AaronLocker)"]
ACSigned["App Control for Business
signed policy + HVCI"]
ACMI["Add Managed Installer rule"]
ACISG["Add ISG signal (additive)"]
SAC["Smart App Control"]
Nothing["No application control"]
Q1 -- yes --> AL
Q1 -- no --> Q2
Q2 -- yes --> ACSigned
Q2 -- no --> Q5
ACSigned --> Q3
Q3 -- yes --> ACMI
Q3 -- no --> Q4
ACMI --> Q4
Q4 -- yes --> ACISG
Q4 -- no --> Done["Deployment complete"]
ACISG --> Done
Q5 -- consumer --> SAC
Q5 -- enterprise unmanaged --> Nothing

Diagram source

flowchart TD
Q1{"Need per-user rules and no PKI?"}
Q2{"Need admin-resistant boundary?"}
Q3{"Have managed software distribution?"}
Q4{"Have long tail of unmanaged apps?"}
Q5{"Consumer or unmanaged device?"}
AL["AppLocker (with AaronLocker)"]
ACSigned["App Control for Business
signed policy + HVCI"]
ACMI["Add Managed Installer rule"]
ACISG["Add ISG signal (additive)"]
SAC["Smart App Control"]
Nothing["No application control"]
Q1 -- yes --> AL
Q1 -- no --> Q2
Q2 -- yes --> ACSigned
Q2 -- no --> Q5
ACSigned --> Q3
Q3 -- yes --> ACMI
Q3 -- no --> Q4
ACMI --> Q4
Q4 -- yes --> ACISG
Q4 -- no --> Done["Deployment complete"]
ACISG --> Done
Q5 -- consumer --> SAC
Q5 -- enterprise unmanaged --> Nothing

The five-step deployment decision tree. Each diamond is a question whose answer routes to a different application-control configuration.

The actual deployment knobs.

Scope	GPO node	PowerShell cmdlet inventory	CSP / MDM path
AppLocker	Computer Configuration -> Windows Settings -> Security Settings -> AppLocker	`Get-AppLockerPolicy`, `Set-AppLockerPolicy`, `Test-AppLockerPolicy`, `New-AppLockerPolicy`	AppLocker CSP (maintenance only) ^[44]
App Control for Business	Computer Configuration -> Administrative Templates -> System -> Device Guard	`New-CIPolicy`, `Merge-CIPolicy`, `ConvertFrom-CIPolicy`, `Set-CIPolicySetting`, `Set-CIPolicyVersion`, `Add-SignerRule` (`ConfigCI` module)	ApplicationControl CSP ^[44]; Intune endpoint security UX ^[45]
App Control Wizard	n/a	Wraps `ConfigCI` cmdlets ^[28]	n/a (MSIX desktop app)
Server 2025 default policy	OSConfig PowerShell cmdlets ^[46]	OSConfig	n/a

The Intune deployment surface is the ApplicationControl CSP ^[44], not the older AppLocker CSP. Microsoft is explicit that new App Control feature work lands in ApplicationControl only. The Intune endpoint-security UX path ^[45] sits on top of that CSP.

JavaScript-style pseudocode App Control policy authoring, in pseudocode read-only

// Pseudocode walk of the App Control authoring path. The real cmdlets
// run in PowerShell on a Windows host with the ConfigCI module installed;
// this is the logic so you can mentally simulate the flow.

const baseXml = NewCIPolicy({
scanPath: 'C:\\Windows',
level: 'SignedVersion',
fallback: ['Hash'],
filePath: 'BasePolicy.xml',
});

const blockRulesXml = downloadAndImport(
'recommended-block-rules-policy',
);

const driverBlockXml = downloadAndImport(
'vulnerable-driver-blocklist',
);

const merged = MergeCIPolicy({
inputs: [baseXml, blockRulesXml, driverBlockXml],
output: 'Production.xml',
});

SetCIPolicySetting({
provider: 'SiPolicy',
key: 'PolicyInfo',
valueName: 'Information',
value: 'Contoso Production Policy v1',
policyPath: merged,
});

const binaryCip = ConvertFromCIPolicy({
inputXml: merged,
binaryFilePath: 'Production.cip',
});

// Sign Production.cip with the organisation's code-signing certificate
// before dropping it into:
//   %SystemRoot%\\System32\\CodeIntegrity\\CiPolicies\\Active\\
// then reboot to seal the trusted signer set.
console.log('Production policy authored and ready for signing');

Regulatory anchors. NIST SP 800-167 ^[52] on application allowlisting is the federal framing. The ACSC Essential Eight ^[51] treats application control as one of eight baseline mitigations and is explicit that "the use of file names, package names or any other easily changed application attribute is not considered suitable as a method of application control" -- a structural exclusion that maps cleanly onto Authenticode-signer and hash rules but rules out an AppLocker policy built primarily on path. PCI DSS v4.0.1 ^[58] requires comparable controls for cardholder environments. The article does not work through any of them in depth; the citations are here so a practitioner can find their own compliance map. The Wayback-preserved 2017 Device Guard policy deployment guide ^[59] is the canonical historical reference for the pre-1709 era, before the WDAC rename. Practitioners maintaining older infrastructure occasionally need it.

A common AppLocker gotcha (click to reveal)

The AppLocker MMC wizard does not create default rules automatically. If you enable enforcement on a collection with zero rules, the collection's default behaviour is to deny everything that matches the collection. An enforcing Executable collection with no rules blocks every .exe on the device, including the ones Windows needs to boot useful applications. The wizard surface has an Automatically generate rules button precisely to avoid this footgun; the AaronLocker authoring path bakes the default rules in from the start. If you have ever seen a Windows session that suddenly cannot launch anything after a GPO refresh, this is the most common cause.

The decision tree is operational. The remaining job is to inoculate against the misconceptions the field has accumulated over twenty-five years. That is the FAQ.

15. FAQ -- Misconceptions and Corrections

The application-control literature has accumulated eight common misconceptions over twenty-five years. Each one is corrected below with the primary source that settles the question.

Frequently asked questions about AppLocker and App Control for Business

AppLocker stops attackers, right?

Not in the threat-modelling sense. Microsoft Learn states directly that AppLocker "helps to prevent end-users from running unapproved software on their computers, but doesn't meet the servicing criteria for being a security feature" ^[1]. AppLocker is operational hygiene against non-admin users running unapproved binaries. An attacker who has reached administrator or SYSTEM can stop the AppIDSvc service and end enforcement ^[13]. If your threat model includes an admin-equivalent attacker, AppLocker is not the right control; App Control for Business with a signed policy and HVCI on is.

WDAC was renamed to App Control because Microsoft made it a different thing, right?

No. App Control for Business is the current name for what was called Windows Defender Application Control from 2017 to 2024, which was called Configurable Code Integrity under the Device Guard umbrella from 2015 to 2017. Same kernel CI code path, three brand eras ^[1] ^[2] ^[22]. The rename in 2024 with Windows 11 24H2 and Server 2025 is brand management; the cmdlets and the policy XML schema are unchanged.

You sign WDAC / App Control policies with the application publisher's certificate, right?

No. You sign the policy with the deploying organisation's code-signing certificate -- typically an internal PKI leaf, with the private key on a hardware token or in a sealed vault ^[1]. The application publisher's certificate is what the policy evaluates against at image-load time (signer rules in the policy reference publisher subjects). The two are entirely different roles. A common misreading is to assume that "signed policy" means "policy that allows signed apps" -- it does not. Signed policy means the .cip file itself carries a signature that prevents a SYSTEM attacker from removing or replacing it.

ISG is the trusted-apps list, right?

No. ISG is a reputation classifier, not a list. Microsoft Learn states verbatim ^[27]: "The ISG isn't a 'list' of apps. Rather, it uses the same vast security intelligence and machine learning analytics that power Microsoft Defender SmartScreen and Microsoft Defender Antivirus to help classify applications as having 'known good,' 'known bad,' or 'unknown' reputation." When an App Control policy is configured with ISG enabled, ISG's known good verdict acts as an additive allow signal alongside the policy's explicit signer / hash / path / Managed Installer rules.

There is a Microsoft feature called Intelligent Trusted List or ITL, right?

No such feature exists. A search of Microsoft Learn produces zero results for ITL or Intelligent Trusted List; URLs cited by AI summaries return 404; and the definitions offered by AI summaries contradict each other. The closest real Microsoft features are the Intelligent Security Graph ^[27], the Microsoft Recommended Block Rules ^[32], and Smart App Control ^[41]. If you see ITL in a security blog or AI-generated summary, treat it as a fabrication and ignore it.

AaronLocker is the AppLocker bypass catalogue, right?

No. AaronLocker is Aaron Margosis's deployment tool ^[14]. It is a PowerShell-based generator that authors thorough audit and enforce policies for AppLocker and App Control. The canonical AppLocker bypass catalogue is Oddvar Moe's UltimateAppLockerByPassList ^[15]. The canonical App Control bypass catalogue is Jimmy Bayne's bohops/UltimateWDACBypassList ^[16]. Microsoft's own bypass list is the Applications that can bypass App Control page ^[32]. Four different artefacts, four different roles.

Smart App Control is WDAC for consumers, right?

The enforcement engine is approximately the same (both run inside ci.dll), but SAC is a categorically different product: unmanaged, all-or-nothing, ISG-gated, and capable of silently auto-disabling ^[41]. SAC has no per-app policy authoring surface, no GPO, no Intune integration. Enterprise-managed devices keep SAC off ^[42]. And contrary to older blog posts, SAC can be re-enabled without a clean Windows install on current Windows versions: "Recent Windows updates allow Smart App Control to be re-enabled without requiring a clean installation" ^[42]. The vocabulary is evaluation mode, not audit mode.

AppLocker is deprecated, right?

No -- not in any sense Microsoft would recognise. As of February 2, 2026, AppLocker is not on the Deprecated features in the Windows client page ^[47]. Microsoft Learn does say AppLocker "isn't getting new feature improvements" and that it "doesn't meet the servicing criteria for being a security feature" ^[1], but it also says AppLocker "continues to receive security fixes" -- and the October 2024 KB5044288 cumulative update confirms that claim with a concrete AppLocker servicing fix ^[48]. The defensible characterisation is feature complete, not actively developed, continues to receive security fixes -- not deprecated.

Study guide

Key terms

AppLocker: Windows 7 / Server 2008 R2 era application-control feature; kernel minifilter (AppID.sys) defers verdict to user-mode AppIDSvc; classified as defense-in-depth, not a security feature.
App Control for Business (WDAC): Kernel CI-policy mechanism in ci.dll; same code path as 2015 Configurable CI and 2017 WDAC; MSRC security feature when signed and HVCI on.
AppIDSvc: User-mode Windows service that evaluates AppLocker rules; stopping it removes AppLocker enforcement.
ci.dll: Windows kernel Code Integrity component; enforces driver signing, KMCS, DSE, and App Control policy as peers.
Intelligent Security Graph (ISG): Microsoft cloud reputation classifier returning known good / known bad / unknown; ISG-enabled App Control treats known good as an additive allow signal.
HVCI: Hypervisor-protected Code Integrity (memory integrity); runs the ci.dll evaluator in VTL1 so a VTL0 attacker cannot tamper with the verdict.
Managed Installer: App Control trust-propagation feature in which files written by a designated installer process are EA-tagged as trusted; implemented as an AppLocker rule collection.
Recommended Block Rules: Microsoft-curated list of approximately forty signed binaries that can bypass an allow-Microsoft-signed App Control policy; the inverse list that makes App Control coherent.
LOLBin: Living Off The Land Binary; a vendor-signed binary an attacker repurposes to run arbitrary code under a policy that admits the publisher.
Smart App Control: Consumer-grade Windows 11 application-control feature; unmanaged, all-or-nothing, ISG-gated; same ci.dll evaluator as App Control for Business.

Flashcards

1 / 6

Comprehension questions

Why is AppLocker not deprecated, even though Microsoft Learn says it is not a security feature?
Because AppLocker's per-user policy capability has no replacement in App Control for Business, and AppLocker continues to receive security fixes (e.g., KB5044288 in October 2024). It is not on the Windows deprecated-features page as of February 2026.
Under what specific configuration does App Control for Business meet the MSRC servicing criteria as a security boundary?
Signed policy, signed by the deploying organisation's PKI leaf; HVCI enabled so the evaluator runs in VTL1; Microsoft Recommended Block Rules merged into the active policy; Vulnerable Driver Blocklist enabled.
Why does Microsoft publish a list of its own bypassable signed binaries?
Because the publisher gate (the allow signal in App Control) cannot evaluate the side effects of a signed binary at policy-evaluation time. Microsoft's response to the LOLBin research class was institutional -- publish and continuously update the inverse list -- rather than architectural.
Why do the Mermaid diagrams in section 6 separate the VTL0 normal kernel from the VTL1 secure kernel?
Because HVCI moves the code-integrity evaluator into VTL1, behind the hypervisor boundary. A kernel-mode attacker confined to VTL0 cannot tamper with the verdict; this is the architectural reason a signed App Control policy + HVCI is the MSRC security-boundary configuration.
When would a 2026 deployment use AppLocker and App Control for Business on the same device?
When the device needs per-user policy on some collections (e.g., terminal-server users in different roles) and a real security boundary on others (kernel CI policy with signed policy and HVCI on). The two systems coexist by design; they are non-substitutable.

The thesis was the article's first sentence: two locks on the same door, two threat models, not redundancy. AppLocker is operational hygiene, the user-mode evaluator Microsoft itself declines to call a security feature. App Control for Business -- with a signed policy, HVCI on, and the Recommended Block Rules merged in -- is the MSRC security boundary. Both ship in Windows 11 24H2 and Server 2025 because neither is a strict superset of the other, and the practitioner gets to choose, per deployment, which lock the door needs. For deeper treatment of the cryptographic plumbing, see the companion Authenticode article; for the HVCI / VTL story, see the companion WDAC + HVCI article; for the BYOVD residual in section 13, see the companion Driver Signing article. The line between security feature and operational hygiene control is sharp in Microsoft's own words -- and the two products defending that line will both keep shipping until the line itself moves.

References

(2026). App Control for Business and AppLocker Overview. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview - The MSRC servicing-criteria language for AppLocker and App Control; naming history; the "continues to receive security fixes" line. ↩
Microsoft Security Team (2017). Introducing Windows Defender Application Control. https://www.microsoft.com/en-us/security/blog/2017/10/23/introducing-windows-defender-application-control/ - The Configurable CI -> Device Guard -> WDAC rename retrospective. ↩
(2026). Microsoft Security Servicing Criteria for Windows. https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria - The MSRC line the article thesis turns on; triangulated via ms-appcontrol-applocker-overview. ↩
(2000). CERT Advisory CA-2000-04 Love Letter Worm. https://web.archive.org/web/20140109062734/http://www.cert.org:80/advisories/CA-2000-04.html - CERT/CC original advisory for the ILOVEYOU worm (initial release May 4 2000); preserved via Wayback Machine after CERT/CC retired the advisory archive. ↩
(2001). CERT Advisory CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL. https://web.archive.org/web/20131209034953/http://www.cert.org/advisories/CA-2001-19.html - CERT/CC original advisory for the Code Red worm (initial release July 19 2001); preserved via Wayback Machine. ↩
(2001). CERT Advisory CA-2001-26 Nimda Worm. https://web.archive.org/web/20131105111012/http://www.cert.org/advisories/CA-2001-26.html - CERT/CC original advisory for the Nimda worm (initial release September 18 2001); preserved via Wayback Machine. ↩
John Lambert (2002). Software Restriction Policies in Windows XP. https://www.virusbulletin.com/uploads/pdf/conference/vb2002/johnlambert_vb2002.pdf - The 2002 SRP origin paper. ↩
(2024). What Is AppLocker? (archived TechNet). https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/ee424367(v=ws.11) - Archived TechNet AppLocker overview; SRP five-condition enumeration. ↩
(2026). Windows 7 Lifecycle. https://learn.microsoft.com/en-us/lifecycle/products/windows-7 - Windows 7 release date 2009-10-22; the AppLocker GA anchor. ↩
(2026). Windows Server 2008 R2 Lifecycle. https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2008-r2 - Server 2008 R2 release date 2009-10-22; AppLocker server-side anchor. ↩
(2026). Working with AppLocker Rules. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/working-with-applocker-rules - DLL rule performance warning; script collection coverage including .bat and .cmd. ↩
(2026). App Control feature availability. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/feature-availability - Per-user rules and script-coverage comparison between AppLocker and App Control. ↩
(2026). AppLocker Architecture and Components. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-architecture-and-components - AppIDSvc + AppID.sys minifilter; SeAccessCheckWithSecurityAttributes / AuthzAccessCheck. ↩
Aaron Margosis (2024). AaronLocker GitHub repository. https://github.com/microsoft/AaronLocker - Aaron Margosis deployment tool; the "any application control solution" admin-bypass quote. ↩
Oddvar Moe (2024). UltimateAppLockerByPassList. https://github.com/api0cradle/UltimateAppLockerByPassList - Canonical AppLocker bypass corpus. ↩
Jimmy Bayne (2024). UltimateWDACBypassList. https://github.com/bohops/UltimateWDACBypassList - Canonical WDAC bypass corpus; preserves per-researcher attribution. ↩
Oddvar Moe (2017). AppLocker Case Study: How insecure is it really? Part 1. https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/ - Methodological practitioner case study for AppLocker bypasses. ↩
Oddvar Moe (2017). AppLocker -- Case study: How insecure is it really? -- Part 2. https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/ - Part 2 of Moe December 2017 case study; techniques 8-14 (MSDT, mshta, .bat, .ps1, .vbs, presentationhost, and one more). ↩
(2026). Enable virtualization-based protection of code integrity. https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity - HVCI = memory integrity; Device Guard naming loop closes here. ↩
(2026). Device protection in Windows Security. https://support.microsoft.com/windows/device-protection-in-windows-security-afa11526-de57-b1c5-599f-3a4c6a61c5e2 - Consumer-facing HVCI / memory integrity surface. ↩
(2026). Windows 11 Enterprise and Education Lifecycle. https://learn.microsoft.com/en-us/lifecycle/products/windows-11-enterprise-and-education - Anchors 22H2 (SAC GA) and 24H2 (App Control rename) dates. ↩
(2026). Windows Server 2025 Lifecycle. https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2025 - Server 2025 GA 2024-11-01; OSConfig rollout context. ↩
(2024). Issue 411: Naming change to App Control for Business. https://github.com/MicrosoftDocs/WDAC-Toolkit/issues/411 - Independent confirmation the WDAC rename landed with 24H2. ↩
(2026). PsSetLoadImageNotifyRoutine kernel API. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetloadimagenotifyroutine - Kernel-CI image-load callback registration API. ↩
(2026). PsLookupProcessByProcessId kernel API. https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-pslookupprocessbyprocessid - Kernel API for resolving a PID to EPROCESS during image-load callbacks. ↩
Aaron Margosis (2024). AaronLocker Create-Policies.ps1. https://raw.githubusercontent.com/microsoft/AaronLocker/main/AaronLocker/Create-Policies.ps1 - Dual-target AaronLocker design; AccessChk-based path-rule pruning. ↩
(2026). Configure authorized apps deployed with a managed installer. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/configure-authorized-apps-deployed-with-a-managed-installer - Managed Installer reuses an AppLocker rule collection; EA-tag propagation. ↩
(2026). Use App Control with the Intelligent Security Graph. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/use-appcontrol-with-intelligent-security-graph - ISG-isnt-a-list framing; the 24-hour refresh cycle; the EA-tag origin claim. ↩
(2026). App Control for Business policy wizard. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard - Open-source MSIX-packaged wizard; uses ConfigCI cmdlets. ↩
(2024). April 9 2024 KB5036893 (OS Builds 22621.3447 and 22631.3447). https://support.microsoft.com/en-us/topic/april-9-2024-kb5036893-os-builds-22621-3447-and-22631-3447-a674a67b-85f5-4a40-8d74-5f8af8ead5bb - April 2024 cumulative update for Windows 11 22H2 and 23H2; carries the multi-policy-cap lift. ↩
(2024). April 9 2024 KB5036892 (OS Builds 19044.4291 and 19045.4291). https://support.microsoft.com/en-us/topic/april-9-2024-kb5036892-os-builds-19044-4291-and-19045-4291-expired-cb5d2d42-6b10-48f7-829a-be7d416a811b - April 2024 cumulative update for Windows 10 21H2 and 22H2; companion update that carries the multi-policy-cap lift on Windows 10. ↩
(2026). Deploy multiple App Control policies. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies - April 9 2024 cumulative updates lift the 32-policy cap; 21H2 explicitly excluded. ↩
(2026). Applications that can bypass App Control and how to block them. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol - Microsoft Recommended Block Rules; named-researcher attribution chain. ↩
(2026). LOLBAS Project. https://lolbas-project.github.io/ - Living Off The Land Binaries community catalogue. ↩
Matt Graeber (2016). WinDbg / CDB shellcode runner (Wayback preservation). https://web.archive.org/web/2019/http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html - Preserved verbatim of Graeber cdb.exe LOLBin; live URL is content-replaced. ↩
Casey Smith (2016). Application Whitelisting Bypass: csi.exe (Wayback). https://web.archive.org/web/20161008143428/http://subt0x10.blogspot.com/2016/09/application-whitelisting-bypass-csiexe.html - Original csi.exe LOLBin write-up; second-earliest LOLBin against Device Guard. ↩
Matt Nelson (2016). Bypassing Application Whitelisting by using dnx.exe. https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/ - Original dnx.exe LOLBin write-up. ↩
James Forshaw (2017). DG on Windows 10 S: Executing Arbitrary Code. https://www.tiraniddo.dev/2017/07/dg-on-windows-10-s-executing-arbitrary.html - The "DO NOT consider any application whitelisting solution to be secure" line. ↩
Jimmy Bayne (2019). DotNet Core: A Vector For AWL Bypass and Defense Evasion. https://bohops.com/2019/08/19/dotnet-core-a-vector-for-awl-bypass-defense-evasion/ - Live PoC against AppLocker and WDAC using dotnet.exe. ↩
Peter Upfold (2024). Word hangs on saving: App Control for Business and webclnt.dll. https://peter.upfold.org.uk/blog/2024/07/28/word-hangs-on-saving-app-control-for-business-and-webclnt-dll/ - Third-party operational anecdote on Recommended Block Rules compatibility cost. ↩
(2022). Available today: the Windows 11 2022 Update. https://blogs.windows.com/windowsexperience/2022/09/20/available-today-the-windows-11-2022-update/ - SAC GA announcement; Windows 11 22H2 launch date. ↩
(2026). Smart App Control overview. https://learn.microsoft.com/en-us/windows/apps/develop/smart-app-control/overview - SAC product definition; consumer-only scope; evaluation-mode terminology. ↩
(2026). Smart App Control: Frequently Asked Questions. https://support.microsoft.com/en-us/windows/smart-app-control-frequently-asked-questions-285ea03d-fa88-4d56-882e-6698afdb7003 - Current SAC FAQ; re-enable without clean install; enterprise-managed devices keep SAC off. ↩
(2026). App Control script enforcement. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/script-enforcement - Host-cooperative enforcement design. ↩
(2026). ApplicationControl CSP. https://learn.microsoft.com/en-us/windows/client-management/mdm/applicationcontrol-csp - Intune deployment path; AppLocker CSP supported but no new features. ↩
(2026). App Control for Business policy in Intune. https://learn.microsoft.com/en-us/intune/intune-service/protect/endpoint-security-app-control-policy - Intune endpoint security UX path for App Control + Managed Installer. ↩
(2024). Announcing App Control for Business (aka WDAC) with OSConfig. https://techcommunity.microsoft.com/discussions/windowsserverinsiders/announcing-app-control-for-business-aka-wdac-with-osconfig/4268618 - Server 2025 OSConfig-based App Control default policy. ↩
(2026). Deprecated features in the Windows client. https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features - AppLocker is NOT on this list as of Feb 2026 (negative citation). ↩
(2024). October 8 2024 KB5044288 (OS Build 25398.1189). https://support.microsoft.com/en-us/topic/october-8-2024-kb5044288-os-build-25398-1189-07468931-d90b-4566-9865-f435fe4c3ea8 - Concrete AppLocker servicing fix; proves the "still receives security fixes" claim. ↩
(2026). Microsoft recommended driver block rules. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules - Vulnerable Driver Blocklist; explicit admission the list is not complete. ↩
(2026). Attack surface reduction rules reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference - ASR rule "Block abuse of exploited vulnerable signed drivers" -- the write-time complement to the load-time Vulnerable Driver Blocklist. ↩
(2026). Implementing application control (ACSC). https://www.cyber.gov.au/business-government/protecting-devices-systems/hardening-systems-applications/system-hardening/implementing-application-control - ACSC Essential Eight regulatory anchor. ↩
Souppaya & Scarfone (2015). NIST SP 800-167: Guide to Application Whitelisting. https://csrc.nist.gov/publications/detail/sp/800-167/final - NIST framing of application allowlisting as a security control. ↩
Mark Russinovich (2022). AccessChk Sysinternals. https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk - User-writeability scanning step in AaronLocker path-rule pruning. ↩
(2026). Policy Configuration Agent in Microsoft Intune. https://learn.microsoft.com/en-us/intune/copilot/agents/policy-configuration-agent - Security-Copilot-powered generative policy agent; targets settings catalog, not App Control. ↩
(2026). Manage the Policy Configuration Agent in Microsoft Intune. https://learn.microsoft.com/en-us/intune/copilot/agents/manage-policy-configuration-agent - Policy and Profile manager role-gate confirms device-configuration scope. ↩
(2026). Security Copilot in Intune features overview. https://learn.microsoft.com/en-us/intune/copilot/ - Enumerates the Intune Copilot agents; supports the Policy Configuration Agent placement. ↩
(2024). MicrosoftDocs WDAC-Toolkit. https://github.com/MicrosoftDocs/WDAC-Toolkit - Source repo for the App Control Wizard. ↩
(2026). PCI Security Standards Document Library. https://www.pcisecuritystandards.org/document_library - PCI DSS v4.0.1 application-control-relevant requirements. ↩
(2017). Deploy Code Integrity Policies (Wayback 2017). https://web.archive.org/web/20170101000000/https://docs.microsoft.com/en-us/windows/device-security/device-guard/deploy-code-integrity-policies-steps - Device Guard policy deployment guide as it stood near the 1607 GA. ↩

1. Two Locks on the Same Door#

2. Pre-History -- Why an OS Needs Application Control at All#

3. AppLocker (2009) -- The Architecture Microsoft Documents#

4. AppLocker's Structural Limit -- Why It Was Never a Security Boundary#

5. The Generational Pivot -- Configurable Code Integrity, WDAC, App Control for Business#

6. The Mechanism in Detail -- How App Control for Business Actually Enforces#

7. ISG -- The Reputation Signal Everyone Calls a List#

8. The Bypass Reality -- Recommended Block Rules and the LOLBin Corpus#

9. Smart App Control -- The Adjacent Consumer Application#

10. Side-by-Side Comparison -- The Practitioner Matrix#

11. Why Both Still Ship -- and Why "AppLocker Is Deprecated" Is Folklore#

12. Theoretical Limits -- What No Allowlist Can Do#

13. Open Problems and Active Research#

14. The Practitioner Decision Tree -- Picking and Deploying in 2026#

15. FAQ -- Misconceptions and Corrections#

Frequently asked questions about AppLocker and App Control for Business

Key terms

Flashcards

Comprehension questions

References

Share

1. Two Locks on the Same Door

2. Pre-History -- Why an OS Needs Application Control at All

3. AppLocker (2009) -- The Architecture Microsoft Documents

4. AppLocker's Structural Limit -- Why It Was Never a Security Boundary

5. The Generational Pivot -- Configurable Code Integrity, WDAC, App Control for Business

6. The Mechanism in Detail -- How App Control for Business Actually Enforces

7. ISG -- The Reputation Signal Everyone Calls a List

8. The Bypass Reality -- Recommended Block Rules and the LOLBin Corpus

9. Smart App Control -- The Adjacent Consumer Application

10. Side-by-Side Comparison -- The Practitioner Matrix

11. Why Both Still Ship -- and Why "AppLocker Is Deprecated" Is Folklore

12. Theoretical Limits -- What No Allowlist Can Do

13. Open Problems and Active Research

14. The Practitioner Decision Tree -- Picking and Deploying in 2026

15. FAQ -- Misconceptions and Corrections