MS Security Catalog

This policy uses a built-in filter to allow list Microsoft's Signed Security Catalog. This filter is often used to dynamically allow to update items from Microsoft. Allow listing these executables clears them so they are not effected by any other policy, (i.e. they are allowed to run).

  1. Using the Policy Wizard, create a controlling policy that allows application execution on endpoints.

  2. Select what process types you want the policy to allow, for this example it's Specific Applications.

  3. Choose your target, for this example Existing Filter.

  4. Search for and Add the Present in Signed Security Catalog filter.

    ms signed filter

  5. Click Update.

  6. Click Next Step.

  7. Name your policy and add a description, click Create Policy.

    policy

  8. Set the Inactive switch to Active.

There is no need to add actions under the Actions tab, because these applications are allow listed, they are allowed to run with default permissions.