├── MISG
    ├── BasePolicy-Audit
    │   ├── SIPolicy.p7b
    │   ├── MISGbase-v1-audit.bin
    │   └── MISGbase-v1-audit.xml
    ├── BasePolicy-Enforced
    │   ├── SIPolicy.p7b
    │   ├── MISGbase-v1-enforced.bin
    │   └── MISGbase-v1-enforced.xml
    ├── BPwithMSblockrules-Audit
    │   ├── SIPolicy.p7b
    │   └── MISGbasewithmsblocks-v1-audit.bin
    ├── BPwithMSblockrules-Enforced
    │   ├── SIPolicy.p7b
    │   ├── MISGbasewithmsblocks-v1-enforced.bin
    │   └── MISGbasewithmsblocks-v1-enforced.xml
    └── README.md
├── Customized Block Rulesets
    ├── Enhanced Rules - Balanced
    │   ├── balanced policy files
    │   │   ├── enhanced-balanced--audit.bin
    │   │   └── enhanced-balanced--enforced.bin
    │   └── readme.md
    ├── Enhanced Rules - Cautious
    │   ├── cautious policy files
    │   │   ├── enhanced-cautious--audit.bin
    │   │   └── enhanced-cautious--enforced.bin
    │   └── notes.md
    └── readme.md
├── HighlyDeployableWDACPolicies-Experimental
    ├── CorePolicySets
    │   ├── Audit
    │   │   ├── {A5C89FE7-C0F8-492A-A1DC-240F472AB1B6}.cip
    │   │   └── {C1D4CB32-43F2-420E-9C96-AA1E5CBD8251}.cip
    │   └── Enforced
    │   │   ├── {74728A3E-D2F8-4AB3-B774-C639E8F62BB4}.cip
    │   │   └── {A67929A2-9A4B-4449-9447-C16627E16DF7}.cip
    ├── StandardPolicySets
    │   ├── Audit
    │   │   ├── {485F1632-82BF-4A1E-9647-BC2A1EC56C3F}.cip
    │   │   └── {67958FD3-74F7-4EE4-BF56-7BB477A42F03}.cip
    │   └── Enforced
    │   │   ├── {8938FDB5-3D7D-41FA-9B3C-C4AB3D097A60}.cip
    │   │   └── {9CCF7383-3747-4A8D-B8D8-A33183999E00}.cip
    ├── CorePolicySets-DisabledSE
    │   ├── Audit
    │   │   ├── {712B6D27-F2BD-4ABA-A5F6-8F313B0E3CE1}.cip
    │   │   └── {FD2E3AA8-3A16-4EF3-981F-7090CEFD0AAC}.cip
    │   └── Enforced
    │   │   ├── {0D24A78B-1E40-4B8C-9993-0E0D4FF71DB5}.cip
    │   │   └── {7B4F5FE1-A8EA-47F6-B7DA-A18383F66CC0}.cip
    ├── StandardPolicySets-DisabledSE
    │   ├── Audit
    │   │   ├── {56B8D812-794E-4FDF-9666-AE00E9F4F28F}.cip
    │   │   └── {8151142D-0374-4131-8759-8025FA45EAAF}.cip
    │   └── Enforced
    │   │   ├── {1EB0B755-BCA9-4AB4-B989-29473C1ED890}.cip
    │   │   └── {3626455A-7DF6-4BA8-8E45-1799D8121B19}.cip
    └── README.md
└── README.md


/MISG/BasePolicy-Audit/SIPolicy.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BasePolicy-Audit/SIPolicy.p7b


--------------------------------------------------------------------------------
/MISG/BasePolicy-Enforced/SIPolicy.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BasePolicy-Enforced/SIPolicy.p7b


--------------------------------------------------------------------------------
/MISG/BPwithMSblockrules-Audit/SIPolicy.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BPwithMSblockrules-Audit/SIPolicy.p7b


--------------------------------------------------------------------------------
/MISG/BasePolicy-Audit/MISGbase-v1-audit.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BasePolicy-Audit/MISGbase-v1-audit.bin


--------------------------------------------------------------------------------
/MISG/BPwithMSblockrules-Enforced/SIPolicy.p7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BPwithMSblockrules-Enforced/SIPolicy.p7b


--------------------------------------------------------------------------------
/MISG/BasePolicy-Enforced/MISGbase-v1-enforced.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BasePolicy-Enforced/MISGbase-v1-enforced.bin


--------------------------------------------------------------------------------
/MISG/BPwithMSblockrules-Audit/MISGbasewithmsblocks-v1-audit.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BPwithMSblockrules-Audit/MISGbasewithmsblocks-v1-audit.bin


--------------------------------------------------------------------------------
/MISG/BPwithMSblockrules-Enforced/MISGbasewithmsblocks-v1-enforced.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/MISG/BPwithMSblockrules-Enforced/MISGbasewithmsblocks-v1-enforced.bin


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Balanced/balanced policy files/enhanced-balanced--audit.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/Customized Block Rulesets/Enhanced Rules - Balanced/balanced policy files/enhanced-balanced--audit.bin


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Cautious/cautious policy files/enhanced-cautious--audit.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/Customized Block Rulesets/Enhanced Rules - Cautious/cautious policy files/enhanced-cautious--audit.bin


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Balanced/balanced policy files/enhanced-balanced--enforced.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/Customized Block Rulesets/Enhanced Rules - Balanced/balanced policy files/enhanced-balanced--enforced.bin


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Cautious/cautious policy files/enhanced-cautious--enforced.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/Customized Block Rulesets/Enhanced Rules - Cautious/cautious policy files/enhanced-cautious--enforced.bin


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Audit/{A5C89FE7-C0F8-492A-A1DC-240F472AB1B6}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Audit/{A5C89FE7-C0F8-492A-A1DC-240F472AB1B6}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Audit/{C1D4CB32-43F2-420E-9C96-AA1E5CBD8251}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Audit/{C1D4CB32-43F2-420E-9C96-AA1E5CBD8251}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Enforced/{74728A3E-D2F8-4AB3-B774-C639E8F62BB4}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Enforced/{74728A3E-D2F8-4AB3-B774-C639E8F62BB4}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Enforced/{A67929A2-9A4B-4449-9447-C16627E16DF7}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets/Enforced/{A67929A2-9A4B-4449-9447-C16627E16DF7}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Audit/{485F1632-82BF-4A1E-9647-BC2A1EC56C3F}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Audit/{485F1632-82BF-4A1E-9647-BC2A1EC56C3F}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Audit/{67958FD3-74F7-4EE4-BF56-7BB477A42F03}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Audit/{67958FD3-74F7-4EE4-BF56-7BB477A42F03}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Enforced/{8938FDB5-3D7D-41FA-9B3C-C4AB3D097A60}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Enforced/{8938FDB5-3D7D-41FA-9B3C-C4AB3D097A60}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Enforced/{9CCF7383-3747-4A8D-B8D8-A33183999E00}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets/Enforced/{9CCF7383-3747-4A8D-B8D8-A33183999E00}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Audit/{712B6D27-F2BD-4ABA-A5F6-8F313B0E3CE1}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Audit/{712B6D27-F2BD-4ABA-A5F6-8F313B0E3CE1}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Audit/{FD2E3AA8-3A16-4EF3-981F-7090CEFD0AAC}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Audit/{FD2E3AA8-3A16-4EF3-981F-7090CEFD0AAC}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Enforced/{0D24A78B-1E40-4B8C-9993-0E0D4FF71DB5}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Enforced/{0D24A78B-1E40-4B8C-9993-0E0D4FF71DB5}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Enforced/{7B4F5FE1-A8EA-47F6-B7DA-A18383F66CC0}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/CorePolicySets-DisabledSE/Enforced/{7B4F5FE1-A8EA-47F6-B7DA-A18383F66CC0}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Audit/{56B8D812-794E-4FDF-9666-AE00E9F4F28F}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Audit/{56B8D812-794E-4FDF-9666-AE00E9F4F28F}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Audit/{8151142D-0374-4131-8759-8025FA45EAAF}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Audit/{8151142D-0374-4131-8759-8025FA45EAAF}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Enforced/{1EB0B755-BCA9-4AB4-B989-29473C1ED890}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Enforced/{1EB0B755-BCA9-4AB4-B989-29473C1ED890}.cip


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Enforced/{3626455A-7DF6-4BA8-8E45-1799D8121B19}.cip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arekfurt/WinAWL/HEAD/HighlyDeployableWDACPolicies-Experimental/StandardPolicySets-DisabledSE/Enforced/{3626455A-7DF6-4BA8-8E45-1799D8121B19}.cip


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Balanced/readme.md:
--------------------------------------------------------------------------------
 1 | **"Balanced" Ruleset**
 2 | 
 3 | More documentation coming soon. Suffice to say for now that, in addition to incorporating the rules in the "Cautious" ruleset, this ruleset currently:
 4 | 
 5 | -blocks cmstp.exe (evasive way to download & execute scripts; being used in the wild)
 6 | 
 7 | -blocks Flash in Powerpoint
 8 | 
 9 | -blocks InstallUtil.exe (allows vectors of attack that can potentially abuse .Net to bypass whitelisting; worth doing at least until .Net hardening option actually works; most likely of these to have undesirable side effects on legitimate things)
10 | 
11 | -blocks ability to use (via scrobj.dll, scrrun.dll, mshtml.dll) Squiblydoo with regasm.exe 
12 | 
13 | Mainly because of the block on InstallUtil.exe, I especially recommend testing this block ruleset in audit mode before enabling enforcement. At the least, I recommend being prepared to quickly remove an enforced policy from the CodeIntegrity folder and reboot on any or all machines an enforced policy is applied to in case problems arise.
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Windows Application Whitelisting/Application Control Notes and Sample Policies
2 | 
3 | This repository contains (or, rather, as of this writing will contain) sample policies and some assorted notes related to some research into various capabilities of Windows Defender Application Control and AppLocker.  Posting of any sample rulesets or policies here is meant to encourage, and perhaps make a bit easier, the work of those looking at implementing those technologies in their environments, and indicates that I've at least done some testing with them in my own lab environments and/or on my own personal devices. But I can make no assurance that anything here will work in your environments or on your equipment. And by "work" I mean "will not prevent your computer from booting or cause an important application to fail to run properly".
4 | 
5 | **ALWAYS initially test "enforced" application whitelisting policies on test machines that you're willing and able to troubleshoot boot problems with. Expect that whitelisting policies may well cause unforeseen problems the first time they're taken from "audit" to "enforce". No matter how thorough the audit testing you may have done.** 
6 | 


--------------------------------------------------------------------------------
/Customized Block Rulesets/Enhanced Rules - Cautious/notes.md:
--------------------------------------------------------------------------------
 1 | **The "Cautious" Ruleset**
 2 | 
 3 | This list draws the vast majority of its block rules from two sources: (1)Microsoft's recommended block list, all rules included, and; (2) a few different items of guidance produced on Device Guard (limited, admittedly) and EMET Attack Surface Reduction rules by the what used to be called the Information Assurance Division of the NSA (now NSA Cyber). These rules were chosen by Microsoft and the NSA, no doubt, with the aim of minimizing impact on the legitimate needs of the vast majority of users. However, beyond their concern with that I have been selective myself about which rules suggested by the NSA in their EMET ASR guidance to replicate. (For instance, the current version of this ruleset does not block Office applications from loading packager.dll, which would block malicious Office OLE attacks but while perhaps blocking some non-trivial amount legitimate use.) That said, I have added a few narrowly targeted rules of my own. 
 4 | 
 5 | This ruleset is likely to get more robust in the near future, rather than less so. Still, I intend this to remain an option that is decidedly conscious of avoiding "collateral damage." If you want something more protective but carries a bit more risk of unwanted negative side effects (although I believe still acceptable for most real world general use cases), check out my "balanced" custom ruleset.  
 6 | 
 7 | **Update (11/02/2018):** Cleaned the ruleset xml up a good bit, but didn't substantively change any of the rules. Thus, I'm keeping the "version" (if you want to use that term) at 1.0. Did add policy files incorporating the rules, which are just a product of merging the custom block ruleset with Microsft's AllowAll starter WDAC policy that ships with Win 10 Enterprise. Just in case anyone else wants to test out the block rules independently of any base whitelisting policy restrictions. 
 8 | _________________________________________________________
 9 | **What's different from the current (10/22/2018) Microsoft ruleset?**
10 | 
11 | -blocks Squidblydoo (from @subtee) in rundll32.exe and regsvr32.exe (NSA EMET guidance)
12 | -blocks wdigest.dll (NSA WDAC guidance)
13 | -blocks Flash from loading in Word and Excel (but not Powerpoint) (NSA EMET guidance) 
14 | -blocks scriptrunner.exe
15 | -blocks the mavinject.exe processes
16 | (background: https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e )
17 | 
18 | 
19 | Note: If the scriptrunner and/or mavinject rules are used on a machine running applications with AppV it's possible you could see an issue. (If you don't know or aren't quite sure what AppV is, you almost certainly don't have to worry about that. And you can always just copy a troublesome unsigned policy out of the CodeIntegrity folder and reboot. But when in doubt audit first.)
20 | 


--------------------------------------------------------------------------------
/Customized Block Rulesets/readme.md:
--------------------------------------------------------------------------------
 1 | # Enhanced Block Lists for Restricting Risky Processes and Modules in Windows Defender Application Guard/Device Guard
 2 | 
 3 | Microsoft publishes (at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules) a list of Microsoft-produces executables (most built into Windows 10, some not but downloadable from MS) that it recommends you block if you're trying to create a robust application control policy with WDAC/DG because they can be abused to bypass restrictions and run arbitrary code. This list is fine as far as it goes (though no doubt there are other bypasses waiting to either be discovered or be made public), but it's definitely a bit on the conservative side in terms of blocking potential bypass hazards. Moreover, it doesn't really address any other important purposes of using block rules in WDAC/DG. Like preventing certain processes from loading specific dlls, add-ins, etc. that likely would only be used by those processes during malicious activity. After the release of new WDAC/DG capabilities in Windows 10 1703 and subsequent forced retirement of EMET on Windows 10, the supported way to restrict what modules can be loaded by what processes accross versions of Windows 10 today is to create WDAC block rules that do so. 
 4 | 
 5 | My aim here is to gradually publish a collection of improved block rulesets that use selective blocking of both processes and modules (largely dlls) to both guard against actual "bypass" techniques and restrict code execution mechanisms that may not technically count as hard bypasses but are abusable by real-world actors to evade application control and other defenses. (Or just overwhelmingly abused for malicious purposes in general.) These rulesets, just like the ruleset Microsoft produces, are primarily designed to be merged into other policies (for eg., one of the starter policies included with Win 10 Enterprise, or a policy you create by scanning a reference machine with Powershell scripts as described in the MS documentation at https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy ), not to be compiled and put into force on their own. However, because I think there is some utility to being able to test block rulesets independently of base WDAC whitelisting rules I'm including policy files that combine the block lists here with Microsoft's AllowAll base starter policy that ships with Windows 10 Enterprise.
 6 | 
 7 | Some notes on the particular contents of the policies will be included in the sub-folders that contain them. 
 8 | 
 9 | **Note #1:** Unfortunately, as of this writing you still need a machine or VM running Windows 10 Enterprise to use the Powershell scripts that merge and compile WDAC/DG policies.  Likewise, while you can always edit by hand the xml file of a sample/starter policy or even create your own from ground up, if you’d like to use the auto scanning & creation Powershell scripts MS has created you’ll currently need an install of Enterprise to do so.  (Fortunately, you do have the ability to do a VM or dual-boot trial of Win 10 Enterprise for up to 180 days before Windows starts complaining about software validation.)
10 | 
11 | **Note #2:** Also as of this writing, the "Disable:Script Enforcement" option that is documented in the official MS guidance does not actually work. The import of that is that putting *any* WDAC/DG policy into place and enforcing it will result in Powershell, WSH, etc. running in Constrained Language Mode. Even if you just want to selectively block certain module loads into certain processes that are usually initiated maliciously, as the old EMET Attack Surface Reduction capabilities allowed you to do. CLM being enforced may not be a dealkiller for you; indeed, for the large majority of general use PC setups it’s probably desirable. But if it is a dealkiller... well, as of now that means you have no usable successor to EMET ASR rules on Windows 10.  As with the Enterprise policy creation restrictions, this is lousy. But for now it is what it is. (Going on to the Windows Feedback Hub and politely bugging MS to get this important setting working probably couldn't do any harm, though.)
12 |    
13 | 


--------------------------------------------------------------------------------
/HighlyDeployableWDACPolicies-Experimental/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | # Deployability-Focused Windows Defender Application Control Starter Policies for Testing and Refinement
 4 | 
 5 | ## IMPORTANT NOTE (07/23):
 6 | Unfortunately, based on my own testing I cannot at this time recommend beginning to deploy *to production machines* WDAC policies that use the new capabilties available in Win10 1903, with the exception of pre-1903 compliant policies that (1) just use the newly working "Disable:Script Enforcement" option or (2) have Script Enforcment enabled but are known not to cause conflicts in your environments due to testing on previous versions of Windows 10. (But see Bug Note #2 below.) This caution does include within it any of the starter policies currently posted in this section of this repository. (Which are currently "beta" quality at most anyway.) This is due to certain WDAC bugs listed below, as well as some concerns I'll be intentionally vague about for now. However, I'm sure Microsoft is working to address the issues that exist, and I would encourage continued work developing and testing Win10 1903 WDAC policies with the intention of rolling them out for use in the near-ish future. (Notably, if you're a larger organization that has recently begun to evaluate Windows 10 1903 itself for eventual deployment many months/years down the road I'd expect you can basically ignore this.)    
 7 | 
 8 | _________________________________________________________________________________________________
 9 | 
10 | Windows 10 1903 introduces several capabilities that offer the promise of (hopefully) significantly lightening the burdens of deploying and maintaining application whitelisting/application control without sacrificing too much security robustness. The starter policies offered here are designed to both provide some functioning examples of how some of these new capabilities--such as multiple policy support, the ability to create filepath allow rules for locations that are admin-write-only, and the ability to choose whether Constrained Language Mode will or will not be on--may be used. And also to provide some practical policies that can give those interested in getting started with WDAC policy auditing and customization for their environments a bit of a head start, in terms of lessening the overall amount of refinement work they'll need to put in to eventually get to policies that are really usable. (For detection in audit mode, or detection and blocking in enforced mode).
11 | 
12 | Currently, four policy set combinations are here, with audit and enforced policies available for each. For each of these eight overall policy set options there are two .cip policy files (one main policy and one block list policy) for each:
13 | 
14 | 1. A "Core" policy combo with Script Enforcement (ie. CLM) on.
15 | 2. A Core policy combo with Script Enforcement disabled.
16 | 3. A "Standard" policy combo (Core + Intelligent Security Graph authorization) with Script Enforcement on. **Recommended.**
17 | 4. A Standard policy combo with Script Enforcement disabled.
18 | 
19 | Each policy also is accompanied by the .xml file that was compiled to create it.
20 | 
21 | 
22 | Another note: Any intended use of any such policies presumes ordinary users without security expertise do not have administrative rights. Users with administrative rights may run any files as they choose from filepath locations allowed in these policies.
23 | 
24 | 
25 | I have at least lightly tested these policies on both Windows 10 Enterprise and Windows 10 Pro test machines and personal devices. With reasonably fair results. That said, I'd call attention to the word "lightly" there. These are basically alpha quality policies at this point in terms of maturity. **These policies are for TESTING and to provide a starting basis for customization. Do not even think of putting them into enforced production use on important machines, at least without doing both extensive audit testing and refining and then a cautious enforced test deployment first.** Indeed, I include enforced versions of policies here largely because, in my experience with 1903 so far, there may be a few issues which, despite the best audit testing, only materialize once enforcement is turned on.   
26 | 
27 | In terms of which starter policy set is "best", there's clearly not one always-right answer. Personally, I tend to believe that having a good set of core allow rules, a good set of block rules, MISG authorization on to automatically allow many applications that have known good reputation to run, along with CLM/Script Enforcement enabled has perhaps the best potential to produce refined policies in many environments that are effective against the vast bulk of attacker malware threats in the wild while requiring as little effort required in creating, refining, and maintaining policies as possible. But your judgment and circumstances may vary, of course. Thus, there are options. (With more likely to come.)
28 | 
29 | The core rules included in the policies here will most certainly evolve as I have time to further study and experiment with both enhancements to what they allow and to malicious behaviors they can block. (If you’re interested, keep an eye on the brand new dev branch to see what may be coming here.)   
30 | 
31 | Note: Any intended use of any such policies presumes ordinary users without security expertise do not have administrative rights. Users with administrative rights may run any files as they choose from filepath locations allowed in these policies.
32 | 
33 | **Bug Note:** MS has confirmed that a bug exists that causes serious deauthorization issues of vital Windows components if you attempt to merge certain allow rule lists and certain deny rule lists. The rules used in these policies trigger this bug. **Until further notice, DO NOT MERGE THE MAIN AND BLOCK LIST POLICY FILES HERE.** Just use the two separate policies included for each policy combo.
34 | 
35 | **Bug Note 2:** Currently (as of 7/23) when Script Enforcement is enabled not all things that would trigger it (if you're in audit mode) or do get blocked by it (if you're in enforced mode) are written to the AppLocker/MSI and Scripts log as they should be. This includes at least some blocking of scripts in .hta files (assuming you don't have mshta.exe blocked as an application), possibly some Powershell commands, and some wmic.exe and regsvr.exe commands that could sometimes be used to bypass pre-1903 versions of WDAC. 
36 | 
37 | ## July 15 Improvements
38 | 
39 | -created new Core (ie. without MISG enabled)-Script Enforcement Disabled audit and enforced policy sets
40 | 
41 | -merged in EKU and EKUCert-related signing stuff from official MS sample policies (hadn't done so previously due to bug assessment efforts)
42 | 
43 | -recompiled all 16 (8 main, 8 block list) policies with new and unique GUIDs, descriptive names, and Policy ID strings
44 | 
45 | -renamed files and folders descriptively
46 | 
47 | -further tested policies (found and reported an apparent hta script enforcement logging bug to MS)
48 | 
49 | -documentation improvements 
50 | 
51 | ## Block List Rules  
52 | 
53 | The block rule policies are currently identical for each policy set in what processes and modules they block, although not in the policy rule options they use. Use each block list file with its main policy file in the same folder. The core block list is based on the Microsoft recommended blocklist for Win 10 1903 (current as of July 5, 2019) except it also:
54 | 
55 | -allows mshta and wmic
56 | (allowing actual use of mshta may also require "Disabled: Script Enforcement" option to be set)
57 | 
58 | -blocks various older WDAC scripting bypasses using rundll32, regsvr, and regasm
59 | 
60 | -blocks mavinject
61 | 
62 | -blocks use of flash.ocx by Word and Excel
63 | 
64 | -blocks cmstp
65 | 
66 | -blocks wdigest 
67 | 
68 | ## Instructions 
69 | Deploy these policies manually on a test machine by dropping the two .cip files for your choice of configuration, as appropriate, into the C:\Windows\System32\CodeIntegrity\CiPolicies\Active folder. **Do not rename the .cip policy files.** They must be named with their policy GUIDs to enable properly.  (Note: For sake of simplicity the filepath rules in the policies currently assume your OS drive is the C: drive. I will attempt to switch to using environmental variables for future versions.) 
70 | 
71 | 
72 | **Issue reports and specific suggestions for rules/etc. that you'd like to see included are very welcome. Pull requests welcome. Feedback in general is welcome.**
73 | 


--------------------------------------------------------------------------------
/MISG/BasePolicy-Enforced/MISGbase-v1-enforced.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
  3 |   <VersionEx>10.0.0.0</VersionEx>
  4 |   <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
  5 |   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
  6 |   <Rules>
  7 |     <Rule>
  8 |       <Option>Enabled:Unsigned System Integrity Policy</Option>
  9 |     </Rule>
 10 |     <Rule>
 11 |       <Option>Enabled:Advanced Boot Options Menu</Option>
 12 |     </Rule>
 13 |     <Rule>
 14 |       <Option>Enabled:UMCI</Option>
 15 |     </Rule>
 16 |     <Rule>
 17 |       <Option>Enabled:Intelligent Security Graph Authorization</Option>
 18 |     </Rule>
 19 |     <Rule>
 20 |       <Option>Enabled:Inherit Default Policy</Option>
 21 |     </Rule>
 22 |     <Rule>
 23 |       <Option>Enabled:Update Policy No Reboot</Option>
 24 |     </Rule>
 25 |     <Rule>
 26 |       <Option>Enabled:Boot Audit On Failure</Option>
 27 |     </Rule>
 28 |   </Rules>
 29 |   <!--EKUS-->
 30 |   <EKUs>
 31 |     <EKU ID="ID_EKU_WINDOWS" Value="010A2B0601040182370A0306" />
 32 |     <EKU ID="ID_EKU_WHQL" Value="010A2B0601040182370A0305" />
 33 |     <EKU ID="ID_EKU_ELAM" Value="010A2B0601040182373D0401" />
 34 |     <EKU ID="ID_EKU_HAL_EXT" Value="010a2b0601040182373d0501" />
 35 |     <EKU ID="ID_EKU_RT_EXT" Value="010a2b0601040182370a0315" />
 36 |     <EKU ID="ID_EKU_STORE" FriendlyName="Windows Store EKU - 1.3.6.1.4.1.311.76.3.1 Windows Store" Value="010a2b0601040182374c0301" />
 37 |     <EKU ID="ID_EKU_DCODEGEN" FriendlyName="Dynamic Code Generation EKU - 1.3.6.1.4.1.311.76.5.1" Value="010A2B0601040182374C0501" />
 38 |     <EKU ID="ID_EKU_AM" FriendlyName="AntiMalware EKU -1.3.6.1.4.1.311.76.11.1 " Value="010a2b0601040182374c0b01" />
 39 |   </EKUs>
 40 |   <!--Signers-->
 41 |   <Signers>
 42 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION" Name="Microsoft Product Root 2010 Windows EKU">
 43 |       <CertRoot Type="Wellknown" Value="06" />
 44 |       <CertEKU ID="ID_EKU_WINDOWS" />
 45 |     </Signer>
 46 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION" Name="Microsoft Product Root 2010 ELAM EKU">
 47 |       <CertRoot Type="Wellknown" Value="06" />
 48 |       <CertEKU ID="ID_EKU_ELAM" />
 49 |     </Signer>
 50 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION" Name="Microsoft Product Root 2010 HAL EKU">
 51 |       <CertRoot Type="Wellknown" Value="06" />
 52 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 53 |     </Signer>
 54 |     <Signer ID="ID_SIGNER_WHQL_SHA2" Name="Microsoft Product Root 2010 WHQL EKU">
 55 |       <CertRoot Type="Wellknown" Value="06" />
 56 |       <CertEKU ID="ID_EKU_WHQL" />
 57 |     </Signer>
 58 |     <Signer ID="ID_SIGNER_WHQL_SHA1" Name="Microsoft Product Root WHQL EKU SHA1">
 59 |       <CertRoot Type="Wellknown" Value="05" />
 60 |       <CertEKU ID="ID_EKU_WHQL" />
 61 |     </Signer>
 62 |     <Signer ID="ID_SIGNER_WHQL_MD5" Name="Microsoft Product Root WHQL EKU MD5">
 63 |       <CertRoot Type="Wellknown" Value="04" />
 64 |       <CertEKU ID="ID_EKU_WHQL" />
 65 |     </Signer>
 66 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION_USER" Name="Microsoft Product Root 2010 Windows EKU">
 67 |       <CertRoot Type="Wellknown" Value="06" />
 68 |       <CertEKU ID="ID_EKU_WINDOWS" />
 69 |     </Signer>
 70 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION_USER" Name="Microsoft Product Root 2010 ELAM EKU">
 71 |       <CertRoot Type="Wellknown" Value="06" />
 72 |       <CertEKU ID="ID_EKU_ELAM" />
 73 |     </Signer>
 74 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION_USER" Name="Microsoft Product Root 2010 HAL EKU">
 75 |       <CertRoot Type="Wellknown" Value="06" />
 76 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 77 |     </Signer>
 78 |     <Signer ID="ID_SIGNER_WHQL_SHA2_USER" Name="Microsoft Product Root 2010 WHQL EKU">
 79 |       <CertRoot Type="Wellknown" Value="06" />
 80 |       <CertEKU ID="ID_EKU_WHQL" />
 81 |     </Signer>
 82 |     <Signer ID="ID_SIGNER_WHQL_SHA1_USER" Name="Microsoft Product Root WHQL EKU SHA1">
 83 |       <CertRoot Type="Wellknown" Value="05" />
 84 |       <CertEKU ID="ID_EKU_WHQL" />
 85 |     </Signer>
 86 |     <!-- Flighting related signers -->
 87 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT" Name="Microsoft Flighting Root 2014 Windows EKU">
 88 |       <CertRoot Type="Wellknown" Value="0E" />
 89 |       <CertEKU ID="ID_EKU_WINDOWS" />
 90 |     </Signer>
 91 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT" Name="Microsoft Flighting Root 2014 ELAM EKU">
 92 |       <CertRoot Type="Wellknown" Value="0E" />
 93 |       <CertEKU ID="ID_EKU_ELAM" />
 94 |     </Signer>
 95 |     <Signer ID="ID_SIGNER_HAL_FLIGHT" Name="Microsoft Flighting Root 2014 HAL EKU">
 96 |       <CertRoot Type="Wellknown" Value="0E" />
 97 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 98 |     </Signer>
 99 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2" Name="Microsoft Flighting Root 2014 WHQL EKU">
100 |       <CertRoot Type="Wellknown" Value="0E" />
101 |       <CertEKU ID="ID_EKU_WHQL" />
102 |     </Signer>
103 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER" Name="Microsoft Flighting Root 2014 Windows EKU">
104 |       <CertRoot Type="Wellknown" Value="0E" />
105 |       <CertEKU ID="ID_EKU_WINDOWS" />
106 |     </Signer>
107 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT_USER" Name="Microsoft Flighting Root 2014 ELAM EKU">
108 |       <CertRoot Type="Wellknown" Value="0E" />
109 |       <CertEKU ID="ID_EKU_ELAM" />
110 |     </Signer>
111 |     <Signer ID="ID_SIGNER_HAL_FLIGHT_USER" Name="Microsoft Flighting Root 2014 HAL EKU">
112 |       <CertRoot Type="Wellknown" Value="0E" />
113 |       <CertEKU ID="ID_EKU_HAL_EXT" />
114 |     </Signer>
115 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2_USER" Name="Microsoft Flighting Root 2014 WHQL EKU">
116 |       <CertRoot Type="Wellknown" Value="0E" />
117 |       <CertEKU ID="ID_EKU_WHQL" />
118 |     </Signer>
119 |     <Signer ID="ID_SIGNER_WHQL_MD5_USER" Name="Microsoft Product Root WHQL EKU MD5">
120 |       <CertRoot Type="Wellknown" Value="04" />
121 |       <CertEKU ID="ID_EKU_WHQL" />
122 |     </Signer>
123 |     <Signer ID="ID_SIGNER_STORE" Name="Microsoft MarketPlace PCA 2011">
124 |       <CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
125 |       <CertEKU ID="ID_EKU_STORE" />
126 |     </Signer>
127 |     <Signer ID="ID_SIGNER_RT_PRODUCTION" Name="Microsoft Product Root 2010 RT EKU">
128 |       <CertRoot Type="Wellknown" Value="06" />
129 |       <CertEKU ID="ID_EKU_RT_EXT" />
130 |     </Signer>
131 |     <Signer ID="ID_SIGNER_RT_FLIGHT" Name="Microsoft Flighting Root 2014 RT EKU">
132 |       <CertRoot Type="Wellknown" Value="0E" />
133 |       <CertEKU ID="ID_EKU_RT_EXT" />
134 |     </Signer>
135 |     <Signer ID="ID_SIGNER_RT_STANDARD" Name="Microsoft Standard Root 2001 RT EUK">
136 |       <CertRoot Type="Wellknown" Value="07" />
137 |       <CertEKU ID="ID_EKU_RT_EXT" />
138 |     </Signer>
139 |     <Signer ID="ID_SIGNER_TEST2010" Name="MincryptKnownRootMicrosoftTestRoot2010">
140 |       <CertRoot Type="Wellknown" Value="0A" />
141 |     </Signer>
142 |     <Signer ID="ID_SIGNER_TEST2010_USER" Name="MincryptKnownRootMicrosoftTestRoot2010">
143 |       <CertRoot Type="Wellknown" Value="0A" />
144 |     </Signer>
145 |     <Signer ID="ID_SIGNER_DRM" Name="MincryptKnownRootMicrosoftDMDRoot2005">
146 |       <CertRoot Type="Wellknown" Value="0C" />
147 |     </Signer>
148 |     <Signer ID="ID_SIGNER_DCODEGEN" Name="MincryptKnownRootMicrosoftProductRoot2010">
149 |       <CertRoot Type="Wellknown" Value="06" />
150 |       <CertEKU ID="ID_EKU_DCODEGEN" />
151 |     </Signer>
152 |     <Signer ID="ID_SIGNER_AM" Name="MincryptKnownRootMicrosoftStandardRoot2011">
153 |       <CertRoot Type="Wellknown" Value="07" />
154 |       <CertEKU ID="ID_EKU_AM" />
155 |     </Signer>
156 |   </Signers>
157 |   <SigningScenarios>
158 |     <!--Kernel Mode Signing Scenario-->
159 |     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="Kernel Mode Signing Scenario">
160 |       <ProductSigners>
161 |         <AllowedSigners>
162 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION" />
163 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION" />
164 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION" />
165 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2" />
166 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1" />
167 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5" />
168 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT" />
169 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT" />
170 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT" />
171 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2" />
172 |           <!-- Test signer is trusted by ConfigCI, however, it will not be trusted by CI unless testsigning BCD is set -->
173 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010" />
174 |         </AllowedSigners>
175 |       </ProductSigners>
176 |     </SigningScenario>
177 |     <!--User Mode Signing Scenario-->
178 |     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="User Mode Signing Scenario">
179 |       <ProductSigners>
180 |         <AllowedSigners>
181 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION_USER" />
182 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION_USER" />
183 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION_USER" />
184 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2_USER" />
185 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1_USER" />
186 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5_USER" />
187 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER" />
188 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT_USER" />
189 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT_USER" />
190 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2_USER" />
191 |           <AllowedSigner SignerId="ID_SIGNER_STORE" />
192 |           <AllowedSigner SignerId="ID_SIGNER_RT_PRODUCTION" />
193 |           <AllowedSigner SignerId="ID_SIGNER_DRM" />
194 |           <AllowedSigner SignerId="ID_SIGNER_DCODEGEN" />
195 |           <AllowedSigner SignerId="ID_SIGNER_AM" />
196 |           <AllowedSigner SignerId="ID_SIGNER_RT_FLIGHT" />
197 |           <AllowedSigner SignerId="ID_SIGNER_RT_STANDARD" />
198 |           <!-- Test signer is trusted by ConfigCI, however, it will not be trusted by CI unless testsigning BCD is set -->
199 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010_USER" />
200 |         </AllowedSigners>
201 |       </ProductSigners>
202 |     </SigningScenario>
203 |   </SigningScenarios>
204 |   <UpdatePolicySigners>
205 |   </UpdatePolicySigners>
206 |   <!-- 
207 | 
208 |     CiSigners are signers that ConfigCI asks CI to trust for all builds, include 
209 |     retail builds.
210 |     
211 |     Normally CiSigners is empty or only includes production signers. For enterprise
212 |     ConfigCI policy, you may need to include enterprise signers. Just make sure it
213 |     is understood that CiSigners will be trusted by CI for all builds.
214 | 
215 | -->
216 |   <CiSigners>
217 |     <!--
218 |       Currently Centennial Apps are launched as Win32 Apps and signed by store certificate.
219 |       We need to allow enterprise signing scenario to trust store certificate.
220 |     -->
221 |     <CiSigner SignerId="ID_SIGNER_STORE" />
222 |   </CiSigners>
223 |   <HvciOptions>0</HvciOptions>
224 |   <Settings>
225 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
226 |       <Value>
227 |         <String>DefaultWindowsAudit</String>
228 |       </Value>
229 |     </Setting>
230 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
231 |       <Value>
232 |         <String>031017</String>
233 |       </Value>
234 |     </Setting>
235 |   </Settings>
236 | </SiPolicy>


--------------------------------------------------------------------------------
/MISG/BasePolicy-Audit/MISGbase-v1-audit.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
  3 |   <VersionEx>10.0.0.0</VersionEx>
  4 |   <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
  5 |   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
  6 |   <Rules>
  7 |     <Rule>
  8 |       <Option>Enabled:Unsigned System Integrity Policy</Option>
  9 |     </Rule>
 10 |     <Rule>
 11 |       <Option>Enabled:Advanced Boot Options Menu</Option>
 12 |     </Rule>
 13 |     <Rule>
 14 |       <Option>Enabled:UMCI</Option>
 15 |     </Rule>
 16 |     <Rule>
 17 |       <Option>Enabled:Intelligent Security Graph Authorization</Option>
 18 |     </Rule>
 19 |     <Rule>
 20 |       <Option>Enabled:Inherit Default Policy</Option>
 21 |     </Rule>
 22 |     <Rule>
 23 |       <Option>Enabled:Update Policy No Reboot</Option>
 24 |     </Rule>
 25 |     <Rule>
 26 |       <Option>Enabled:Boot Audit On Failure</Option>
 27 |     </Rule>
 28 |     <Rule>
 29 |       <Option>Enabled:Audit Mode</Option>
 30 |     </Rule>
 31 |   </Rules>
 32 |   <!--EKUS-->
 33 |   <EKUs>
 34 |     <EKU ID="ID_EKU_WINDOWS" Value="010A2B0601040182370A0306" />
 35 |     <EKU ID="ID_EKU_WHQL" Value="010A2B0601040182370A0305" />
 36 |     <EKU ID="ID_EKU_ELAM" Value="010A2B0601040182373D0401" />
 37 |     <EKU ID="ID_EKU_HAL_EXT" Value="010a2b0601040182373d0501" />
 38 |     <EKU ID="ID_EKU_RT_EXT" Value="010a2b0601040182370a0315" />
 39 |     <EKU ID="ID_EKU_STORE" FriendlyName="Windows Store EKU - 1.3.6.1.4.1.311.76.3.1 Windows Store" Value="010a2b0601040182374c0301" />
 40 |     <EKU ID="ID_EKU_DCODEGEN" FriendlyName="Dynamic Code Generation EKU - 1.3.6.1.4.1.311.76.5.1" Value="010A2B0601040182374C0501" />
 41 |     <EKU ID="ID_EKU_AM" FriendlyName="AntiMalware EKU -1.3.6.1.4.1.311.76.11.1 " Value="010a2b0601040182374c0b01" />
 42 |   </EKUs>
 43 |   <!--Signers-->
 44 |   <Signers>
 45 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION" Name="Microsoft Product Root 2010 Windows EKU">
 46 |       <CertRoot Type="Wellknown" Value="06" />
 47 |       <CertEKU ID="ID_EKU_WINDOWS" />
 48 |     </Signer>
 49 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION" Name="Microsoft Product Root 2010 ELAM EKU">
 50 |       <CertRoot Type="Wellknown" Value="06" />
 51 |       <CertEKU ID="ID_EKU_ELAM" />
 52 |     </Signer>
 53 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION" Name="Microsoft Product Root 2010 HAL EKU">
 54 |       <CertRoot Type="Wellknown" Value="06" />
 55 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 56 |     </Signer>
 57 |     <Signer ID="ID_SIGNER_WHQL_SHA2" Name="Microsoft Product Root 2010 WHQL EKU">
 58 |       <CertRoot Type="Wellknown" Value="06" />
 59 |       <CertEKU ID="ID_EKU_WHQL" />
 60 |     </Signer>
 61 |     <Signer ID="ID_SIGNER_WHQL_SHA1" Name="Microsoft Product Root WHQL EKU SHA1">
 62 |       <CertRoot Type="Wellknown" Value="05" />
 63 |       <CertEKU ID="ID_EKU_WHQL" />
 64 |     </Signer>
 65 |     <Signer ID="ID_SIGNER_WHQL_MD5" Name="Microsoft Product Root WHQL EKU MD5">
 66 |       <CertRoot Type="Wellknown" Value="04" />
 67 |       <CertEKU ID="ID_EKU_WHQL" />
 68 |     </Signer>
 69 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION_USER" Name="Microsoft Product Root 2010 Windows EKU">
 70 |       <CertRoot Type="Wellknown" Value="06" />
 71 |       <CertEKU ID="ID_EKU_WINDOWS" />
 72 |     </Signer>
 73 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION_USER" Name="Microsoft Product Root 2010 ELAM EKU">
 74 |       <CertRoot Type="Wellknown" Value="06" />
 75 |       <CertEKU ID="ID_EKU_ELAM" />
 76 |     </Signer>
 77 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION_USER" Name="Microsoft Product Root 2010 HAL EKU">
 78 |       <CertRoot Type="Wellknown" Value="06" />
 79 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 80 |     </Signer>
 81 |     <Signer ID="ID_SIGNER_WHQL_SHA2_USER" Name="Microsoft Product Root 2010 WHQL EKU">
 82 |       <CertRoot Type="Wellknown" Value="06" />
 83 |       <CertEKU ID="ID_EKU_WHQL" />
 84 |     </Signer>
 85 |     <Signer ID="ID_SIGNER_WHQL_SHA1_USER" Name="Microsoft Product Root WHQL EKU SHA1">
 86 |       <CertRoot Type="Wellknown" Value="05" />
 87 |       <CertEKU ID="ID_EKU_WHQL" />
 88 |     </Signer>
 89 |     <!-- Flighting related signers -->
 90 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT" Name="Microsoft Flighting Root 2014 Windows EKU">
 91 |       <CertRoot Type="Wellknown" Value="0E" />
 92 |       <CertEKU ID="ID_EKU_WINDOWS" />
 93 |     </Signer>
 94 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT" Name="Microsoft Flighting Root 2014 ELAM EKU">
 95 |       <CertRoot Type="Wellknown" Value="0E" />
 96 |       <CertEKU ID="ID_EKU_ELAM" />
 97 |     </Signer>
 98 |     <Signer ID="ID_SIGNER_HAL_FLIGHT" Name="Microsoft Flighting Root 2014 HAL EKU">
 99 |       <CertRoot Type="Wellknown" Value="0E" />
100 |       <CertEKU ID="ID_EKU_HAL_EXT" />
101 |     </Signer>
102 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2" Name="Microsoft Flighting Root 2014 WHQL EKU">
103 |       <CertRoot Type="Wellknown" Value="0E" />
104 |       <CertEKU ID="ID_EKU_WHQL" />
105 |     </Signer>
106 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER" Name="Microsoft Flighting Root 2014 Windows EKU">
107 |       <CertRoot Type="Wellknown" Value="0E" />
108 |       <CertEKU ID="ID_EKU_WINDOWS" />
109 |     </Signer>
110 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT_USER" Name="Microsoft Flighting Root 2014 ELAM EKU">
111 |       <CertRoot Type="Wellknown" Value="0E" />
112 |       <CertEKU ID="ID_EKU_ELAM" />
113 |     </Signer>
114 |     <Signer ID="ID_SIGNER_HAL_FLIGHT_USER" Name="Microsoft Flighting Root 2014 HAL EKU">
115 |       <CertRoot Type="Wellknown" Value="0E" />
116 |       <CertEKU ID="ID_EKU_HAL_EXT" />
117 |     </Signer>
118 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2_USER" Name="Microsoft Flighting Root 2014 WHQL EKU">
119 |       <CertRoot Type="Wellknown" Value="0E" />
120 |       <CertEKU ID="ID_EKU_WHQL" />
121 |     </Signer>
122 |     <Signer ID="ID_SIGNER_WHQL_MD5_USER" Name="Microsoft Product Root WHQL EKU MD5">
123 |       <CertRoot Type="Wellknown" Value="04" />
124 |       <CertEKU ID="ID_EKU_WHQL" />
125 |     </Signer>
126 |     <Signer ID="ID_SIGNER_STORE" Name="Microsoft MarketPlace PCA 2011">
127 |       <CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
128 |       <CertEKU ID="ID_EKU_STORE" />
129 |     </Signer>
130 |     <Signer ID="ID_SIGNER_RT_PRODUCTION" Name="Microsoft Product Root 2010 RT EKU">
131 |       <CertRoot Type="Wellknown" Value="06" />
132 |       <CertEKU ID="ID_EKU_RT_EXT" />
133 |     </Signer>
134 |     <Signer ID="ID_SIGNER_RT_FLIGHT" Name="Microsoft Flighting Root 2014 RT EKU">
135 |       <CertRoot Type="Wellknown" Value="0E" />
136 |       <CertEKU ID="ID_EKU_RT_EXT" />
137 |     </Signer>
138 |     <Signer ID="ID_SIGNER_RT_STANDARD" Name="Microsoft Standard Root 2001 RT EUK">
139 |       <CertRoot Type="Wellknown" Value="07" />
140 |       <CertEKU ID="ID_EKU_RT_EXT" />
141 |     </Signer>
142 |     <Signer ID="ID_SIGNER_TEST2010" Name="MincryptKnownRootMicrosoftTestRoot2010">
143 |       <CertRoot Type="Wellknown" Value="0A" />
144 |     </Signer>
145 |     <Signer ID="ID_SIGNER_TEST2010_USER" Name="MincryptKnownRootMicrosoftTestRoot2010">
146 |       <CertRoot Type="Wellknown" Value="0A" />
147 |     </Signer>
148 |     <Signer ID="ID_SIGNER_DRM" Name="MincryptKnownRootMicrosoftDMDRoot2005">
149 |       <CertRoot Type="Wellknown" Value="0C" />
150 |     </Signer>
151 |     <Signer ID="ID_SIGNER_DCODEGEN" Name="MincryptKnownRootMicrosoftProductRoot2010">
152 |       <CertRoot Type="Wellknown" Value="06" />
153 |       <CertEKU ID="ID_EKU_DCODEGEN" />
154 |     </Signer>
155 |     <Signer ID="ID_SIGNER_AM" Name="MincryptKnownRootMicrosoftStandardRoot2011">
156 |       <CertRoot Type="Wellknown" Value="07" />
157 |       <CertEKU ID="ID_EKU_AM" />
158 |     </Signer>
159 |   </Signers>
160 |   <SigningScenarios>
161 |     <!--Kernel Mode Signing Scenario-->
162 |     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_KMCI" FriendlyName="Kernel Mode Signing Scenario">
163 |       <ProductSigners>
164 |         <AllowedSigners>
165 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION" />
166 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION" />
167 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION" />
168 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2" />
169 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1" />
170 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5" />
171 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT" />
172 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT" />
173 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT" />
174 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2" />
175 |           <!-- Test signer is trusted by ConfigCI, however, it will not be trusted by CI unless testsigning BCD is set -->
176 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010" />
177 |         </AllowedSigners>
178 |       </ProductSigners>
179 |     </SigningScenario>
180 |     <!--User Mode Signing Scenario-->
181 |     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_UMCI" FriendlyName="User Mode Signing Scenario">
182 |       <ProductSigners>
183 |         <AllowedSigners>
184 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION_USER" />
185 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION_USER" />
186 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION_USER" />
187 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2_USER" />
188 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1_USER" />
189 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5_USER" />
190 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER" />
191 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT_USER" />
192 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT_USER" />
193 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2_USER" />
194 |           <AllowedSigner SignerId="ID_SIGNER_STORE" />
195 |           <AllowedSigner SignerId="ID_SIGNER_RT_PRODUCTION" />
196 |           <AllowedSigner SignerId="ID_SIGNER_DRM" />
197 |           <AllowedSigner SignerId="ID_SIGNER_DCODEGEN" />
198 |           <AllowedSigner SignerId="ID_SIGNER_AM" />
199 |           <AllowedSigner SignerId="ID_SIGNER_RT_FLIGHT" />
200 |           <AllowedSigner SignerId="ID_SIGNER_RT_STANDARD" />
201 |           <!-- Test signer is trusted by ConfigCI, however, it will not be trusted by CI unless testsigning BCD is set -->
202 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010_USER" />
203 |         </AllowedSigners>
204 |       </ProductSigners>
205 |     </SigningScenario>
206 |   </SigningScenarios>
207 |   <UpdatePolicySigners>
208 |   </UpdatePolicySigners>
209 |   <!-- 
210 | 
211 |     CiSigners are signers that ConfigCI asks CI to trust for all builds, include 
212 |     retail builds.
213 |     
214 |     Normally CiSigners is empty or only includes production signers. For enterprise
215 |     ConfigCI policy, you may need to include enterprise signers. Just make sure it
216 |     is understood that CiSigners will be trusted by CI for all builds.
217 | 
218 | -->
219 |   <CiSigners>
220 |     <!--
221 |       Currently Centennial Apps are launched as Win32 Apps and signed by store certificate.
222 |       We need to allow enterprise signing scenario to trust store certificate.
223 |     -->
224 |     <CiSigner SignerId="ID_SIGNER_STORE" />
225 |   </CiSigners>
226 |   <HvciOptions>0</HvciOptions>
227 |   <Settings>
228 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
229 |       <Value>
230 |         <String>DefaultWindowsAudit</String>
231 |       </Value>
232 |     </Setting>
233 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
234 |       <Value>
235 |         <String>031017</String>
236 |       </Value>
237 |     </Setting>
238 |   </Settings>
239 | </SiPolicy>


--------------------------------------------------------------------------------
/MISG/README.md:
--------------------------------------------------------------------------------
 1 | # Windows Defender Application Control + Microsoft Intelligent Security Graph App Reputation
 2 | 
 3 | In the Windows 10 1709 release Microsoft introduced a new feature to the newly-renamed Windows Defender Application Control: the ability to allow any applications to run that have obtained positive application reputation in Microsoft's Intelligent Security Graph cloud service.  In theory, WDAC (which now comprises most, but not all, of the functionality that used to fall under the label "Device Guard" pre-1709) when integrated with MISG could hold the potential to make adoption of application whitelisting much less painful for organizations and individuals by allowing commonly used Windows programs from reputable publishers to run without it being necessary to have specific, per-application or per-publisher rules for them specifically set out in a whitelisting policy. (MISG also helps power capabilities in Windows SmartScreen, Windows Defender AV, and Windows Defender ATP.) This collection of sample policies, related files, and assorted notes is the result of my somewhat newb-ish efforts to look at how well that promise is translating into practice so far.  
 4 | 
 5 | Currently, the policies hosted here are:
 6 | 
 7 | -A baseline WDAC policy, in audit and enforced versions, that authorizes the components of Windows and enables MISG authorization for other programs. (Note: The particular WDAC options that are and are not included in this policy result from efforts to mitigate issues that I found during my testing. I'll post here a detailed explanation of what options I put in/left out and why shortly.)   
 8 | 
 9 | -That baseline policy merged with Microsoft's recommended process and script blocklist ( https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules ), in audit and enforced versions.
10 | 
11 | I will be adding more polices and extending the documentation of what I've seen in my testing in the days/weeks/months to come. I more than welcome you to post any suggestions and especially your notes about aspects of the policies that are causing problems in your environment/s on the Issues page, and will try to respond to them in a timely manner.
12 | 
13 | **IMPORTANT SECURITY NOTE #1:** Although it's not in any written documentation [at least as of 11/05/2018], according to a presentation given by Microsoft's Jeffery Sutherland at the Ignite 2018 conference on this topic ( video here: https://myignite.techcommunity.microsoft.com/sessions/64537#ignite-html-anchor ), an intentional "bypass" to MISG app reputation checking with WDAC exists in Windows 10. In short, where a user attempts to run a program from the Internet that lacks established reputation and gets a warning from the SmartScreen feature in Windows about that fact, if the user then chooses to click through that SmartScreen warning WDAC will--in theory--also allow that program to run. I say "in theory" because in my own testing thus far whether or not that actually happens has been somewhat unpredictable, with MISG enforcement being circumvented on some occasions but not others, and sometimes with no obvious reasons for the different behavior. That said, there's a pretty good chance that if you're implementing a WDAC with MISG policy in enforced mode you probably don't *want* a user's actions to easily render your policy protections moot. And my testing does confirm that even a standard user can trigger this “bypass”.
14 | 
15 | Fortunately, stopping this seems as straightforward as setting the SmartScreen action setting for unknown applications from "warn" to "block". This can easily be done in the Windows Security Center UI locally, through group policy, and through other mechanisms. 
16 | 
17 | **IMPORTANT SECURITY NOTE #2:**
18 | The sample policies contained here are unsigned (and not backed by the Virtualization-Based Security protection that is available in Windows 10 if you meet the hardware requirements for it).  This is a practical necessity here: If I signed these policies myself and set the policy options to require any new policies bear that same signature, it would become substantially more of a burden--though hardly impossible, assuming you can access a UEFI menu-- to deactivate or replace one of them on your own equipment when you wished to do so.  But the fact they are unsigned is a double-edged sword. On the one hand, it is much easier to try out and then delete or replace a policy if it causes a problem, whether temporarily (see the “Concluding Implementation Advice” section below) or permanently. Microsoft has posted fairly straightforward instructions for doing so  ( https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies ), but they essentially boil down to taking the SIPolicy.p7b file out of your CodeIntegrity folder and, if necessary, [EFI System Partition]\Microsoft\Boot folder and rebooting. On the other hand, this also means that a knowledgeable attacker who can gain administrative rights can do the same thing.  As is true with pretty much all other application control/whitelisting regimes available (AppLocker, Carbon Black, etc.) besides WDAC/Device Guard, of course.
19 | 
20 | In my own opinion, a reasonable course if you’re interested in the capabilities of WDAC/Device Guard to combat attackers who are able to gain admin rights is to first extensively test and then deploy unsigned WDAC policies, refine them and work out all significant compatibility issues that are apparent, and then deploy signed policies and configure VBS (on machines that support it). But if you’re inclined to take a more aggressive approach, there is as mentioned, a procedure that allows a locally-present user to disarm even a signed policy. (See the same link.) But I wouldn’t particularly recommend that, at least for organizations. 
21 | 
22 | ______________________________________________________________________________
23 | **Fair Warning**
24 | 
25 | Do not initially deploy "enforced" versions of even the unsigned sample/starter policies here to machines that you would be really disturbed to see not boot properly, be unable to run critical applications properly, etc. Even if you do first deploy the audit version of the policy on a machine and nothing vital shows up in the Windows CodeIntegrity event log as being problematic. Simply put, the CodeIntegrity log does not catch every issue that may render a machine unbootable. Moreover, complex applications can have a ton of components that can trip CodeIntegrity rules if they aren’t all registered and authorized correctly by MISG. **Test the enforced policies here on machines you use for TESTING things.** This is not one of those occasions where "Screw it. Let's just push this straight to production." is taking risks you probably want to take, at least if "production" is really important.
26 |   
27 | ( If you do have boot issues, Matt Graeber has written a post that contains info that has been extremely helpful, at least for me, in troubleshooting them: https://posts.specterops.io/adventures-in-extremely-strict-device-guard-policy-configuration-part-1-device-drivers-fd1a281b35a8 )  
28 | 
29 | ____________________________________________________________________________
30 | **Instructions for Getting Up and Running with the MISG Policies Here**
31 | 
32 | I've formulated and tested the following procedure with the aim of getting a common set of steps that will work across Windows 10 Enterprise, Windows 10 Pro, and, yes, Windows 10 Home. The procedure is a little clumsy, but (at least in my testing) it reliably works across the versions:
33 | 
34 | 
35 | **1.** Download the SIPolicy.p7b file for the policy you want to test and copy it into your C:/Windows/System32/CodeIntegrity directory. (If you use a different drive letter for your OS drive, obviously substitute that.)
36 | 
37 | **2.** Open an elevated command or Powershell prompt and run the following commands:
38 | 
39 |       sc.exe start appidsvc
40 |       
41 |       sc.exe config appidsvc start= auto
42 |       
43 |       appidtel.exe start
44 |       
45 | Respectively, these commands make sure the Application Identity Service--which is needed to interface with the MISG reputation service-- is started on the machine, set that service to start at boot from now on, and immediately start the appidtel executable. This isn't Microsoft's procedure for enabling MISG functionality, but I've had some issues with Microsoft's simpler version--basically, just run appidtel.exe--not working properly on Pro and Home.
46 | 
47 | **3.** Reboot. Despite what MS says, in my experience a reboot is often necessary for WDAC + MISG to work properly, especially on non-Enterprise versions of Windows. Even if you have the "Enabled:Update Policy No Reboot" option in place, as these policies do.  Note: This reboot may take substantially longer than a normal one if you have a driver issue that trips the "Enabled:Boot Audit on Failure" option. **I highly recommend you keep the Enabled:Boot Audit on Failure option in place, at least for initial testing of an enforced policy.** Better a device that boots slowly than not at all.   
48 | 
49 | **4.** If you're in audit mode, use your device normally and, at some point, begin to look for issues with legitimate software getting flagged as "unauthorized" in your CodeIntegrity log, as well as .msi and scripts flagged in the AppLocker log. (Which will get put there even if you don’t use AppLocker as such.) If you're in enforced mode, see if your machine boots (Note: I've selected options for these policies to try to minimize boot-stopping issues, and I think most PCs should start correctly, if sometimes a tad slowly, rather than failing to boot if there are issues. But no guarantees.), and then ascertain whether your PC is properly accessing the MISG service and approving known-good non-Windows applications.  The easiest way to do that is to just open something you already have installed that absolutely should be common enough to be approved--like Google Chrome--and see whether WDAC blocks it.
50 | 
51 | **5.** Determine how suitable WDAC + MISG is for your needs by testing applications and drivers you need to have in your environment. Keep in mind that expecting perfection--meaning you would need to expend no effort whatsoever to tailor a baseline WDAC policy to your needs thanks to MISG auto-authorization of all desired programs--will often be unrealistic. Also consider how much you care about the inherent increase in exposure to "living off the land"/LoLbin bypass techniques that relying on something like MISG authorization brings vs. only using specific rules. (The counter-consideration, of course, is that use of MISG may make deploying application control feasible for you where it otherwise wouldn't be.)  
52 | ____________________________________________________________________________
53 | **Troubleshooting**
54 | 
55 | -If your device has trouble booting, access your advanced boot options menu (or a recovery menu), open a command prompt, and delete the SIPolicy.p7b file. Since signature enforcement for the policy isn't turned on, rebooting the machine will return it to normal. Then take a look at the CodeIntegrity log and the other logging info Matt Graeber discusses in the link mentioned above.  
56 | 
57 | 
58 | -If programs that you know *must* have positive MISG reputation are still being blocked by WDAC, and you have go Internet connectivity, there’s a good chance that your device's AppID components aren't configured as they need to be. One trick that resolved this problem once or twice for me (but often doesn't seem to be necessary): create a scheduled task to actually run appidtel.exe at startup, every time. Otherwise, make sure the Appidsvc service is running by looking at Task Manager or the Services control panel, and beyond that... well, Google and MS tech forums are your friends for diagnosing AppID component problems.   
59 | 
60 | -In some cases, the primary executable for a program will be authorized by MISG but something will still go wrong when it runs, causing a crash, broken functionality, error messages, etc. Presumably ,as I mentioned, this is due to components of the program not being authorized even though the primary executable is. Not much you can do with these situations if you need the application to work, except go through one of the WDAC policy processes that will result in creating specific rules for the program. Note: The error messages popped by a malfunctioning program due to this may be somewhat misleading about the cause. For example, the current universal Windows Firefox installer [tested as of 10/05/2018] is authorized by MISG but fails with an error about how Firefox requires Windows 7 or higher.       
61 | 
62 | ____________________________________________________________________________
63 | **Resources**
64 | 
65 | -Microsoft's official guidance on WDAC isn't always complete (despite its length) and isn't always clear.  But, at the least, the section called the "Windows Defender Application Control deployment guide" is essential reading if you're going to do any work with WDAC. Really, though, that stuff makes much more sense and is placed in context by the "design guide" that comes before it and describes (among other significant things) how WDAC policies work. Worth at least skimming the whole thing, really: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
66 | 
67 | -Among outside researchers, Matt Graeber (as mentioned) has done a ton of indispensable work on Device Guard/WDAC. You won't go wrong reading any or all of it. This item contains links to the bulk of his highly useful research on the topic (while also highlighting some of WDAC's shortcomings): http://www.exploit-monday.com/2018/06/device-guard-and-application.html
68 | 
69 | ____________________________________________________________________________
70 | **Concluding Implementation Advice**
71 | 
72 | -Thus far in my testing, WDAC with MISG integration has worked considerably better in my testing as a as a “lockdown” mechanism versus starting with a fresh OS installation and adding software. By that I mean that I have found it better to install the software you need on a machine and then enforce a WDAC + MISG policy, rather than putting an enforced policy in place first and then trying to download and install the software you need. Ideally, this wouldn’t be the case; certainly it would be preferable to start with a policy in place and be able to leave it in place. And I’m sure Microsoft is working toward that end. However, for the present--and, again, in my experience--MISG app reputation authorization seems far better at allowing already installed software to run than it is with allowing installers to run and complete their work successfully.
73 | 
74 | -If you have problems installing software that you know must have positive app reputation, using a direct download, full-size traditional installer version instead of a modern “skinny installer” that downloads components from the web can often help, I’ve found. But not always. [See my 11/01/2018 note on Adobe Reader below.]  
75 | 
76 | -It is fortunate that if you’re locally administering a machine and using an unsigned, enforced WDAC policy it is generally quite feasible to occasionally disable an the policy, install the software you need, and reenable that policy. Reboots may be required, but otherwise things aren’t too painful. On a standalone machine. However, trying to manage that at deployment scale in an organization, using Group Policy, Intune, scripts, or whatever, is likely to be a different ballgame.  Another good reason to ensure that you go through a good testing process for all changes to enforced policies on representative test machines before deployment if you’re in an organization that, well, really cares about things working. 
77 | 
78 | ____________________________________________________________________________
79 | **What Are Some Common Applications that Have Problems with WDAC + MISG?  (As of the Date Specified)**
80 | 
81 | For the reader's information, these are some significant issues that I've encountered in my test environment/s. I make no absolute guarantee that they would be replicated in yours. But, at least, they're things to watch out for.
82 | 
83 | - Firefox Windows common installer: runs but fails to install successfully. (10/05/2018)
84 | (Note: Firefox browser itself works fine, though. As does the setup extractor for the Firefox Portable version.)
85 | - Opera browser installer: runs but fails to install properly. (The installed browser sort-of works, though with errors.) (10/05/2018)
86 | - VirtualBox (WDAC + MISG still hates, hates, hates VirtualBox. If you have it installed be prepared to deal with tons of error messages about VB components in the CodeIntegrity & AppLocker logs until you create specific rule/s to allow them.) (10/05/2018)
87 | - Adobe Reader’s “skinny installer” and directly downloaded full-size installers run but do not successfully complete installation. (11/01/2018)
88 | - Humorously, the process that hosts the Windows Event Viewer, mmc.exe, tries to load unauthorized components every time Event Viewer is opened. These being blocked does not seem to actually impact Event Viewer/MMC functionality, at least as far as I have seen. But it will be one of a number of sources of unauthorized loading attempts by stock Windows components that will clutter up your logs. (11/05/2018) 
89 | 
90 |  
91 | 
92 | 


--------------------------------------------------------------------------------
/MISG/BPwithMSblockrules-Enforced/MISGbasewithmsblocks-v1-enforced.xml:
--------------------------------------------------------------------------------
   1 | <?xml version="1.0" encoding="utf-8"?>
   2 | <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
   3 |   <VersionEx>10.0.0.0</VersionEx>
   4 |   <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
   5 |   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   6 |   <Rules>
   7 |     <Rule>
   8 |       <Option>Enabled:Unsigned System Integrity Policy</Option>
   9 |     </Rule>
  10 |     <Rule>
  11 |       <Option>Enabled:Advanced Boot Options Menu</Option>
  12 |     </Rule>
  13 |     <Rule>
  14 |       <Option>Enabled:UMCI</Option>
  15 |     </Rule>
  16 |     <Rule>
  17 |       <Option>Enabled:Intelligent Security Graph Authorization</Option>
  18 |     </Rule>
  19 |     <Rule>
  20 |       <Option>Enabled:Inherit Default Policy</Option>
  21 |     </Rule>
  22 |     <Rule>
  23 |       <Option>Enabled:Update Policy No Reboot</Option>
  24 |     </Rule>
  25 |     <Rule>
  26 |       <Option>Enabled:Boot Audit On Failure</Option>
  27 |     </Rule>
  28 |   </Rules>
  29 |   <!--EKUS-->
  30 |   <EKUs>
  31 |     <EKU ID="ID_EKU_WINDOWS" Value="010A2B0601040182370A0306" FriendlyName="" />
  32 |     <EKU ID="ID_EKU_ELAM" Value="010A2B0601040182373D0401" FriendlyName="" />
  33 |     <EKU ID="ID_EKU_HAL_EXT" Value="010a2b0601040182373d0501" FriendlyName="" />
  34 |     <EKU ID="ID_EKU_WHQL" Value="010A2B0601040182370A0305" FriendlyName="" />
  35 |     <EKU ID="ID_EKU_STORE" Value="010a2b0601040182374c0301" FriendlyName="Windows Store EKU - 1.3.6.1.4.1.311.76.3.1 Windows Store" />
  36 |     <EKU ID="ID_EKU_RT_EXT" Value="010a2b0601040182370a0315" FriendlyName="" />
  37 |     <EKU ID="ID_EKU_DCODEGEN" Value="010A2B0601040182374C0501" FriendlyName="Dynamic Code Generation EKU - 1.3.6.1.4.1.311.76.5.1" />
  38 |     <EKU ID="ID_EKU_AM" Value="010a2b0601040182374c0b01" FriendlyName="AntiMalware EKU -1.3.6.1.4.1.311.76.11.1 " />
  39 |   </EKUs>
  40 |   <!--File Rules-->
  41 |   <FileRules>
  42 |     <Deny ID="ID_DENY_KD_KMCI_1" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  43 |     <Deny ID="ID_DENY_BGINFO_1" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0" />
  44 |     <Deny ID="ID_DENY_CBD_1" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  45 |     <Deny ID="ID_DENY_KD_1" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  46 |     <Deny ID="ID_DENY_NTKD_1" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  47 |     <Deny ID="ID_DENY_WINDBG_1" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  48 |     <Deny ID="ID_DENY_MSBUILD_1" FriendlyName="MSBuild.exe" FileName="MSBuild.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  49 |     <Deny ID="ID_DENY_CSI_1" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  50 |     <Deny ID="ID_DENY_DBGHOST_1" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0" />
  51 |     <Deny ID="ID_DENY_DBGSVC_1" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0" />
  52 |     <Deny ID="ID_DENY_DNX_1" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  53 |     <Deny ID="ID_DENY_RCSI_1" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  54 |     <Deny ID="ID_DENY_NTSD_1" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion="65535.65535.65535.65535" />
  55 |     <Deny ID="ID_DENY_LXSS_1" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion="65535.65535.65535.65535" />
  56 |     <Deny ID="ID_DENY_BASH_1" FriendlyName="bash.exe" FileName="bash.exe" MinimumFileVersion="65535.65535.65535.65535" />
  57 |     <Deny ID="ID_DENY_FSI_1" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="65535.65535.65535.65535" />
  58 |     <Deny ID="ID_DENY_FSI_ANYCPU_1" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="65535.65535.65535.65535" />
  59 |     <Deny ID="ID_DENY_MSHTA_1" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="65535.65535.65535.65535" />
  60 |     <Deny ID="ID_DENY_VISUALUIAVERIFY_1" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.exe" MinimumFileVersion="65535.65535.65535.65535" />
  61 |     <Deny ID="ID_DENY_RUNSCRIPTHELPER_1" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
  62 |     <Deny ID="ID_DENY_ADDINPROCESS_1" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="65535.65535.65535.65535" />
  63 |     <Deny ID="ID_DENY_ADDINPROCESS32_1" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="65535.65535.65535.65535" />
  64 |     <Deny ID="ID_DENY_ADDINUTIL_1" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="65535.65535.65535.65535" />
  65 |     <Deny ID="ID_DENY_WSL_1" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535" />
  66 |     <Deny ID="ID_DENY_WSLCONFIG_1" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535" />
  67 |     <Deny ID="ID_DENY_WSLHOST_1" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535" />
  68 |     <Deny ID="ID_DENY_INFINSTALL_1" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="65535.65535.65535.65535" />
  69 |     <Deny ID="ID_DENY_LXRUN_1" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="65535.65535.65535.65535" />
  70 |     <Deny ID="ID_DENY_PWRSHLCUSTOMHOST_1" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.exe" MinimumFileVersion="65535.65535.65535.65535" />
  71 |     <Deny ID="ID_DENY_TEXTTRANSFORM_1" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="65535.65535.65535.65535" />
  72 |     <Deny ID="ID_DENY_KILL_1" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="65535.65535.65535.65535" />
  73 |     <Deny ID="ID_DENY_WMIC_1" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535" />
  74 |     <Deny ID="ID_DENY_MWFC_1" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" />
  75 |     <Deny ID="ID_DENY_WFC_1" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />
  76 |     <Deny ID="ID_DENY_D_1_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
  77 |     <Deny ID="ID_DENY_D_2_1" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
  78 |     <Deny ID="ID_DENY_D_3_1" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40" />
  79 |     <Deny ID="ID_DENY_D_4_1" FriendlyName="Powershell 4" Hash="29DF1D593D0D7AB365F02645E7EF4BCCA060763A" />
  80 |     <Deny ID="ID_DENY_D_5_1" FriendlyName="Powershell 5" Hash="2E3C47BBE1BA99842EE187F756CA616EFED61B94" />
  81 |     <Deny ID="ID_DENY_D_6_1" FriendlyName="Powershell 6" Hash="38DC1956313B160696A172074C6F5DA9852BF508F55AFB7FA079B98F2849AFB5" />
  82 |     <Deny ID="ID_DENY_D_7_1" FriendlyName="Powershell 7" Hash="513B625EA507ED9CE83E2FB2ED4F3D586C2AA379" />
  83 |     <Deny ID="ID_DENY_D_8_1" FriendlyName="Powershell 8" Hash="71FC552E66327EDAA72D72C362846BD80CB65EECFAE95C4D790C9A2330D95EE6" />
  84 |     <Deny ID="ID_DENY_D_9_1" FriendlyName="Powershell 9" Hash="72E4EC687CFE357F3E681A7500B6FF009717A2E9538956908D3B52B9C865C189" />
  85 |     <Deny ID="ID_DENY_D_10_1" FriendlyName="Powershell 10" Hash="74E207F539C4EAC648A5507EB158AEE9F6EA401E51808E83E73709CFA0820FDD" />
  86 |     <Deny ID="ID_DENY_D_11_1" FriendlyName="Powershell 11" Hash="75288A0CF0806A68D8DA721538E64038D755BBE74B52F4B63FEE5049AE868AC0" />
  87 |     <Deny ID="ID_DENY_D_12_1" FriendlyName="Powershell 12" Hash="7DB3AD53985C455990DD9847DE15BDB271E0C8D1" />
  88 |     <Deny ID="ID_DENY_D_13_1" FriendlyName="Powershell 13" Hash="84BB081141DA50B3839CD275FF34854F53AECB96CA9AEB8BCD24355C33C1E73E" />
  89 |     <Deny ID="ID_DENY_D_14_1" FriendlyName="Powershell 14" Hash="86DADE56A1DBAB6DDC2769839F89244693D319C6" />
  90 |     <Deny ID="ID_DENY_D_15_1" FriendlyName="Powershell 15" Hash="BD3139CE7553AC7003C96304F08EAEC2CDB2CC6A869D36D6F1E478DA02D3AA16" />
  91 |     <Deny ID="ID_DENY_D_16_1" FriendlyName="Powershell 16" Hash="BE3FFE10CDE8B62C3E8FD4D8198F272B6BD15364A33362BB07A0AFF6731DABA1" />
  92 |     <Deny ID="ID_DENY_D_17_1" FriendlyName="Powershell 17" Hash="C1196433541B87D22CE2DD19AAAF133C9C13037A" />
  93 |     <Deny ID="ID_DENY_D_18_1" FriendlyName="Powershell 18" Hash="C6C073A80A8E76DC13E724B5E66FE4035A19CCA0C1AF3FABBC18E5185D1B66CB" />
  94 |     <Deny ID="ID_DENY_D_19_1" FriendlyName="Powershell 19" Hash="CE5EA2D29F9DD3F15CF3682564B0E765ED3A8FE1" />
  95 |     <Deny ID="ID_DENY_D_20_1" FriendlyName="Powershell 20" Hash="D027E09D9D9828A87701288EFC91D240C0DEC2C3" />
  96 |     <Deny ID="ID_DENY_D_21_1" FriendlyName="Powershell 21" Hash="D2CFC8F6729E510AE5BA9BECCF37E0B49DDF5E31" />
  97 |     <Deny ID="ID_DENY_D_22_1" FriendlyName="Powershell 22" Hash="DED853481A176999723413685A79B36DD0F120F9" />
  98 |     <Deny ID="ID_DENY_D_23_1" FriendlyName="Powershell 23" Hash="DFCD10EAA2A22884E0A41C4D9E6E8DA265321870" />
  99 |     <Deny ID="ID_DENY_D_24_1" FriendlyName="Powershell 24" Hash="F16E605B55774CDFFDB0EB99FAFF43A40622ED2AB1C011D1195878F4B20030BC" />
 100 |     <Deny ID="ID_DENY_D_25_1" FriendlyName="Powershell 25" Hash="F29A958287788A6EEDE6035D49EF5CB85EEC40D214FDDE5A0C6CAA65AFC00EEC" />
 101 |     <Deny ID="ID_DENY_D_26_1" FriendlyName="Powershell 26" Hash="F875E43E12685ECE0BA2D42D55A13798CE9F1FFDE3CAE253D2529F4304811A52" />
 102 |     <Deny ID="ID_DENY_D_27_1" FriendlyName="PowerShell 27" Hash="720D826A84284E18E0003526A0CD9B7FF0C4A98A" />
 103 |     <Deny ID="ID_DENY_D_28_1" FriendlyName="PowerShell 28" Hash="CB5DF9D0D25571948C3D257882E07C7FA5E768448E0DEBF637E110F9FF575808" />
 104 |     <Deny ID="ID_DENY_D_29_1" FriendlyName="PowerShell 29" Hash="3C7265C3393C585D32E509B2D2EC048C73AC5EE6" />
 105 |     <Deny ID="ID_DENY_D_30_1" FriendlyName="PowerShell 30" Hash="7F1E03E956CA38CC0C491CB958D6E61A52491269CDB363BC488B525F80C56424" />
 106 |     <Deny ID="ID_DENY_D_31_1" FriendlyName="PowerShell 31" Hash="27D86C9B54E1A97399A6DC9C9DF9AE030CB734C8" />
 107 |     <Deny ID="ID_DENY_D_32_1" FriendlyName="PowerShell 32" Hash="917BD10E82C6E932F9C63B9BDCCC1D9BF04510CD8491B005CFFD273B48B5CD1E" />
 108 |     <Deny ID="ID_DENY_D_33_1" FriendlyName="PowerShell 33" Hash="B3BB2D75AECB34ED316CE54C6D513420186E4950" />
 109 |     <Deny ID="ID_DENY_D_34_1" FriendlyName="PowerShell 34" Hash="B734F6269A6738861E1DF98EE0E4E7377FAED10B82AAA9731DA0BB1CB366FCCE" />
 110 |     <Deny ID="ID_DENY_D_35_1" FriendlyName="PowerShell 35" Hash="FF378B465F2C8A87B4092F7C1F96399C0156CEEB" />
 111 |     <Deny ID="ID_DENY_D_36_1" FriendlyName="PowerShell 36" Hash="9B884CFE78F921042B003574AE30D9E86EE3DCC11E7110A1C92927F13C3F47E6" />
 112 |     <Deny ID="ID_DENY_D_37_1" FriendlyName="PowerShell 37" Hash="C7B99E8B59182112A3A14BD39880BDCDDD5C724F" />
 113 |     <Deny ID="ID_DENY_D_38_1" FriendlyName="PowerShell 38" Hash="6E585890C7369D6D8DA85C8B6B7411463BAA1ACAE9CE4197E033A46C897B35E5" />
 114 |     <Deny ID="ID_DENY_D_39_1" FriendlyName="PowerShell 39" Hash="BA4B3A92123FBCE66398020AFBCC0BCA1D1AAAD7" />
 115 |     <Deny ID="ID_DENY_D_40_1" FriendlyName="PowerShell 40" Hash="D8D361E3690676C7FDC483003BFC5C0C39FB16B42DFC881FB8D42A1064740B0B" />
 116 |     <Deny ID="ID_DENY_D_41_1" FriendlyName="PowerShell 41" Hash="1EA5104AE1A7A53F9421E0193B749F310B9261D1" />
 117 |     <Deny ID="ID_DENY_D_42_1" FriendlyName="PowerShell 42" Hash="66C1B8569019512ACDDC145DA6D348A68DE008BE7C05930AD0EC6927C26061AD" />
 118 |     <Deny ID="ID_DENY_D_43_1" FriendlyName="PowerShell 43" Hash="4EB2C3A4B551FC028E00F2E7DA9D0F1E38728571" />
 119 |     <Deny ID="ID_DENY_D_44_1" FriendlyName="PowerShell 44" Hash="30EAC589069FB79D540080B04B7FDBB8A9B1DF4E96B9D7C98519E49A1ED56851" />
 120 |     <Deny ID="ID_DENY_D_45_1" FriendlyName="PowerShell 45" Hash="E55505B609DD7A22F55C4BA9EDAD5627ECA6A8E8" />
 121 |     <Deny ID="ID_DENY_D_46_1" FriendlyName="PowerShell 46" Hash="ABDDA9C1EDA9F2344FB5B79890B7FD854D0E3D28BEC26AE33AAD196948AB642D" />
 122 |     <Deny ID="ID_DENY_D_47_1" FriendlyName="PowerShell 47" Hash="A15964475D213FB752B42E7DCDDBF4B14D623D14" />
 123 |     <Deny ID="ID_DENY_D_48_1" FriendlyName="PowerShell 48" Hash="61A68B436D828193E0C7B44D2AF83D22A9CB557B90186E4E6AC998CE5E3BFE8A" />
 124 |     <Deny ID="ID_DENY_D_49_1" FriendlyName="PowerShell 49" Hash="DB0C4B5CA1CBC3B117AB0439C5937B6A263DFD87" />
 125 |     <Deny ID="ID_DENY_D_50_1" FriendlyName="PowerShell 50" Hash="6D4FB385328CA01700092E1CDF75A97123A95120D5F8A9877FFB4D5A8531380B" />
 126 |     <Deny ID="ID_DENY_D_51_1" FriendlyName="PowerShell 51" Hash="72F9DCDA6ECDD6906A2538DFE795A2E2CA787BBC" />
 127 |     <Deny ID="ID_DENY_D_52_1" FriendlyName="PowerShell 52" Hash="F98FEC4A0306BD398F7FB7F611679B7797D32D54D1F2B35D728C0C7A058153ED" />
 128 |     <Deny ID="ID_DENY_D_53_1" FriendlyName="PowerShell 53" Hash="C980B65B86F780AC93B9458E9657291083CFEDA8" />
 129 |     <Deny ID="ID_DENY_D_54_1" FriendlyName="PowerShell 54" Hash="F9473493FF53274B8E75EC7E517F324AA0C5644C6F8045D3EF3A1B9A669ECF78" />
 130 |     <Deny ID="ID_DENY_D_55_1" FriendlyName="PowerShell 55" Hash="C30355B5E6FA3F793A3CC0A649945829723DD85C" />
 131 |     <Deny ID="ID_DENY_D_56_1" FriendlyName="PowerShell 56" Hash="4EB14099165177F0F3A1FACE32E72CF2DD221DB44155E73AFF94CB7DA195EF22" />
 132 |     <Deny ID="ID_DENY_D_57_1" FriendlyName="PowerShell 57" Hash="5C6CC1903D3DA2054ECD9A295EEE26F5561E152A" />
 133 |     <Deny ID="ID_DENY_D_58_1" FriendlyName="PowerShell 58" Hash="0BF8CAB75DAB712FC848DE7CC7DC5C8A10D666515E7535F89146F45AAAF9EF54" />
 134 |     <Deny ID="ID_DENY_D_59_1" FriendlyName="PowerShell 59" Hash="1443E8F56DEE11EEF5B746E3657C2F953FD4F6EA" />
 135 |     <Deny ID="ID_DENY_D_60_1" FriendlyName="PowerShell 60" Hash="487CB42795046E885303FC96EA54C3234E1B2072DAEB4F9218C21CC6C39A3223" />
 136 |     <Deny ID="ID_DENY_D_61_1" FriendlyName="PowerShell 61" Hash="072D4E33D1478C863DBAB20BF5DFF1A0FB5A9D53" />
 137 |     <Deny ID="ID_DENY_D_62_1" FriendlyName="PowerShell 62" Hash="631E091AE7AD2C543EE5755BC9D8DB34683C41E20D9A6CD41C8F07827156D6DB" />
 138 |     <Deny ID="ID_DENY_D_63_1" FriendlyName="PowerShell 63" Hash="FD15A313B890369B7D8E26C13B2070AE044FB4D8" />
 139 |     <Deny ID="ID_DENY_D_64_1" FriendlyName="PowerShell 64" Hash="AB9886A0993F87C2A39BC7822EE44FD4B4751C530ACF292ACD0319C967FB4F3B" />
 140 |     <Deny ID="ID_DENY_D_65_1" FriendlyName="PowerShell 65" Hash="4BAFD867B59328E7BB853148FE6D16B9411D7A12" />
 141 |     <Deny ID="ID_DENY_D_66_1" FriendlyName="PowerShell 66" Hash="D1F22B37902C2DD53FA27438436D9D236A196C10C8E492A8F4A14768644592D3" />
 142 |     <Deny ID="ID_DENY_D_67_1" FriendlyName="PowerShell 67" Hash="AC53AE4C8AB56D84393D67D820BEBDC3218739D3" />
 143 |     <Deny ID="ID_DENY_D_68_1" FriendlyName="PowerShell 68" Hash="49580C9459C3917E6F982C8E0D753D293DFA2E4FD1152F78FF7C73CF8B422507" />
 144 |     <Deny ID="ID_DENY_D_69_1" FriendlyName="PowerShell 69" Hash="333678A44D4BEBE9BEA3041FFDA9E2B55B58F1B5" />
 145 |     <Deny ID="ID_DENY_D_70_1" FriendlyName="PowerShell 70" Hash="94CBBC3970F01280D98C951BD0C4158D4B09A2BE21B8A27790D9F127B78C6F3F" />
 146 |     <Deny ID="ID_DENY_D_71_1" FriendlyName="PowerShell 71" Hash="5F5620DC049FE1F1C2DBAC077A59BA69CF2FF72C" />
 147 |     <Deny ID="ID_DENY_D_72_1" FriendlyName="PowerShell 72" Hash="A32C0769F36CAE0B6A7A1B8CCB6B7A75AA8BEB7F49815E96B4E120BFD7527E0A" />
 148 |     <Deny ID="ID_DENY_D_73_1" FriendlyName="PowerShell 73" Hash="BDBE541D269EC8235563842D024F9E37883DFB57" />
 149 |     <Deny ID="ID_DENY_D_74_1" FriendlyName="PowerShell 74" Hash="441076C7FD0AD481E6AC3198F08BE80EA9EB2926CA81D733F798D03DBEFD683E" />
 150 |     <Deny ID="ID_DENY_D_75_1" FriendlyName="PowerShell 75" Hash="FD6FE9143A46F4EBB46E6B46332FA7171002EBF0" />
 151 |     <Deny ID="ID_DENY_D_76_1" FriendlyName="PowerShell 76" Hash="85399D84601207AB92C8CA4D7D6E58CB1B0B0B57ED94FA7E5A1191FA1810E223" />
 152 |     <Deny ID="ID_DENY_D_77_1" FriendlyName="PowerShell 77" Hash="98FD94A89DCF92A7BEDB51C72BAD1A67650DD6E5" />
 153 |     <Deny ID="ID_DENY_D_78_1" FriendlyName="PowerShell 78" Hash="5CE4B042E986DAFEB7E2D2ABFB80376C4DEC325DB23B584B76039EEA6E1A74B1" />
 154 |     <Deny ID="ID_DENY_D_79_1" FriendlyName="PowerShell 79" Hash="6BC1E70F0EA84E88AC28BEAF74C10F3ABDF99209" />
 155 |     <Deny ID="ID_DENY_D_80_1" FriendlyName="PowerShell 80" Hash="93CB3907D1A9473E8A90593250C4A95EAE3A7066E9D8A57535CBDF82AA4AD4C2" />
 156 |     <Deny ID="ID_DENY_D_81_1" FriendlyName="PowerShell 81" Hash="7FCE82DBBC0FE45AFBE3927C323349C32D5A463A" />
 157 |     <Deny ID="ID_DENY_D_82_1" FriendlyName="PowerShell 82" Hash="2EDA8CA129E30CB5522C4DCD1E5AFDCA1E9C6447DD7053DACEF18DCDCCF3E2BC" />
 158 |     <Deny ID="ID_DENY_D_83_1" FriendlyName="PowerShell 83" Hash="BDB3DAC80667A0B931835D5D658C08F236B413D1" />
 159 |     <Deny ID="ID_DENY_D_84_1" FriendlyName="PowerShell 84" Hash="51287BACB692AAC5A8659774D982B304DC0C0B4A4D8F41CBCCD47D69796786DE" />
 160 |     <Deny ID="ID_DENY_D_85_1" FriendlyName="PowerShell 85" Hash="9633529CACE25ACCB29EBC5941DE1874903C0297" />
 161 |     <Deny ID="ID_DENY_D_86_1" FriendlyName="PowerShell 86" Hash="483A3997D5DA69A51DC7EA368A36C3CA4A5BD56CB08BFD9912BE799005156C18" />
 162 |     <Deny ID="ID_DENY_D_87_1" FriendlyName="PowerShell 87" Hash="B3493E30A2C347B550331C86529BDC288EAF8186" />
 163 |     <Deny ID="ID_DENY_D_88_1" FriendlyName="PowerShell 88" Hash="9371E2333906441715DE15FEE8A9AA03C4D076CA3C04D9A7AB0CC32189DA66ED" />
 164 |     <Deny ID="ID_DENY_D_89_1" FriendlyName="PowerShell 89" Hash="5D4B0794EB973D61CF74A700F11BE84E527E0E51" />
 165 |     <Deny ID="ID_DENY_D_90_1" FriendlyName="PowerShell 90" Hash="537DE34A1F4B3F8345D02F5BBA2B063F070A42FC1581AAC2AA91C1D071B14521" />
 166 |     <Deny ID="ID_DENY_D_91_1" FriendlyName="PowerShell 91" Hash="F3C75F35F42C1C5B3B4ED888187D6AB4035F994C" />
 167 |     <Deny ID="ID_DENY_D_92_1" FriendlyName="PowerShell 92" Hash="AD5678ED0734281973465DD728281A6C0EA146620FF2106A4EEFC7E94622B92F" />
 168 |     <Deny ID="ID_DENY_D_93_1" FriendlyName="PowerShell 93" Hash="91C0F76798A9679188C7D93FDEBAF797BDBE41B2" />
 169 |     <Deny ID="ID_DENY_D_94_1" FriendlyName="PowerShell 94" Hash="1D9244EAFEDFBFC02E13822E24A476C36FFD362B9D18F6CD195B654A34F946FF" />
 170 |     <Deny ID="ID_DENY_D_95_1" FriendlyName="PowerShell 95" Hash="7FCB424E67DDAC49413B45D7DCD636AD70E23B41" />
 171 |     <Deny ID="ID_DENY_D_96_1" FriendlyName="PowerShell 96" Hash="7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE7C2937BDE1590F90C61753" />
 172 |     <Deny ID="ID_DENY_D_97_1" FriendlyName="PowerShell 97" Hash="A9745E20419EC1C90B23FE965D3C2DF028AF39DC" />
 173 |     <Deny ID="ID_DENY_D_98_1" FriendlyName="PowerShell 98" Hash="71B5B58EAA0C90397BC9546BCCA8C657500499CD2087CD7D7E1753D54C07E71D" />
 174 |     <Deny ID="ID_DENY_D_99_1" FriendlyName="PowerShell 99" Hash="3E5294910C59394DA93962128968E6C23016A028" />
 175 |     <Deny ID="ID_DENY_D_100_1" FriendlyName="PowerShell 100" Hash="DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA40E4F8F95E1C3DC7B84F550" />
 176 |     <Deny ID="ID_DENY_D_101_1" FriendlyName="PowerShell 101" Hash="266896FD257AD8EE9FC73B3A50306A573714EA8A" />
 177 |     <Deny ID="ID_DENY_D_102_1" FriendlyName="PowerShell 102" Hash="8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7B3400CB62F7A7BD028BE9A" />
 178 |     <Deny ID="ID_DENY_D_103_1" FriendlyName="PowerShell 103" Hash="2CB781B3BD79FD277D92332ACA22C04430F9D692" />
 179 |     <Deny ID="ID_DENY_D_104_1" FriendlyName="PowerShell 104" Hash="92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA699FA303C24120A30ED4C9E6" />
 180 |     <Deny ID="ID_DENY_D_105_1" FriendlyName="PowerShell 105" Hash="D82583F7D5EA477C94630AC5AAEB771C85BD4B0A" />
 181 |     <Deny ID="ID_DENY_D_106_1" FriendlyName="PowerShell 106" Hash="9B0F39AB233628A971ACEC53029C9B608CAB99868F1A1C5ABE20BC1BD1C2B70E" />
 182 |     <Deny ID="ID_DENY_D_107_1" FriendlyName="PowerShell 107" Hash="2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8" />
 183 |     <Deny ID="ID_DENY_D_108_1" FriendlyName="PowerShell 108" Hash="015CE571E8503A353E2250D4D0DA19493B3311F3437527E6DDD2D2B6439FA2EB" />
 184 |     <Deny ID="ID_DENY_D_109_1" FriendlyName="PowerShell 109" Hash="080DEC3B15AD5AFE9BF3B0943A36285E92BAF469" />
 185 |     <Deny ID="ID_DENY_D_110_1" FriendlyName="PowerShell 110" Hash="F1391E78F17EA6097906B99C6F4F0AE8DD2E519856F837A3BCC58FBB87DAAE62" />
 186 |     <Deny ID="ID_DENY_D_111_1" FriendlyName="PowerShell 111" Hash="F87C726CCB5E64C6F363C21255935D5FEA9E4A0E" />
 187 |     <Deny ID="ID_DENY_D_112_1" FriendlyName="PowerShell 112" Hash="B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E94764D72A91CE04B89AAA4" />
 188 |     <Deny ID="ID_DENY_D_113_1" FriendlyName="PowerShell 113" Hash="25F52340199A0EA352C8B1A7014BCB610B232523" />
 189 |     <Deny ID="ID_DENY_D_114_1" FriendlyName="PowerShell 114" Hash="64D6D1F3A053908C5635BD6BDA36BC8E72D518C7ECE8DA761C0DDE70C50BB632" />
 190 |     <Deny ID="ID_DENY_D_115_1" FriendlyName="PowerShell 115" Hash="029198F05598109037A0E9E332EC052317E834DA" />
 191 |     <Deny ID="ID_DENY_D_116_1" FriendlyName="PowerShell 116" Hash="70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74F91455EE52809CDAD4E7FC" />
 192 |     <Deny ID="ID_DENY_D_117_1" FriendlyName="PowerShell 117" Hash="A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE" />
 193 |     <Deny ID="ID_DENY_D_118_1" FriendlyName="PowerShell 118" Hash="3246A0CB329B030DA104E04B1A0728DE83724B08C724FD0238CE4578A0245576" />
 194 |     <Deny ID="ID_DENY_D_119_1" FriendlyName="PowerShell 119" Hash="89CEAB6518DA4E7F75B3C75BC04A112D3637B737" />
 195 |     <Deny ID="ID_DENY_D_120_1" FriendlyName="PowerShell 120" Hash="6581E491FBFF954A1A4B9CEA69B63951D67EB56DF871ED8B055193595F042B0D" />
 196 |     <Deny ID="ID_DENY_D_121_1" FriendlyName="PowerShell 121" Hash="00419E981EDC8613E600C939677F7B460855BF7E" />
 197 |     <Deny ID="ID_DENY_D_122_1" FriendlyName="PowerShell 122" Hash="61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE91E58A29F7AEBEFAE2149F" />
 198 |     <Deny ID="ID_DENY_D_123_1" FriendlyName="PowerShell 123" Hash="272EF88BBA9B4B54D242FFE1E96D07DBF53497A0" />
 199 |     <Deny ID="ID_DENY_D_124_1" FriendlyName="PowerShell 124" Hash="AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3ECBB529D89A1DF33A31E9BD" />
 200 |     <Deny ID="ID_DENY_D_125_1" FriendlyName="PowerShell 125" Hash="CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F" />
 201 |     <Deny ID="ID_DENY_D_126_1" FriendlyName="PowerShell 126" Hash="FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440AC0316B08532CEA2F1FF9B0" />
 202 |     <Deny ID="ID_DENY_D_127_1" FriendlyName="PowerShell 127" Hash="941D0FD47887035A04E17F46DE6C4004D7FD8871" />
 203 |     <Deny ID="ID_DENY_D_128_1" FriendlyName="PowerShell 128" Hash="4AD6DC7FF0A2E776CE7F27B4E3D3C1C380CA3548DFED565429D88C3BBE61DD0F" />
 204 |     <Deny ID="ID_DENY_D_129_1" FriendlyName="PowerShell 129" Hash="421D1142105358B8360454E43FD15767DA111DBA" />
 205 |     <Deny ID="ID_DENY_D_130_1" FriendlyName="PowerShell 130" Hash="692CABD40C1EDFCB6DC50591F31FAE30848E579D6EF4D2CA0811D06B086CF8BE" />
 206 |     <Deny ID="ID_DENY_D_131_1" FriendlyName="PowerShell 131" Hash="AC9F095DD4AE80B124F55541761AA1F35E49A575" />
 207 |     <Deny ID="ID_DENY_D_132_1" FriendlyName="PowerShell 132" Hash="0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABCE68592DED55A71B0ACAECE" />
 208 |     <Deny ID="ID_DENY_D_133_1" FriendlyName="PowerShell 133" Hash="B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5" />
 209 |     <Deny ID="ID_DENY_D_134_1" FriendlyName="PowerShell 134" Hash="095B79953F9E3E2FB721693FBFAD5841112D592B6CA7EB2055B262DEB7C7008A" />
 210 |     <Deny ID="ID_DENY_D_135_1" FriendlyName="PowerShell 135" Hash="128D7D03E4B85DBF95427D72EFF833DAB5E92C33" />
 211 |     <Deny ID="ID_DENY_D_136_1" FriendlyName="PowerShell 136" Hash="EACFC615FDE29BD858088AF42E0917E4B4CA5991EFB4394FB3129735D7299235" />
 212 |     <Deny ID="ID_DENY_D_137_1" FriendlyName="PowerShell 137" Hash="47D2F87F2D2D516D712A156421F0C2BD285200E9" />
 213 |     <Deny ID="ID_DENY_D_138_1" FriendlyName="PowerShell 138" Hash="8CACA1828E7770DADF21D558976D415AC7BDA16D58926308FD5E9D5087F4B0E6" />
 214 |     <Deny ID="ID_DENY_D_139_1" FriendlyName="PowerShell 139" Hash="CD9D70B0107801567EEADC4ECD74511A1A6FF4FE" />
 215 |     <Deny ID="ID_DENY_D_140_1" FriendlyName="PowerShell 140" Hash="9C96396EFCC9DC09F119DE8695CB3372F82DB46D23A1B7A88BD86CBE814233E1" />
 216 |     <Deny ID="ID_DENY_D_141_1" FriendlyName="PowerShell 141" Hash="233E3B5108A43239C6C13292043DED0567281AF9" />
 217 |     <Deny ID="ID_DENY_D_142_1" FriendlyName="PowerShell 142" Hash="6EDF19CC53EA2064CE108957343EB3505359CF05BD6955C7502AF565BD761702" />
 218 |     <Deny ID="ID_DENY_D_143_1" FriendlyName="PowerShell 143" Hash="CD725B606888E5C5426FEAB44E2CC7722DFE5411" />
 219 |     <Deny ID="ID_DENY_D_144_1" FriendlyName="PowerShell 144" Hash="B20C4F36AE6A3AC323759C81173FACE1B1C112FA5B701C65DCD7313D7CE59907" />
 220 |     <Deny ID="ID_DENY_D_145_1" FriendlyName="PowerShell 145" Hash="E5212F1081B5777B88F5C41174ADEDB35B4258CF" />
 221 |     <Deny ID="ID_DENY_D_146_1" FriendlyName="PowerShell 146" Hash="F4DE5B5395701F8C94D65D732E4D212E1879C9C84345B46A941965B094F75017" />
 222 |     <Deny ID="ID_DENY_D_147_1" FriendlyName="PowerShell 147" Hash="EC41A3FB8D6E3B0F55F6583C14C45B6238753019" />
 223 |     <Deny ID="ID_DENY_D_148_1" FriendlyName="PowerShell 148" Hash="76CA6B396796351685198D6189E865AFD7FB9E6C5CEFA9EA0B5F0A9F1FC98D57" />
 224 |     <Deny ID="ID_DENY_D_149_1" FriendlyName="PowerShell 149" Hash="3B2B7042A84033CA846AFE472912524F7BAD57E5" />
 225 |     <Deny ID="ID_DENY_D_150_1" FriendlyName="PowerShell 150" Hash="2DF95ABEB23DAA0377DFA6360976B69D3CEE7325A9B7571F331D569809FAED8B" />
 226 |     <Deny ID="ID_DENY_D_151_1" FriendlyName="PowerShell 151" Hash="7BED2F9C0ADF1597C7EBB79163BDA21D8D7D28CA" />
 227 |     <Deny ID="ID_DENY_D_152_1" FriendlyName="PowerShell 152" Hash="44BDD2DADB13E7A8FF6AFCF4AE3E2CC830506D9475B4C2C71D319E169977998F" />
 228 |     <Deny ID="ID_DENY_D_153_1" FriendlyName="PowerShell 153" Hash="A1251FA30162B13456A4687495726FF793D511BE" />
 229 |     <Deny ID="ID_DENY_D_154_1" FriendlyName="PowerShell 154" Hash="9C15E4DE10DE47ACD393359D523211AD8596C61FE54F2C0664D48E1D249231CE" />
 230 |     <Deny ID="ID_DENY_D_155_1" FriendlyName="PowerShell 155" Hash="D835947C84CFBA652B553A77A90475E02291AA5F" />
 231 |     <Deny ID="ID_DENY_D_156_1" FriendlyName="PowerShell 156" Hash="B4D6DAA10398D5DA192DFDD75010F428D24762D432934F0E2030D39610D43E12" />
 232 |     <Deny ID="ID_DENY_D_157_1" FriendlyName="PowerShell 157" Hash="1F85BBEC1DFC5785B91735A7C561E664F7FE1E94" />
 233 |     <Deny ID="ID_DENY_D_158_1" FriendlyName="PowerShell 158" Hash="828F05BFF829019EC0F3082323FEA859C0D71CCE14B5B75C07E7D418EF354269" />
 234 |     <Deny ID="ID_DENY_D_159_1" FriendlyName="PowerShell 159" Hash="FC0E23771620B41E6920F2463F49B84307D8BA91" />
 235 |     <Deny ID="ID_DENY_D_160_1" FriendlyName="PowerShell 160" Hash="C4FA568C852A46316308A660B80D83A11D41071F1CF4A79847A3F56714CC47AF" />
 236 |     <Deny ID="ID_DENY_D_161_1" FriendlyName="PowerShell 161" Hash="D18240AEE8B9B964F6B9CDFC5AFB6C343C286636" />
 237 |     <Deny ID="ID_DENY_D_162_1" FriendlyName="PowerShell 162" Hash="7B4C39285569F14AA9799332C542A0796717C5EF9D636BD11B2841450BC6399D" />
 238 |     <Deny ID="ID_DENY_D_163_1" FriendlyName="PowerShell 163" Hash="1A16008D330330182AA555B1D3E9BE0B2D6BECBF" />
 239 |     <Deny ID="ID_DENY_D_164_1" FriendlyName="PowerShell 164" Hash="D7685E259D0328937487856A3AB68B6D9D420DD4E02541F4D71164DFA65B4644" />
 240 |     <Deny ID="ID_DENY_D_165_1" FriendlyName="PowerShell 165" Hash="FBA274406B503B464B349805149E6AA722909CC9" />
 241 |     <Deny ID="ID_DENY_D_166_1" FriendlyName="PowerShell 166" Hash="FEBC97ED819C79E54157895457DBA755F182D6330A5103E0663AFA07E01E5CF8" />
 242 |     <Deny ID="ID_DENY_D_167_1" FriendlyName="PowerShell 167" Hash="293AF426A39282770387F5EE25CA719A91419A18" />
 243 |     <Deny ID="ID_DENY_D_168_1" FriendlyName="PowerShell 168" Hash="A9E655A96A124BC361D9CC5C7663FC033AA6F6609916EFAA76B6A6E9713A0D32" />
 244 |     <Deny ID="ID_DENY_D_169_1" FriendlyName="PowerShell 169" Hash="AEBFE7497F4A1947B5CB32650843CA0F85BD56D0" />
 245 |     <Deny ID="ID_DENY_D_170_1" FriendlyName="PowerShell 170" Hash="8C385B2C16136C097C96701D2140E014BF454CFA7297BE0C28431DED15339C0F" />
 246 |     <Deny ID="ID_DENY_D_171_1" FriendlyName="PowerShell 171" Hash="8FB604CD72701B83BC265D87F52B36C6F14E5DBE" />
 247 |     <Deny ID="ID_DENY_D_172_1" FriendlyName="PowerShell 172" Hash="B35AFBA7A897CB882C14A08AFB36A8EC938BDA14DF070234A2CCBDBA8F7DF91C" />
 248 |     <Deny ID="ID_DENY_D_173_1" FriendlyName="PowerShell 173" Hash="CE70309DB83C9202F45028EBEC252747F4936E6F" />
 249 |     <Deny ID="ID_DENY_D_174_1" FriendlyName="PowerShell 174" Hash="1F6D74FDA1F9EE6BBAC72E7E717A01B9FFC29822561D11175F6809D12215B4ED" />
 250 |     <Deny ID="ID_DENY_D_175_1" FriendlyName="PowerShell 175" Hash="9D71AD914DBB2FDF793742AA63AEEF4E4A430790" />
 251 |     <Deny ID="ID_DENY_D_176_1" FriendlyName="PowerShell 176" Hash="8CC1B5FA9A9609AC811F6505FA9B68E85A87BAE1EF676EFFE1BE438EACBDF3E1" />
 252 |     <Deny ID="ID_DENY_D_177_1" FriendlyName="PowerShell 177" Hash="7484FD78A9298DBA24AC5C882D16DB6146E53712" />
 253 |     <Deny ID="ID_DENY_D_178_1" FriendlyName="PowerShell 178" Hash="A79A74BFB768312E8EE089060C5C3238D59EF0C044A450FEB97DCA26815ECB34" />
 254 |     <Deny ID="ID_DENY_D_179_1" FriendlyName="PowerShell 179" Hash="78C3C6AEF52A6A5392C55F1EC98AF18053B3087D" />
 255 |     <Deny ID="ID_DENY_D_180_1" FriendlyName="PowerShell 180" Hash="493B620FCAD8A91D1FD7C726697E09358CA90822E8D6E021DF56E70B46F7C346" />
 256 |     <Deny ID="ID_DENY_D_181_1" FriendlyName="PowerShell 181" Hash="783FFB771F08BCF55C2EA474B5460EB65EA9444C" />
 257 |     <Deny ID="ID_DENY_D_182_1" FriendlyName="PowerShell 182" Hash="09DA1592B8457F860297821EB7FAA7F3BB71FC1916ED5DEE6D85044953640D5C" />
 258 |     <Deny ID="ID_DENY_D_183_1" FriendlyName="PowerShell 183" Hash="B303D1689ED99613E4F52CE6E5F96AAEBC3A45C3" />
 259 |     <Deny ID="ID_DENY_D_184_1" FriendlyName="PowerShell 184" Hash="82AB406FD78DCF58F65DC14D6FDDD72840015F3FE5B554428969BECA0325CD9C" />
 260 |     <Deny ID="ID_DENY_D_185_1" FriendlyName="PowerShell 185" Hash="DB5C6CB23C23BA6A3CD4FD4EC0A4DAEE3FC66500" />
 261 |     <Deny ID="ID_DENY_D_186_1" FriendlyName="PowerShell 186" Hash="9A46C16C5151D97A0EFA3EA503249E31A6D5D8D25E4F07CD4E5E077A574713FB" />
 262 |     <Deny ID="ID_DENY_D_187_1" FriendlyName="PowerShell 187" Hash="C1E08AD32F680100C51F138C6C095139E7230C3B" />
 263 |     <Deny ID="ID_DENY_D_188_1" FriendlyName="PowerShell 188" Hash="A5D5C1F79CD26216194D4C72DBAA3E48CB4A143D9E1F78819E52E9FEB2AD0AE3" />
 264 |     <Deny ID="ID_DENY_D_189_1" FriendlyName="PowerShell 189" Hash="BACA825D0852E2D8F3D92381D112B99B5DD56D9F" />
 265 |     <Deny ID="ID_DENY_D_190_1" FriendlyName="PowerShell 190" Hash="ABA28E0FC251E1D7FE5E264E1B36EC5E482D70AA434E75A756356F23F0C1F2F4" />
 266 |     <Deny ID="ID_DENY_D_191_1" FriendlyName="PowerShell 191" Hash="E89C29D38F554F6CB73B5FD3D0A783CC12FFEBC3" />
 267 |     <Deny ID="ID_DENY_D_192_1" FriendlyName="PowerShell 192" Hash="4C93CBDCF4328D27681453D8DFD7495955A07EE6A0EFB9A593853A86990CF528" />
 268 |     <Deny ID="ID_DENY_D_193_1" FriendlyName="PowerShell 193" Hash="5B5E7942233D7C8A325A429FC4F4AE281325E8F9" />
 269 |     <Deny ID="ID_DENY_D_194_1" FriendlyName="PowerShell 194" Hash="40DA20086ED76A5EA5F62901D110216EE206E7EEB2F2BFF02F61D0BE85B0BB5A" />
 270 |     <Deny ID="ID_DENY_D_195_1" FriendlyName="PowerShell 195" Hash="926DCACC6983F85A8ABBCB5EE13F3C756705A1D5" />
 271 |     <Deny ID="ID_DENY_D_196_1" FriendlyName="PowerShell 196" Hash="A22761E2BF18F02BB630962E3C5E32738770AAEA77F8EDA233E77792EB480072" />
 272 |     <Deny ID="ID_DENY_D_197_1" FriendlyName="PowerShell 197" Hash="6FE6723A355DEB4BC6B8637A634D1B43AFA64112" />
 273 |     <Deny ID="ID_DENY_D_198_1" FriendlyName="PowerShell 198" Hash="9BCC55A97A275F7D81110877F1BB5B41F86A848EA02B4EE1E1E6A44D927A488F" />
 274 |     <Deny ID="ID_DENY_D_199_1" FriendlyName="PowerShell 199" Hash="8D5599B34BED4A660DACC0922F6C2F112F264758" />
 275 |     <Deny ID="ID_DENY_D_200_1" FriendlyName="PowerShell 200" Hash="F375014915E5E027F697B29201362B56F2D9E598247C96F86ABADCC6FF42F034" />
 276 |     <Deny ID="ID_DENY_D_201_1" FriendlyName="PowerShell 201" Hash="CCFB247A3BCA9C64D82F647F3D30A3172E645F13" />
 277 |     <Deny ID="ID_DENY_D_202_1" FriendlyName="PowerShell 202" Hash="5E52ABBC051368315F078D31F01B0C1B904C1DDB6D1C1E4A91BE276BDF44C66F" />
 278 |     <Deny ID="ID_DENY_D_203_1" FriendlyName="PowerShell 203" Hash="E8EB859531F426CC45A3CB9118F399C92054563E" />
 279 |     <Deny ID="ID_DENY_D_204_1" FriendlyName="PowerShell 204" Hash="CD9E1D41F8D982F4AA6C610A2EFEAEBA5B0CDD883DF4A86FA0180ACD333CAA86" />
 280 |     <Deny ID="ID_DENY_D_205_1" FriendlyName="PowerShell 205" Hash="C92D4EAC917EE4842A437C54F96D87F003199DE8" />
 281 |     <Deny ID="ID_DENY_D_206_1" FriendlyName="PowerShell 206" Hash="3A270242EB49E06405FD654FA4954B166297BBC886891C64B4424134C39872DB" />
 282 |     <Deny ID="ID_DENY_D_207_1" FriendlyName="PowerShell 207" Hash="66681D9171981216B31996429695931DA2A638B9" />
 283 |     <Deny ID="ID_DENY_D_208_1" FriendlyName="PowerShell 208" Hash="7A2DF7D56912CB4EB5B36D071496EDC97661086B0E4C9CC5D9C61779A5A7DAAA" />
 284 |     <Deny ID="ID_DENY_D_209_1" FriendlyName="PowerShell 209" Hash="9DCA54C85E4C645CB296FE3055E90255B6506A95" />
 285 |     <Deny ID="ID_DENY_D_210_1" FriendlyName="PowerShell 210" Hash="8C9C58AD12FE61CBF021634EC6A4B3094750FC002DA224423E0BCEB01ECF292A" />
 286 |     <Deny ID="ID_DENY_D_211_1" FriendlyName="PowerShell 211" Hash="3AF2587E8B62F88DC363D7F5308EE4C1A6147338" />
 287 |     <Deny ID="ID_DENY_D_212_1" FriendlyName="PowerShell 212" Hash="D32D88F158FD341E32708CCADD48C426D227D0EC8465FF4304C7B7EAC2C6A93E" />
 288 |     <Deny ID="ID_DENY_D_213_1" FriendlyName="PowerShell 213" Hash="D3D453EBC368DF7CC2200474035E5898B58D93F1" />
 289 |     <Deny ID="ID_DENY_D_214_1" FriendlyName="PowerShell 214" Hash="BBE569BCC282B3AF682C1528D4E3BC53C1A0C6B5905FA34ADB4305160967B64A" />
 290 |     <Deny ID="ID_DENY_D_215_1" FriendlyName="PowerShell 215" Hash="D147CE5C7E7037D1BE3C0AF67EDB6F528C77DB0A" />
 291 |     <Deny ID="ID_DENY_D_216_1" FriendlyName="PowerShell 216" Hash="11F936112832738AD9B3A1C67537D5542DE8E86856CF2A5893C4D26CF3A2C558" />
 292 |     <Deny ID="ID_DENY_D_217_1" FriendlyName="PowerShell 217" Hash="7DBB41B87FAA887DE456C8E6A72E09D2839FA1E7" />
 293 |     <Deny ID="ID_DENY_D_218_1" FriendlyName="PowerShell 218" Hash="3741F3D2F264E047339C95A66085599A49766DEF1C5BD0C32237CE87FA0B41FB" />
 294 |     <Deny ID="ID_DENY_D_219_1" FriendlyName="PowerShell 219" Hash="5F3AECC89BAF094EAFA3C25E6B883EE68A6F00B0" />
 295 |     <Deny ID="ID_DENY_D_220_1" FriendlyName="PowerShell 220" Hash="AA085BE6498D2E3F527F3D72A5D1C604508133F0CDC05AD404BB49E8E3FB1A1B" />
 296 |     <Deny ID="ID_DENY_D_221_1" FriendlyName="PowerShell 221" Hash="DDE4D9A08514347CDE706C42920F43523FC74DEA" />
 297 |     <Deny ID="ID_DENY_D_222_1" FriendlyName="PowerShell 222" Hash="81835C6294B96282A4D7D70383BBF797C2E4E7CEF99648F85DDA50F7F41B02F6" />
 298 |     <Deny ID="ID_DENY_D_223_1" FriendlyName="PowerShell 223" Hash="48092864C96C4BF9B68B5006EAEDAB8B57B3738C" />
 299 |     <Deny ID="ID_DENY_D_224_1" FriendlyName="PowerShell 224" Hash="36EF3BED9A5D0D563BCB354BFDD2931F6256759D1D905BA5DC21CDA496F2FEB7" />
 300 |     <Deny ID="ID_DENY_D_225_1" FriendlyName="PowerShell 225" Hash="7F6725BA8CCD2DAEEFD0C9590A5DF9D98642CCEA" />
 301 |     <Deny ID="ID_DENY_D_226_1" FriendlyName="PowerShell 226" Hash="DB68DB3AE32A8A662AA6EE16CF459124D2701719D019B614CE9BF115F5F9C904" />
 302 |     <Deny ID="ID_DENY_D_227_1" FriendlyName="PowerShell 227" Hash="FF205856A3209227D571EAD4B8C1E611E7FF9924" />
 303 |     <Deny ID="ID_DENY_D_228_1" FriendlyName="PowerShell 228" Hash="A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC9E121E2988AD026E71ED63" />
 304 |     <Deny ID="ID_DENY_D_229_1" FriendlyName="PowerShell 229" Hash="479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA" />
 305 |     <Deny ID="ID_DENY_D_230_1" FriendlyName="PowerShell 230" Hash="2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5BCFCFFD121350B88A6F0E1" />
 306 |     <Deny ID="ID_DENY_D_231_1" FriendlyName="PowerShell 231" Hash="C7D70B96440D215173F35412D56CF9329886D8D3" />
 307 |     <Deny ID="ID_DENY_D_232_1" FriendlyName="PowerShell 232" Hash="B00C54F1AA77D88335675EAF07ED834E68FD96DD7606914C2867F9C506AB0A56" />
 308 |     <Deny ID="ID_DENY_D_233_1" FriendlyName="PowerShell 233" Hash="2AB804E1FF982AE0EDB591BC61AA909CF32E99C5" />
 309 |     <Deny ID="ID_DENY_D_234_1" FriendlyName="PowerShell 234" Hash="253120422B0DD987C293CAF5928FA820414C0A01622FD0EAF304A750FC5AEEFE" />
 310 |     <Deny ID="ID_DENY_D_235_1" FriendlyName="PowerShell 235" Hash="8DAB1D74CAEDBAA8D17805CF00D64A44F5831C12" />
 311 |     <Deny ID="ID_DENY_D_236_1" FriendlyName="PowerShell 236" Hash="AC1CE3AA9023E23F2F63D5A3536294B914686057336402E059DEF6559D1CE723" />
 312 |     <Deny ID="ID_DENY_D_237_1" FriendlyName="PowerShell 237" Hash="993425279D204D1D14C3EB989DEB4805ADC558CF" />
 313 |     <Deny ID="ID_DENY_D_238_1" FriendlyName="PowerShell 238" Hash="BDADDD710E47EB8D24B78E542F3996B0EA2CA577ABD515785819302DB15839DD" />
 314 |     <Deny ID="ID_DENY_D_239_1" FriendlyName="PowerShell 239" Hash="F4DB0CDF3A3FD163A9B90789CC6D14D326AD609C" />
 315 |     <Deny ID="ID_DENY_D_240_1" FriendlyName="PowerShell 240" Hash="5D249D8366077713024552CA8D08F164E975AFF89E8909E35A43F02B0DC66F70" />
 316 |     <Deny ID="ID_DENY_D_241_1" FriendlyName="PowerShell 241" Hash="5B8E45EECA32C2F0968C2252229D768B0DB796A0" />
 317 |     <Deny ID="ID_DENY_D_242_1" FriendlyName="PowerShell 242" Hash="B4D336B32C27E3D3FEBE4B06252DDE9683814E7E903C98448972AAB7389DFC02" />
 318 |     <Deny ID="ID_DENY_D_243_1" FriendlyName="PowerShell 243" Hash="4F5D66B449C4D2FDEA532F9B5DBECA5ACA8195EF" />
 319 |     <Deny ID="ID_DENY_D_244_1" FriendlyName="PowerShell 244" Hash="39F2F19A5C6708CE8CE4E1ABBEBA8D3D1A6220391CA86B2D319E347B46005C97" />
 320 |     <Deny ID="ID_DENY_D_245_1" FriendlyName="PowerShell 245" Hash="4BFB3F95CA1B79DA3C6B0A2ECB432059E686F967" />
 321 |     <Deny ID="ID_DENY_D_246_1" FriendlyName="PowerShell 246" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A910EA76F7F9BF31B3B4A3E9" />
 322 |     <Deny ID="ID_DENY_D_247_1" FriendlyName="PowerShell 247" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A" />
 323 |     <Deny ID="ID_DENY_D_248_1" FriendlyName="PowerShell 248" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6AD07B3EB1633CD3C498C13D" />
 324 |     <Deny ID="ID_DENY_D_249_1" FriendlyName="PubPrn 249" Hash="68E96BE23748AA680D5E1E557778901F332ED5D3" />
 325 |     <Deny ID="ID_DENY_D_250_1" FriendlyName="PubPrn 250" Hash="8FA30B5931806565C2058E565C06AD5F1C5A48CDBE609975EB31207C25214063" />
 326 |     <Deny ID="ID_DENY_D_251_1" FriendlyName="PubPrn 251" Hash="32C4B29FE428B1DF473F3F4FECF519D285E93521" />
 327 |     <Deny ID="ID_DENY_D_252_1" FriendlyName="PubPrn 252" Hash="D44FB563198D60DFDC91608949FE2FADAD6161854D084EB1968C558AA36513C7" />
 328 |     <Deny ID="ID_DENY_D_253_1" FriendlyName="PubPrn 253" Hash="9EDBEF086D350863F29175F5AB5178B88B142C75" />
 329 |     <Deny ID="ID_DENY_D_254_1" FriendlyName="PubPrn 254" Hash="9B22C98351F2B6DEDDCED0D805C65F5B166FF519A8DF41EB242CB909471892EB" />
 330 |     <Deny ID="ID_DENY_D_255_1" FriendlyName="PubPrn 255" Hash="8A3B30F345C43246B3500721CFEEADBAC6B9D9C6" />
 331 |     <Deny ID="ID_DENY_D_256_1" FriendlyName="PubPrn 256" Hash="37C20BF20A2BBACE50957F8D0AB3FD16174BC005E79D47E51E899AFD9E4B7724" />
 332 |     <Deny ID="ID_DENY_D_257_1" FriendlyName="PubPrn 257" Hash="C659DAD2B37375781E2D584E16AAE2A10B5A1156" />
 333 |     <Deny ID="ID_DENY_D_258_1" FriendlyName="PubPRn 258" Hash="EBDACA86F10AC0446D60CC75628EC7A370B1E2236E6D20F22372F91033B6D429" />
 334 |     <Deny ID="ID_DENY_D_259_1" FriendlyName="PubPrn 259" Hash="C9D6394BBFF8CD9C6590F08C54EC6AFDEB5CFFB4" />
 335 |     <Deny ID="ID_DENY_D_260_1" FriendlyName="PubPrn 260" Hash="518E4EA7A2B70713E1AEC6E7E75A488C39384B625C5F2779073E9294CBF2BD9F" />
 336 |     <Deny ID="ID_DENY_D_263_1" FriendlyName="PubPrn 263" Hash="763A652217A1E30F2D288B7F44E08346949A02CD" />
 337 |     <Deny ID="ID_DENY_D_264_1" FriendlyName="PubPrn 264" Hash="FCDDA212B06602F642B29FC05316EF75E4EE9975E6E8A9526E842BE2EA237C5D" />
 338 |     <Deny ID="ID_DENY_D_267_1" FriendlyName="PubPrn 267" Hash="60FD28D770B23A0477679311D247DA4D5C61074C" />
 339 |     <Deny ID="ID_DENY_D_268_1" FriendlyName="PubPrn 268" Hash="D09A4B2EA611CDFDC6DCA44314289B622B2A5EDA09716EF4A16B91EC90BFBA8F" />
 340 |     <Deny ID="ID_DENY_D_271_1" FriendlyName="PubPrn 271" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
 341 |     <Deny ID="ID_DENY_D_272_1" FriendlyName="PubPrn 272" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
 342 |     <Deny ID="ID_DENY_D_275_1" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E" />
 343 |     <Deny ID="ID_DENY_D_276_1" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576" />
 344 |     <Deny ID="ID_DENY_D_277_1" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215" />
 345 |     <Deny ID="ID_DENY_D_278_1" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9" />
 346 |     <Deny ID="ID_DENY_D_279_1" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747" />
 347 |     <Deny ID="ID_DENY_D_280_1" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1" />
 348 |     <Deny ID="ID_DENY_D_281_1" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF" />
 349 |     <Deny ID="ID_DENY_D_282_1" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512" />
 350 |     <Deny ID="ID_DENY_D_283_1" FriendlyName="PSWorkflowUtility 283" Hash="4FBC9A72C5D5246F34994F13076A5AD98A1A844E" />
 351 |     <Deny ID="ID_DENY_D_284_1" FriendlyName="PSWorkflowUtility 284" Hash="7BF44433D3A606104778F64B11B92C52FC99C4BA570C50B70438275D0B587B8E" />
 352 |     <Deny ID="ID_DENY_D_285_1" FriendlyName="PSWorkflowUtility 285" Hash="99382ED8FA3577DFD903C01478A79D6D90681406" />
 353 |     <Deny ID="ID_DENY_D_286_1" FriendlyName="PSWorkflowUtility 286" Hash="C3A5DAB20947CA8FD092E75C25177E7BAE7884CA58710F14827144C09EA1F94B" />
 354 |     <Deny ID="ID_DENY_D_287_1" FriendlyName="PowerShellShell 287" Hash="2B45C165F5E0BFD932397B18980BA680E2E82BD1" />
 355 |     <Deny ID="ID_DENY_D_288_1" FriendlyName="PowerShellShell 288" Hash="1DD0AD6B85DAEBAE7555DC37EA6C160EA38F75E3D4847176F77562A59025660A" />
 356 |     <Deny ID="ID_DENY_D_289_1" FriendlyName="PowerShellShell 289" Hash="A8C9E28F25C9C5F479691F2F49339F4448747638" />
 357 |     <Deny ID="ID_DENY_D_290_1" FriendlyName="PowerShellShell 290" Hash="F8FA17038CD532BF5D0D6D3AC55CE34E45EB690637D38D399CAB14B09807EB6C" />
 358 |     <Deny ID="ID_DENY_D_293_1" FriendlyName="PowerShellShell 293" Hash="3BA0605C08935B340BEFDC83C0D92B1CE52B8348" />
 359 |     <Deny ID="ID_DENY_D_294_1" FriendlyName="PowerShellShell 294" Hash="B794B01CE561F2791D4ED3EADE523D03D2BE7B4CEFE9AAFC685ECE8ACF515ED2" />
 360 |     <Deny ID="ID_DENY_D_295_1" FriendlyName="PowerShellShell 295" Hash="8B74A22710A532A71532E4F0B1C60AABDCAA29AB" />
 361 |     <Deny ID="ID_DENY_D_296_1" FriendlyName="PowerShellShell 296" Hash="EB335007DF9897BCD2ED5C647BA724F07658E8597E73E353479201000CF2EF79" />
 362 |     <Deny ID="ID_DENY_D_297_1" FriendlyName="PowerShellShell 297" Hash="10E2CD3A2CFA0549590F740139F464626DEE2092" />
 363 |     <Deny ID="ID_DENY_D_298_1" FriendlyName="PowerShellShell 298" Hash="61DEC96B91F3F152DFDA84B28EBB184808A21C4C183CC0584C66AC7E20F0DDB6" />
 364 |     <Deny ID="ID_DENY_D_299_1" FriendlyName="PowerShellShell 299" Hash="98E84F46B3EB3AD7420C9715722145AFB0C065A7" />
 365 |     <Deny ID="ID_DENY_D_300_1" FriendlyName="PowerShellShell 300" Hash="67398990D42DFF84F8BE33B486BF492EBAF61671820BB9DCF039D1F8738EC5A4" />
 366 |     <Deny ID="ID_DENY_D_301_1" FriendlyName="PowerShellShell 301" Hash="58F399EC75708720E722FBD038F0EC089BF5A8C0" />
 367 |     <Deny ID="ID_DENY_D_302_1" FriendlyName="PowerShellShell 302" Hash="C523FFF884C44251337470870E0B158230961845FC1E953F877D515668524F2E" />
 368 |     <Deny ID="ID_DENY_D_303_1" FriendlyName="PowerShellShell 303" Hash="41EE8E9559FC0E772FC26EBA87ED4D77E60DC76C" />
 369 |     <Deny ID="ID_DENY_D_304_1" FriendlyName="PowerShellShell 304" Hash="219AD97976987C614B00C0CD1229B4245F2F1453F5AF90B907664D0BF6ADFE78" />
 370 |     <Deny ID="ID_DENY_D_305_1" FriendlyName="PowerShellShell 305" Hash="7F7E646892FCEB8D6A19647F00C1153014955C45" />
 371 |     <Deny ID="ID_DENY_D_306_1" FriendlyName="PowerShellShell 306" Hash="5825FF16398F12B4999B9A12849A757DD0884F9908220FB33E720F170DA288D5" />
 372 |     <Deny ID="ID_DENY_D_307_1" FriendlyName="PowerShellShell 307" Hash="7EA8A590583008446583F0AE7D66537FAD63619D" />
 373 |     <Deny ID="ID_DENY_D_308_1" FriendlyName="PowerShellShell 308" Hash="26DD094717B15B3D39600D909A9CAEBCF5C616C6277933BCC01326E8C475A128" />
 374 |     <Deny ID="ID_DENY_D_309_1" FriendlyName="PowerShellShell 309" Hash="5F6CDF52C1E184B080B89EB234DE179C19F110BA" />
 375 |     <Deny ID="ID_DENY_D_310_1" FriendlyName="PowerShellShell 310" Hash="41FB90606E3C66D21C703D84C943F8CB35772030B689D9A9895CB3EF7C863FB2" />
 376 |     <Deny ID="ID_DENY_D_311_1" FriendlyName="PowerShellShell 311" Hash="91C1DACBD6773BFC7F9305418A6683B8311949CF" />
 377 |     <Deny ID="ID_DENY_D_312_1" FriendlyName="PowerShellShell 312" Hash="EB678387D01938D88E6F2F46712269D54D845EB6A8AAC3FCA256DC2160D42975" />
 378 |     <Deny ID="ID_DENY_D_313_1" FriendlyName="PowerShellShell 313" Hash="A05294D23A4A7DC91692013C0EC4373598A28B21" />
 379 |     <Deny ID="ID_DENY_D_314_1" FriendlyName="PowerShellShell 314" Hash="ABEEA4903403D2C07489436E59955ECFEEF893C63D1FDBED234343F6A6D472B1" />
 380 |     <Deny ID="ID_DENY_D_315_1" FriendlyName="PowerShellShell 315" Hash="B155C278617845EC6318E4009E4CED6639FAB951" />
 381 |     <Deny ID="ID_DENY_D_316_1" FriendlyName="PowerShellShell 316" Hash="59549FEEB4D64BA3AF50F925FECC8107422D3F54AF6106E5B0152B2F50912980" />
 382 |     <Deny ID="ID_DENY_D_317_1" FriendlyName="PowerShellShell 317" Hash="465D848F11CECE4452E831D248D326360B73A319" />
 383 |     <Deny ID="ID_DENY_D_318_1" FriendlyName="PowerShellShell 318" Hash="B9C9F208C6E50AABF91D234227D09D7C6CAB2FDB229163103E7C1F541F71C213" />
 384 |     <Deny ID="ID_DENY_D_319_1" FriendlyName="PowerShellShell 319" Hash="F0B9D75B53A268C0AC30584738C3A5EC33420A2E" />
 385 |     <Deny ID="ID_DENY_D_320_1" FriendlyName="PowerShellShell 320" Hash="365A7812DFC448B1FE9CEA83CF55BC62189C4E72BAD84276BD5F1DAB47CB3EFF" />
 386 |     <Deny ID="ID_DENY_D_321_1" FriendlyName="PowerShellShell 321" Hash="8ADCDD18EB178B6A43CF5E11EC73212C90B91988" />
 387 |     <Deny ID="ID_DENY_D_322_1" FriendlyName="PowerShellShell 322" Hash="51BD119BE2FBEFEC560F618DBBBB8203A251F455B1DF825F37B1DFFDBE120DF2" />
 388 |     <Deny ID="ID_DENY_D_323_1" FriendlyName="PowerShellShell 323" Hash="D2011097B6038D8507B26B7618FF07DA0FF01234" />
 389 |     <Deny ID="ID_DENY_D_324_1" FriendlyName="PowerShellShell 324" Hash="BA3D20A577F355612E53428D573767C48A091AE965FCB30CC348619F1CB85A02" />
 390 |     <Deny ID="ID_DENY_D_325_1" FriendlyName="PowerShellShell 325" Hash="57ABBC8E2FE88E04C57CDDD13D58C9CE03455D25" />
 391 |     <Deny ID="ID_DENY_D_326_1" FriendlyName="PowerShellShell 326" Hash="0280C4714BC806BFC1863BE9E84D38F203942DD35C6AF2EB96958FD011E4D23D" />
 392 |     <Deny ID="ID_DENY_D_327_1" FriendlyName="PowerShellShell 327" Hash="DEB07053D6059B56109DFF885720D5721EB0F55C" />
 393 |     <Deny ID="ID_DENY_D_328_1" FriendlyName="PowerShellShell 328" Hash="E374A14871C35DB57D6D67281C16F5F9EF77ABE248DE92C1A937C6526133FA36" />
 394 |     <Deny ID="ID_DENY_D_329_1" FriendlyName="PowerShellShell 329" Hash="AC33BA432B35A662E2D9D015D6283308FD046251" />
 395 |     <Deny ID="ID_DENY_D_330_1" FriendlyName="PowerShellShell 330" Hash="93B22B0D5369327247DF491AABD3CE78421D0D68FE8A3931E0CDDF5F858D3AA7" />
 396 |     <Deny ID="ID_DENY_D_331_1" FriendlyName="PowerShellShell 331" Hash="05126413310F4A1BA2F7D2AD3305E2E3B6A1B00D" />
 397 |     <Deny ID="ID_DENY_D_332_1" FriendlyName="PowerShellShell 332" Hash="108A73F4AE78786C9955ED71EFD916465A36175F8DC85FD82DDA6410FBFCDB52" />
 398 |     <Deny ID="ID_DENY_D_333_1" FriendlyName="PowerShellShell 333" Hash="B976F316FB5EE6E5A325320E7EE5FBF487DA9CE5" />
 399 |     <Deny ID="ID_DENY_D_334_1" FriendlyName="PowerShellShell 334" Hash="D54CCD405D3E904CAECA3A6F7BE1737A9ACE20F7593D0F6192B811EF17744DD6" />
 400 |     <Deny ID="ID_DENY_D_335_1" FriendlyName="PowerShellShell 335" Hash="F3471DBF534995307AEA230D228BADFDCA9E4021" />
 401 |     <Deny ID="ID_DENY_D_336_1" FriendlyName="PowerShellShell 336" Hash="2048F33CCD924D224154307C28DDC6AC1C35A1859F118AB2B6536FB954FC44EF" />
 402 |     <Deny ID="ID_DENY_D_337_1" FriendlyName="PowerShellShell 337" Hash="1FAC9087885C2FEBD7F57CC9AACE8AF94294C8FB" />
 403 |     <Deny ID="ID_DENY_D_338_1" FriendlyName="PowerShellShell 338" Hash="942E0D0BA5ECBF64A3B2D0EA1E08C793712A4C89BC1BC3B6C32A419AE38FACC1" />
 404 |     <Deny ID="ID_DENY_D_339_1" FriendlyName="PowerShellShell 339" Hash="5B67EE19AA7E4B42E58127A63520D44A0679C6CE" />
 405 |     <Deny ID="ID_DENY_D_340_1" FriendlyName="PowerShellShell 340" Hash="2B6A59053953737D345B97FA1AFB23C379809D1532BAF31E710E48ED7FA2D735" />
 406 |     <Deny ID="ID_DENY_D_341_1" FriendlyName="PowerShellShell 341" Hash="1ABC67650B169E7C437853922805706D488EEEA2" />
 407 |     <Deny ID="ID_DENY_D_342_1" FriendlyName="PowerShellShell 342" Hash="754CA97A95464F1A1687C83AE3ECC6670B80A50503067DEBF6135077C886BCF4" />
 408 |     <Deny ID="ID_DENY_D_343_1" FriendlyName="PowerShellShell 343" Hash="0E280FF775F406836985ECA66BAA9BA17D12E38B" />
 409 |     <Deny ID="ID_DENY_D_344_1" FriendlyName="PowerShellShell 344" Hash="19C9A6D1AE90AEA163E35930FAB1B57D3EC78CA5FE192D6E510CED2DAB5DD03B" />
 410 |     <Deny ID="ID_DENY_D_345_1" FriendlyName="PowerShellShell 345" Hash="4E6081C3BBB2809C417E2D03412E29FF7317DA54" />
 411 |     <Deny ID="ID_DENY_D_346_1" FriendlyName="PowerShellShell 346" Hash="3AE4505A552EA04C7664C610E81172CA329981BF53ECC6758C03357EB653F5D1" />
 412 |     <Deny ID="ID_DENY_D_347_1" FriendlyName="PowerShellShell 347" Hash="61BED1C7CD54B2F60923D26CD2F6E48C063AFED5" />
 413 |     <Deny ID="ID_DENY_D_348_1" FriendlyName="PowerShellShell 348" Hash="9405CBE91B7519290F90577DCCF5796C514746DE6390322C1624BA258D284EE9" />
 414 |     <Deny ID="ID_DENY_D_349_1" FriendlyName="PowerShellShell 349" Hash="63AA55C3B46EFAFC8625F8D5562AB504E4CBB78F" />
 415 |     <Deny ID="ID_DENY_D_350_1" FriendlyName="PowerShellShell 350" Hash="FF54885D30A13008D60F6D0B96CE802209C89A2A7D9D86A85804E66B6DE29A5D" />
 416 |     <Deny ID="ID_DENY_D_351_1" FriendlyName="PowerShellShell 351" Hash="20845E4440DA2D9AB3559D4B6890691CACD0E93E" />
 417 |     <Deny ID="ID_DENY_D_352_1" FriendlyName="PowerShellShell 352" Hash="3C9098C4BFD818CE8CFA130F6E6C90876B97D57ABBEAFABB565C487F1DD33ECC" />
 418 |     <Deny ID="ID_DENY_D_353_1" FriendlyName="PowerShellShell 353" Hash="4A473F14012EB9BF7DCEA80B86C2612A6D9D914E" />
 419 |     <Deny ID="ID_DENY_D_354_1" FriendlyName="PowerShellShell 354" Hash="1C6914B58F70A9860F67311C32258CD9072A367BF30203DA9D8C48188D888E65" />
 420 |     <Deny ID="ID_DENY_D_355_1" FriendlyName="PowerShellShell 355" Hash="641871FD5D9875DB75BFC58B7B53672D2C645F01" />
 421 |     <Deny ID="ID_DENY_D_356_1" FriendlyName="PowerShellShell 356" Hash="C115A974DD2C56574E93A4800247A23B98B9495F6EF41460D1EC139266A2484D" />
 422 |     <Deny ID="ID_DENY_D_357_1" FriendlyName="PowerShellShell 357" Hash="A21E254C18D3D53B832AD381FF58B36E6737FFB6" />
 423 |     <Deny ID="ID_DENY_D_358_1" FriendlyName="PowerShellShell 358" Hash="D214AF2AD9204118EB670D08D80D4CB9FFD74A978726240360C35AD5A57F8E7D" />
 424 |     <Deny ID="ID_DENY_D_359_1" FriendlyName="PowerShellShell 359" Hash="102B072F29122BC3A89B924987A7BF1AC3C598DB" />
 425 |     <Deny ID="ID_DENY_D_360_1" FriendlyName="PowerShellShell 360" Hash="DA444773FE7AD8309FA9A0ABCDD63B302E6FC91E750903843FBA2A7F370DB0C0" />
 426 |     <Deny ID="ID_DENY_D_361_1" FriendlyName="PowerShellShell 361" Hash="EAD58EBB00001E678B9698A209308CC7406E1BCC" />
 427 |     <Deny ID="ID_DENY_D_362_1" FriendlyName="PowerShellShell 362" Hash="34A5F48629F9FDAEBAB9468EF7F1683EFA856AAD32E3C0CC0F92B5641D722EDC" />
 428 |     <Deny ID="ID_DENY_D_363_1" FriendlyName="PowerShellShell 363" Hash="727EDB00C15DC5D3C14368D88023FDD5A74C0B06" />
 429 |     <Deny ID="ID_DENY_D_364_1" FriendlyName="PowerShellShell 364" Hash="5720BEE5CBE7D724B67E07C53E22FB869F8F9B1EB95C4F71D61D240A1ED8D8AD" />
 430 |     <Deny ID="ID_DENY_D_365_1" FriendlyName="PowerShellShell 365" Hash="A43137EC82721A81C3E05DC5DE74F0549DE6A130" />
 431 |     <Deny ID="ID_DENY_D_366_1" FriendlyName="PowerShellShell 366" Hash="1731118D97F278C18E2C6922A016DA7C55970C6C4C5441710D1B0464EED6EAEB" />
 432 |     <Deny ID="ID_DENY_D_367_1" FriendlyName="PowerShellShell 367" Hash="17EC94CB9BF98E605F9352987CA33DCE8F5733CD" />
 433 |     <Deny ID="ID_DENY_D_368_1" FriendlyName="PowerShellShell 368" Hash="AFE0CC143108BBDBE60771B6894406785C471BA5730F06EE8185D0A71617B583" />
 434 |     <Deny ID="ID_DENY_D_369_1" FriendlyName="PowerShellShell 369" Hash="F6E9C098737F0905E53B92D4AD49C199EC76D24B" />
 435 |     <Deny ID="ID_DENY_D_370_1" FriendlyName="PowerShellShell 370" Hash="50A57BFCD20380DDEFD2A717D7937D49380D4D5931CC6CC403C904139546CB1D" />
 436 |     <Deny ID="ID_DENY_D_371_1" FriendlyName="PowerShellShell 371" Hash="2118ACC512464EE95946F064560C15C58341B80C" />
 437 |     <Deny ID="ID_DENY_D_372_1" FriendlyName="PowerShellShell 372" Hash="005990EE785C1CA7EAEC82DA29F5B363049DC117A18823D83C10B86B5E8D0A5F" />
 438 |     <Deny ID="ID_DENY_D_373_1" FriendlyName="PowerShellShell 373" Hash="54FAE3A389FDD2F5C21293D2317E87766AF0473D" />
 439 |     <Deny ID="ID_DENY_D_374_1" FriendlyName="PowerShellShell 374" Hash="70F4E503D7484DF5B5F73D9A753E585BFADB8B8EBA42EB482B6A66DB17C87881" />
 440 |     <Deny ID="ID_DENY_D_375_1" FriendlyName="PowerShellShell 375" Hash="B4831AF4B25527EF0C172DAA5E4CA26DE105D30B" />
 441 |     <Deny ID="ID_DENY_D_376_1" FriendlyName="PowerShellShell 376" Hash="D410A37042A2DC53AD1801EBB2EF507B4AE475870522A298567B79DA61C3E9C8" />
 442 |     <Deny ID="ID_DENY_D_377_1" FriendlyName="PowerShellShell 377" Hash="85BBC0CDC34BD5A56113B0DCB6795BCEBADE63FA" />
 443 |     <Deny ID="ID_DENY_D_378_1" FriendlyName="PowerShellShell 378" Hash="C6F8E3A3F2C513CEDD2F21D486BF0116BAF2E2EE4D631A9BE4760860B1161848" />
 444 |     <Deny ID="ID_DENY_D_379_1" FriendlyName="PowerShellShell 379" Hash="46105ACE7ABEC3A6E6226183F2F7F8E90E3639A5" />
 445 |     <Deny ID="ID_DENY_D_380_1" FriendlyName="PowerShellShell 380" Hash="F60BE088F226CA1E2308099C3B1C2A54DB4C41D2BE678504D03547B9E1E023F6" />
 446 |     <Deny ID="ID_DENY_D_381_1" FriendlyName="PowerShellShell 381" Hash="C9478352ACE4BE6D6B70BBE710C2E2128FEFC7FE" />
 447 |     <Deny ID="ID_DENY_D_382_1" FriendlyName="PowerShellShell 382" Hash="F4A81E7D4BD3B8762FAED760047877E06E40EC991D968BD6A6929B848804C1A4" />
 448 |     <Deny ID="ID_DENY_D_383_1" FriendlyName="PowerShellShell 383" Hash="9E56E910919FF65BCCF5D60A8F9D3EBE27EF1381" />
 449 |     <Deny ID="ID_DENY_D_384_1" FriendlyName="PowerShellShell 384" Hash="34887B225444A18158B632CAEA4FEF6E7D691FEA3E36C12D4152AFAB260668EB" />
 450 |     <Deny ID="ID_DENY_D_385_1" FriendlyName="PowerShellShell 385" Hash="1FD04D4BD5F9E41FA8278F3F9B05FE8702ADB4C8" />
 451 |     <Deny ID="ID_DENY_D_386_1" FriendlyName="PowerShellShell 386" Hash="6586176AEBE8307829A1E03D878EF6F500E8C5032E50198DF66F54D3B56EA718" />
 452 |     <Deny ID="ID_DENY_D_387_1" FriendlyName="PowerShellShell 387" Hash="DEBC3DE2AD99FC5E885A358A6994E6BD39DABCB0" />
 453 |     <Deny ID="ID_DENY_D_388_1" FriendlyName="PowerShellShell 388" Hash="FDF54A4A3089062FFFA4A41FEBF38F0ABC9D502B57749348DF6E78EA2A33DDEA" />
 454 |     <Deny ID="ID_DENY_D_389_1" FriendlyName="PowerShellShell 389" Hash="6AA06D07D9DE8FE7E13B66EDFA07232B56F7E21D" />
 455 |     <Deny ID="ID_DENY_D_390_1" FriendlyName="PowerShellShell 390" Hash="DD3E74CFB8ED64FA5BE9136C305584CD2E529D92B360651DD06A6DC629E23449" />
 456 |     <Deny ID="ID_DENY_D_391_1" FriendlyName="PowerShellShell 391" Hash="5C858042246FDDDB281C1BFD2FEFC9BAABC3F7AD" />
 457 |     <Deny ID="ID_DENY_D_392_1" FriendlyName="PowerShellShell 392" Hash="20E65B1BE06A99507412FC0E75D158EE1D9D43AE5F492BE4A87E3AA29A148310" />
 458 |     <Deny ID="ID_DENY_D_393_1" FriendlyName="PowerShellShell 393" Hash="2ABCD0525D31D4BB2D0131364FBE1D94A02A3E2A" />
 459 |     <Deny ID="ID_DENY_D_394_1" FriendlyName="PowerShellShell 394" Hash="806EC87F1EFA428627989318C882CD695F55F60A1E865C621C9F2B14E4E1FC2E" />
 460 |     <Deny ID="ID_DENY_D_395_1" FriendlyName="PowerShellShell 395" Hash="E2967D755D0F79FA8EA7A8585106926CA87F89CB" />
 461 |     <Deny ID="ID_DENY_D_396_1" FriendlyName="PowerShellShell 396" Hash="07382BE9D8ACBAFDA953C842BAAE600A82A69183D6B63F91B061671C4AF9434B" />
 462 |     <Deny ID="ID_DENY_D_397_1" FriendlyName="PowerShellShell 397" Hash="75EF6F0B78098FB1766DCC853E004476033499CF" />
 463 |     <Deny ID="ID_DENY_D_398_1" FriendlyName="PowerShellShell 398" Hash="699A9D17E1247F05767E82BFAFBD96DBE07AE521E23D39613D4A39C3F8CF4971" />
 464 |     <Deny ID="ID_DENY_D_399_1" FriendlyName="PowerShellShell 399" Hash="E73178C487AF6B9F182B2CCA25774127B0303093" />
 465 |     <Deny ID="ID_DENY_D_400_1" FriendlyName="PowerShellShell 400" Hash="0BD1FE62BE97032ADDAAB41B445D00103302D3CE8A03A798A36FEAA0F89939FF" />
 466 |     <Deny ID="ID_DENY_D_401_1" FriendlyName="PowerShellShell 401" Hash="EBF20FEECA95F83B9F5C22B97EB44DD7EB2C7B5F" />
 467 |     <Deny ID="ID_DENY_D_402_1" FriendlyName="PowerShellShell 402" Hash="B5AE0EAA5AF4245AD9B37C8C1FC5220081B92A13950C54D82E824D2D3B840A7C" />
 468 |     <Deny ID="ID_DENY_D_403_1" FriendlyName="PowerShellShell 403" Hash="5E53A4235DC549D0195A9DDF607288CEDE7BF115" />
 469 |     <Deny ID="ID_DENY_D_404_1" FriendlyName="PowerShellShell 404" Hash="FE57195757977E4485BF5E5D72A24EA65E33F8EAA7245381453960D5646FAF58" />
 470 |     <Deny ID="ID_DENY_D_405_1" FriendlyName="PowerShellShell 405" Hash="014BC30E1FC12F270824F01DC7C934497A573124" />
 471 |     <Deny ID="ID_DENY_D_406_1" FriendlyName="PowerShellShell 406" Hash="65B3B357C356DAE26E5B036820C193989C0F9E8E08131B3186F9443FF9A511E4" />
 472 |     <Deny ID="ID_DENY_D_411_1" FriendlyName="PowerShellShell 411" Hash="8287B536E8E63F024DE1248D0FE3E6A759E9ACEE" />
 473 |     <Deny ID="ID_DENY_D_412_1" FriendlyName="PowerShellShell 412" Hash="B714D4A700A56BC1D4B3F59DFC1F5835CB97CBEF3927523BF71AF96B00F0FFA4" />
 474 |     <Deny ID="ID_DENY_D_427_1" FriendlyName="PowerShellShell 427" Hash="EA157E01147629D1F59503D8335FB6EBC688B2C1" />
 475 |     <Deny ID="ID_DENY_D_428_1" FriendlyName="PowerShellShell 428" Hash="14C160DF95736EC1D7C6C55B9D0F81832E8FE0DB6C5931B23E45A559995A1000" />
 476 |     <Deny ID="ID_DENY_D_435_1" FriendlyName="PowerShellShell 435" Hash="6792915D3C837A39BD04AD169488009BB1EA372C" />
 477 |     <Deny ID="ID_DENY_D_436_1" FriendlyName="PowerShellShell 436" Hash="23B10EC5FC7EAEB9F8D147163463299328FAED4B973BB862ECD3F28D6794DA9D" />
 478 |     <Deny ID="ID_DENY_D_441_1" FriendlyName="PowerShellShell 441" Hash="24F9CF6C5E9671A295AD0DEED74737FB6E9146DE" />
 479 |     <Deny ID="ID_DENY_D_442_1" FriendlyName="PowerShellShell 442" Hash="C2E862CC578F54A53496EEE2DCB534A106AFD55C7288362AF6499B45F8D8755E" />
 480 |     <Deny ID="ID_DENY_D_457_1" FriendlyName="PowerShellShell 457" Hash="D5A9460A941FB5B49EAFDD57575CFB23F27779D3" />
 481 |     <Deny ID="ID_DENY_D_458_1" FriendlyName="PowerShellShell 458" Hash="4BDAAC1654328E4D37B6ED89DA351155438E558F51458F2129AFFAC5B596CD61" />
 482 |     <Deny ID="ID_DENY_D_463_1" FriendlyName="PowerShellShell 463" Hash="C647D17850941CFB5B9C8AF49A48569B52230274" />
 483 |     <Deny ID="ID_DENY_D_464_1" FriendlyName="PowerShellShell 464" Hash="0BCBDE8791E3D6D7A7C8FC6F25E14383014E6B43D9720A04AF0BD4BDC37F79E0" />
 484 |     <Deny ID="ID_DENY_D_465_1" FriendlyName="PowerShellShell 465" Hash="CA6E0BAB6B28E1592D0FC5940023C7A81E2568F8" />
 485 |     <Deny ID="ID_DENY_D_466_1" FriendlyName="PowerShellShell 466" Hash="366E00E2F517D4D404133AEFEF6F917DFA156E3E46D350A8CBBE59BE1FB877A2" />
 486 |     <Deny ID="ID_DENY_D_467_1" FriendlyName="PowerShellShell 467" Hash="7D9FFFA86DDCD227A3B4863D995456308BAC2403" />
 487 |     <Deny ID="ID_DENY_D_468_1" FriendlyName="PowerShellShell 468" Hash="4439BBF61DC012AFC8190199AF5722C3AE26F365DEE618D0D945D75FD1AABF3C" />
 488 |     <Deny ID="ID_DENY_D_469_1" FriendlyName="PowerShellShell 469" Hash="8FFDD4576F2B6D4999326CFAF67727BFB471FA21" />
 489 |     <Deny ID="ID_DENY_D_470_1" FriendlyName="PowerShellShell 470" Hash="94630AB6F60A7193A6E27E312AF9B71DA265D42AD49465F4EEA11EBF134BA54A" />
 490 |     <Deny ID="ID_DENY_D_471_1" FriendlyName="PowerShellShell 471" Hash="78B8454F78E216B629E43B4E40765F73BFE0D6C6" />
 491 |     <Deny ID="ID_DENY_D_472_1" FriendlyName="PowerShellShell 472" Hash="498BB1688410EE243D61FB5C7B37457FA6C0A9A32D136AF70FAD43D5F37D7A81" />
 492 |     <Deny ID="ID_DENY_D_475_1" FriendlyName="PowerShellShell 475" Hash="8AF579DE1D7E590A13BD1DAE5BFDB39476068A05" />
 493 |     <Deny ID="ID_DENY_D_476_1" FriendlyName="PowerShellShell 476" Hash="9917A3055D194F47AB295FA3F917E4BD2F08DDF45C04C65C591A020E1507A573" />
 494 |     <Deny ID="ID_DENY_D_477_1" FriendlyName="PowerShellShell 477" Hash="DD64046BAB221CF4110FF230FA5060310A4D9610" />
 495 |     <Deny ID="ID_DENY_D_478_1" FriendlyName="PowerShellShell 478" Hash="A55AF37229D7E249C8CAFED3432E595AA77FAF8B62990C07938220E957679081" />
 496 |     <Deny ID="ID_DENY_D_483_1" FriendlyName="PowerShellShell 483" Hash="2F587293F16DFCD06F3BF8B8348FF68827ECD307" />
 497 |     <Deny ID="ID_DENY_D_484_1" FriendlyName="PowerShellShell 484" Hash="B2F4A5FE21D5961F464CAB3E88C0ED88154B0C1A422629474AD5C9EDC11880B6" />
 498 |     <Deny ID="ID_DENY_D_493_1" FriendlyName="PowerShellShell 493" Hash="E180486F0CC90AF4FB8283ADCF571884894513C8" />
 499 |     <Deny ID="ID_DENY_D_494_1" FriendlyName="PowerShellShell 494" Hash="3800E38275E6BB3B4645CDAD14CD756239BB9A87EF261DC1B68072B6DB2850C0" />
 500 |     <Deny ID="ID_DENY_D_503_1" FriendlyName="PowerShellShell 503" Hash="231A02EAB7EB192638BC89AB61A5077346FF22B9" />
 501 |     <Deny ID="ID_DENY_D_504_1" FriendlyName="PowerShellShell 504" Hash="4D544170DE5D9916678EA43A7C6F796FC02EFA9197C6E0C01A1D832BF554F748" />
 502 |     <Deny ID="ID_DENY_D_507_1" FriendlyName="PowerShellShell 507" Hash="15EF1F7DBC474732E122A0147640ACBD9DA1775C" />
 503 |     <Deny ID="ID_DENY_D_508_1" FriendlyName="PowerShellShell 508" Hash="04724BF232D5F169FBB0DB6821E35D772619FB4F24069BE0EC571BA622ACC4D2" />
 504 |     <Deny ID="ID_DENY_D_509_1" FriendlyName="PowerShellShell 509" Hash="7959AB2B34A5F490AD54782D135BF155592DF13F" />
 505 |     <Deny ID="ID_DENY_D_510_1" FriendlyName="PowerShellShell 510" Hash="DD03CD6B5655B4EB9DD259F26E1585389804C23DB39C10122B6BC0E8886B4C2A" />
 506 |     <Deny ID="ID_DENY_D_511_1" FriendlyName="PowerShellShell 511" Hash="CCA8C8FB699496BD50AE296B20CC9ADC3496DECE" />
 507 |     <Deny ID="ID_DENY_D_512_1" FriendlyName="PowerShellShell 512" Hash="75E6C2DD81FE2664DF466C9C2EB0F923B0C6D992FF653B673793A896D8860957" />
 508 |     <Deny ID="ID_DENY_D_515_1" FriendlyName="PowerShellShell 515" Hash="B3B7A653DD1A10EE9A3D35C818D227E2E3C3B5FB" />
 509 |     <Deny ID="ID_DENY_D_516_1" FriendlyName="PowerShellShell 516" Hash="43E2D91C0C6A8473BE178F1793E5E34966D700F71362297ECF4B5D46239603E3" />
 510 |     <Deny ID="ID_DENY_D_519_1" FriendlyName="PowerShellShell 519" Hash="AAE22FD137E8B7217222974DCE60B9AD4AF2A512" />
 511 |     <Deny ID="ID_DENY_D_520_1" FriendlyName="PowerShellShell 520" Hash="DAC9E963A3897D7F7AB2B4FEBBD4894A15441246639CE3E8EE74B0228F312742" />
 512 |     <Deny ID="ID_DENY_D_527_1" FriendlyName="PowerShellShell 527" Hash="25CA971D7EDFAA7A48FA19B8399301853809D7CC" />
 513 |     <Deny ID="ID_DENY_D_528_1" FriendlyName="PowerShellShell 528" Hash="0A10C71CB5CC8A801F84F2CCD8041D13DB55711435388D9500C53D122688D4E5" />
 514 |     <Deny ID="ID_DENY_D_529_1" FriendlyName="PowerShellShell 529" Hash="46E05FD4D62451C1DCB0287B32B3D77AD41544EA" />
 515 |     <Deny ID="ID_DENY_D_530_1" FriendlyName="PowerShellShell 530" Hash="D86F930445F0715D0D7E4C3B089399280FBA2ACE0E4125BA5D3DAB9FAC1A6D3A" />
 516 |     <Deny ID="ID_DENY_D_537_1" FriendlyName="PowerShellShell 537" Hash="46936F4F0AFE4C87D2E55595F74DDDFFC9AD94EE" />
 517 |     <Deny ID="ID_DENY_D_538_1" FriendlyName="PowerShellShell 538" Hash="9843DC862BC7491A279A09EFD8FF122EB23C57CA" />
 518 |     <Deny ID="ID_DENY_D_539_1" FriendlyName="PowerShellShell 539" Hash="11F11FB1E57F299383A615D6A28436E02A1C1A83" />
 519 |     <Deny ID="ID_DENY_D_540_1" FriendlyName="PowerShellShell 540" Hash="C593ABE79DFFB1504CFCDB1A6AD65D24996E7B97" />
 520 |     <Deny ID="ID_DENY_D_541_1" FriendlyName="PowerShellShell 541" Hash="93E22F2BA6C8B1C09F100F9C0E3B06FAF2D1DDB6" />
 521 |     <Deny ID="ID_DENY_D_542_1" FriendlyName="PowerShellShell 542" Hash="5A8D9712CF7893C335FFB7414748625D524227FE" />
 522 |     <Deny ID="ID_DENY_D_543_1" FriendlyName="PowerShellShell 543" Hash="B5FFFEE20F25691A59F3894644AEF088B4845761" />
 523 |     <Deny ID="ID_DENY_D_544_1" FriendlyName="PowerShellShell 544" Hash="3334059FF4484C43A5D08CEC3E43E2D27EDB927B" />
 524 |     <Deny ID="ID_DENY_D_545_1" FriendlyName="PowerShellShell 545" Hash="00B6993F59990C3DFEA33584BDB050F91313B17A" />
 525 |     <Deny ID="ID_DENY_D_546_1" FriendlyName="PowerShellShell 546" Hash="7518F60A0B33011D19873908559961F96A9B4FC0" />
 526 |     <Deny ID="ID_DENY_D_547_1" FriendlyName="PowerShellShell 547" Hash="A1D1AF7675C2596D0DF977F57B54372298A56EE0F3E1FF2D974D387D7F69DD4E" />
 527 |     <Deny ID="ID_DENY_D_548_1" FriendlyName="PowerShellShell 548" Hash="3C1743CBC43B80F5AF5B17239B03A8727B4BE81F14052BDE37685E2D54214071" />
 528 |     <Deny ID="ID_DENY_D_549_1" FriendlyName="PowerShellShell 549" Hash="C7DC8B00F0BDA000D1F3CF0FBC7AB32D443C377C0130BB5153A0390E712DDDE5" />
 529 |     <Deny ID="ID_DENY_D_550_1" FriendlyName="PowerShellShell 550" Hash="ED5A4747C8AEEB1AC2F4FDB8EB0B9BFC240F2B3C00BF7C6CDB372BFFEC0F8ABE" />
 530 |     <Deny ID="ID_DENY_D_551_1" FriendlyName="PowerShellShell 551" Hash="939C291D4A2592209EC7664EC832670FA0AC1009F974F47489D866751F4B862F" />
 531 |     <Deny ID="ID_DENY_D_552_1" FriendlyName="PowerShellShell 552" Hash="497A2D4207B2AE6EF09424591624A86A64A2C8E451389ED9A3256E6274556A7B" />
 532 |     <Deny ID="ID_DENY_D_553_1" FriendlyName="PowerShellShell 553" Hash="732BC385B191C8436B42CD1441DC234FFDD5EC1BD18A32894F093EECA3DD8FBC" />
 533 |     <Deny ID="ID_DENY_D_554_1" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C" />
 534 |     <Deny ID="ID_DENY_D_555_1" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820" />
 535 |     <Deny ID="ID_DENY_D_556_1" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7" />
 536 |     <Deny ID="ID_DENY_D_557_1" FriendlyName="PowerShellShell 557" Hash="45F948AF27F4E698A8546027717901B5F70368EE" />
 537 |     <Deny ID="ID_DENY_D_558_1" FriendlyName="PowerShellShell 558" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30" />
 538 |     <Deny ID="ID_DENY_D_559_1" FriendlyName="PowerShellShell 559" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3" />
 539 |     <Deny ID="ID_DENY_D_560_1" FriendlyName="PowerShellShell 560" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140" />
 540 |     <Deny ID="ID_DENY_D_561_1" FriendlyName="PowerShellShell 561" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408" />
 541 |     <Deny ID="ID_DENY_D_562_1" FriendlyName="PowerShellShell 562" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A" />
 542 |     <Deny ID="ID_DENY_D_563_1" FriendlyName="PowerShellShell 563" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E" />
 543 |     <Deny ID="ID_DENY_D_564_1" FriendlyName="PowerShellShell 564" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010" />
 544 |     <Deny ID="ID_DENY_D_565_1" FriendlyName="PowerShellShell 565" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E" />
 545 |     <Deny ID="ID_DENY_D_566_1" FriendlyName="PowerShellShell 566" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3" />
 546 |     <Deny ID="ID_DENY_D_567_1" FriendlyName="PowerShellShell 567" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF" />
 547 |     <Deny ID="ID_DENY_D_568_1" FriendlyName="PowerShellShell 568" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C" />
 548 |     <Deny ID="ID_DENY_D_569_1" FriendlyName="PowerShellShell 569" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276" />
 549 |     <Deny ID="ID_DENY_D_570_1" FriendlyName="PowerShellShell 570" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8" />
 550 |     <Deny ID="ID_DENY_D_571_1" FriendlyName="PowerShellShell 571" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9" />
 551 |     <Deny ID="ID_DENY_D_572_1" FriendlyName="PowerShellShell 572" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439" />
 552 |     <Deny ID="ID_DENY_D_573_1" FriendlyName="PowerShellShell 573" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21" />
 553 |     <Deny ID="ID_DENY_D_574_1" FriendlyName="PowerShellShell 574" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3" />
 554 |     <Deny ID="ID_DENY_D_575_1" FriendlyName="PowerShellShell 575" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61" />
 555 |     <Deny ID="ID_DENY_D_576_1" FriendlyName="PowerShellShell 576" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389" />
 556 |     <Deny ID="ID_DENY_D_577_1" FriendlyName="PowerShellShell 577" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52" />
 557 |     <Deny ID="ID_DENY_D_578_1" FriendlyName="PowerShellShell 578" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA" />
 558 |     <Deny ID="ID_DENY_D_579_1" FriendlyName="PowerShellShell 579" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19" />
 559 |     <Deny ID="ID_DENY_D_580_1" FriendlyName="PowerShellShell 580" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360" />
 560 |     <Deny ID="ID_DENY_D_581_1" FriendlyName="PowerShellShell 581" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC" />
 561 |     <Deny ID="ID_DENY_D_582_1" FriendlyName="PowerShellShell 582" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037" />
 562 |     <Deny ID="ID_DENY_D_583_1" FriendlyName="Winrm 583" Hash="3FA2D2963CBF47FFD5F7F5A9B4576F34ED42E552" />
 563 |     <Deny ID="ID_DENY_D_584_1" FriendlyName="Winrm 584" Hash="6C96E976DC47E0C99B77814E560E0DC63161C463C75FA15B7A7CA83C11720E82" />
 564 |     <Deny ID="ID_DENY_D_585_1" FriendlyName="PowerShellShell 585" Hash="DBB5A6F5388C574A3B5B63E65F7810AB271E9A77" />
 565 |     <Deny ID="ID_DENY_D_586_1" FriendlyName="PowerShellShell 586" Hash="6DB24D174CCF06C9138B5A9320AE4261CA0CF305357DEF1B7054DD84758E92AB" />
 566 |     <Deny ID="ID_DENY_D_587_1" FriendlyName="PowerShellShell 587" Hash="757626CF5D444F5A4AF79EDE38E9EF65FA2C9802" />
 567 |     <Deny ID="ID_DENY_D_588_1" FriendlyName="PowerShellShell 588" Hash="1E17D036EBB5E82BF2FD5BDC3ABAB08B5EA9E4504D989D2BAAAA0B6047988996" />
 568 |     <Deny ID="ID_DENY_D_589_1" FriendlyName="PowerShellShell 589" Hash="2965DC840B8F5F7ED2AEC979F21EADA664E3CB70" />
 569 |     <Deny ID="ID_DENY_D_590_1" FriendlyName="PowerShellShell 590" Hash="5449560095D020687C268BD34D9425E7A2739E1B9BFBC0886142519293E02B9D" />
 570 |     <Deny ID="ID_DENY_D_591_1" FriendlyName="PowerShellShell 591" Hash="BB47C1251866F87723A7EDEC9A01D3B955BAB846" />
 571 |     <Deny ID="ID_DENY_D_592_1" FriendlyName="PowerShellShell 592" Hash="B05F3BE23DE6AE2557D6661C6FE35E114E8A69B326A3C855023B7AC5CE9FC31B" />
 572 |     <Deny ID="ID_DENY_D_593_1" FriendlyName="PowerShellShell 593" Hash="2F3D30827E02D5FEF051E54C74ECA6AD4CC4BAD2" />
 573 |     <Deny ID="ID_DENY_D_594_1" FriendlyName="PowerShellShell 594" Hash="F074589A1FAA76A751B05AD61B968683134F3FFC10DE3077FBCEE4E263EAEB0D" />
 574 |     <Deny ID="ID_DENY_D_595_1" FriendlyName="PowerShellShell 595" Hash="10096BD0A359142A13F2B8023A341C79A4A97975" />
 575 |     <Deny ID="ID_DENY_D_596_1" FriendlyName="PowerShellShell 596" Hash="A271D72CDE48F69EB694B753BF9417CD6A72F7DA06C52E47BAB40EC2BD9DD819" />
 576 |     <Deny ID="ID_DENY_D_597_1" FriendlyName="PowerShellShell 597" Hash="F8E803E1623BA66EA2EE0751A648834130B8BE5D" />
 577 |     <Deny ID="ID_DENY_D_598_1" FriendlyName="PowerShellShell 598" Hash="E70DB033B773FE01B1D4464CAC112AF41C09E75D25FEA25AE8DAE67ED941E797" />
 578 |     <Deny ID="ID_DENY_D_599_1" FriendlyName="PowerShellShell 599" Hash="665BE52329F9CECEC1CD548A1B4924C9B1F79BD8" />
 579 |     <Deny ID="ID_DENY_D_600_1" FriendlyName="PowerShellShell 600" Hash="24CC5B946D9469A39CF892DD4E92117E0E144DC7C6FAA65E71643DEAB87B2A91" />
 580 |     <Deny ID="ID_DENY_D_601_1" FriendlyName="PowerShellShell 601" Hash="C4627F2CF69A8575D7BF7065ADF5354D96707DFD" />
 581 |     <Deny ID="ID_DENY_D_602_1" FriendlyName="PowerShellShell 602" Hash="7F1DF759C050E0EF4F9F96FF43904B418C674D4830FE61818B60CC68629F5ABA" />
 582 |     <Deny ID="ID_DENY_D_603_1" FriendlyName="PowerShellShell 603" Hash="4126DD5947E63DB50AD5C135AC39856B6ED4BF33" />
 583 |     <Deny ID="ID_DENY_D_604_1" FriendlyName="PowerShellShell 604" Hash="B38E1198F82E7C2B3123984C017417F2A48BDFF5B6DBAD20B2438D7B65F6E39F" />
 584 |     <Deny ID="ID_DENY_D_605_1" FriendlyName="PowerShellShell 605" Hash="DE16A6B93178B6C6FC33FBF3E9A86CFF070DA6D3" />
 585 |     <Deny ID="ID_DENY_D_606_1" FriendlyName="PowerShellShell 606" Hash="A3EF9A95D1E859958DEBE44C033B4562EBB9B4C6E32005CA5C07B2E07A42E2BE" />
 586 |   </FileRules>
 587 |   <!--Signers-->
 588 |   <Signers>
 589 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION_0" Name="Microsoft Product Root 2010 Windows EKU">
 590 |       <CertRoot Type="Wellknown" Value="06" />
 591 |       <CertEKU ID="ID_EKU_WINDOWS" />
 592 |     </Signer>
 593 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION_0" Name="Microsoft Product Root 2010 ELAM EKU">
 594 |       <CertRoot Type="Wellknown" Value="06" />
 595 |       <CertEKU ID="ID_EKU_ELAM" />
 596 |     </Signer>
 597 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION_0" Name="Microsoft Product Root 2010 HAL EKU">
 598 |       <CertRoot Type="Wellknown" Value="06" />
 599 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 600 |     </Signer>
 601 |     <Signer ID="ID_SIGNER_WHQL_SHA2_0" Name="Microsoft Product Root 2010 WHQL EKU">
 602 |       <CertRoot Type="Wellknown" Value="06" />
 603 |       <CertEKU ID="ID_EKU_WHQL" />
 604 |     </Signer>
 605 |     <Signer ID="ID_SIGNER_WHQL_SHA1_0" Name="Microsoft Product Root WHQL EKU SHA1">
 606 |       <CertRoot Type="Wellknown" Value="05" />
 607 |       <CertEKU ID="ID_EKU_WHQL" />
 608 |     </Signer>
 609 |     <Signer ID="ID_SIGNER_WHQL_MD5_0" Name="Microsoft Product Root WHQL EKU MD5">
 610 |       <CertRoot Type="Wellknown" Value="04" />
 611 |       <CertEKU ID="ID_EKU_WHQL" />
 612 |     </Signer>
 613 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT_0" Name="Microsoft Flighting Root 2014 Windows EKU">
 614 |       <CertRoot Type="Wellknown" Value="0E" />
 615 |       <CertEKU ID="ID_EKU_WINDOWS" />
 616 |     </Signer>
 617 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT_0" Name="Microsoft Flighting Root 2014 ELAM EKU">
 618 |       <CertRoot Type="Wellknown" Value="0E" />
 619 |       <CertEKU ID="ID_EKU_ELAM" />
 620 |     </Signer>
 621 |     <Signer ID="ID_SIGNER_HAL_FLIGHT_0" Name="Microsoft Flighting Root 2014 HAL EKU">
 622 |       <CertRoot Type="Wellknown" Value="0E" />
 623 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 624 |     </Signer>
 625 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2_0" Name="Microsoft Flighting Root 2014 WHQL EKU">
 626 |       <CertRoot Type="Wellknown" Value="0E" />
 627 |       <CertEKU ID="ID_EKU_WHQL" />
 628 |     </Signer>
 629 |     <Signer ID="ID_SIGNER_TEST2010_0" Name="MincryptKnownRootMicrosoftTestRoot2010">
 630 |       <CertRoot Type="Wellknown" Value="0A" />
 631 |     </Signer>
 632 |     <Signer ID="ID_SIGNER_WINDOWS_PRODUCTION_USER_0" Name="Microsoft Product Root 2010 Windows EKU">
 633 |       <CertRoot Type="Wellknown" Value="06" />
 634 |       <CertEKU ID="ID_EKU_WINDOWS" />
 635 |     </Signer>
 636 |     <Signer ID="ID_SIGNER_ELAM_PRODUCTION_USER_0" Name="Microsoft Product Root 2010 ELAM EKU">
 637 |       <CertRoot Type="Wellknown" Value="06" />
 638 |       <CertEKU ID="ID_EKU_ELAM" />
 639 |     </Signer>
 640 |     <Signer ID="ID_SIGNER_HAL_PRODUCTION_USER_0" Name="Microsoft Product Root 2010 HAL EKU">
 641 |       <CertRoot Type="Wellknown" Value="06" />
 642 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 643 |     </Signer>
 644 |     <Signer ID="ID_SIGNER_WHQL_SHA2_USER_0" Name="Microsoft Product Root 2010 WHQL EKU">
 645 |       <CertRoot Type="Wellknown" Value="06" />
 646 |       <CertEKU ID="ID_EKU_WHQL" />
 647 |     </Signer>
 648 |     <Signer ID="ID_SIGNER_WHQL_SHA1_USER_0" Name="Microsoft Product Root WHQL EKU SHA1">
 649 |       <CertRoot Type="Wellknown" Value="05" />
 650 |       <CertEKU ID="ID_EKU_WHQL" />
 651 |     </Signer>
 652 |     <Signer ID="ID_SIGNER_WHQL_MD5_USER_0" Name="Microsoft Product Root WHQL EKU MD5">
 653 |       <CertRoot Type="Wellknown" Value="04" />
 654 |       <CertEKU ID="ID_EKU_WHQL" />
 655 |     </Signer>
 656 |     <Signer ID="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER_0" Name="Microsoft Flighting Root 2014 Windows EKU">
 657 |       <CertRoot Type="Wellknown" Value="0E" />
 658 |       <CertEKU ID="ID_EKU_WINDOWS" />
 659 |     </Signer>
 660 |     <Signer ID="ID_SIGNER_ELAM_FLIGHT_USER_0" Name="Microsoft Flighting Root 2014 ELAM EKU">
 661 |       <CertRoot Type="Wellknown" Value="0E" />
 662 |       <CertEKU ID="ID_EKU_ELAM" />
 663 |     </Signer>
 664 |     <Signer ID="ID_SIGNER_HAL_FLIGHT_USER_0" Name="Microsoft Flighting Root 2014 HAL EKU">
 665 |       <CertRoot Type="Wellknown" Value="0E" />
 666 |       <CertEKU ID="ID_EKU_HAL_EXT" />
 667 |     </Signer>
 668 |     <Signer ID="ID_SIGNER_WHQL_FLIGHT_SHA2_USER_0" Name="Microsoft Flighting Root 2014 WHQL EKU">
 669 |       <CertRoot Type="Wellknown" Value="0E" />
 670 |       <CertEKU ID="ID_EKU_WHQL" />
 671 |     </Signer>
 672 |     <Signer ID="ID_SIGNER_STORE_0" Name="Microsoft MarketPlace PCA 2011">
 673 |       <CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
 674 |       <CertEKU ID="ID_EKU_STORE" />
 675 |     </Signer>
 676 |     <Signer ID="ID_SIGNER_RT_PRODUCTION_0" Name="Microsoft Product Root 2010 RT EKU">
 677 |       <CertRoot Type="Wellknown" Value="06" />
 678 |       <CertEKU ID="ID_EKU_RT_EXT" />
 679 |     </Signer>
 680 |     <Signer ID="ID_SIGNER_DRM_0" Name="MincryptKnownRootMicrosoftDMDRoot2005">
 681 |       <CertRoot Type="Wellknown" Value="0C" />
 682 |     </Signer>
 683 |     <Signer ID="ID_SIGNER_DCODEGEN_0" Name="MincryptKnownRootMicrosoftProductRoot2010">
 684 |       <CertRoot Type="Wellknown" Value="06" />
 685 |       <CertEKU ID="ID_EKU_DCODEGEN" />
 686 |     </Signer>
 687 |     <Signer ID="ID_SIGNER_AM_0" Name="MincryptKnownRootMicrosoftStandardRoot2011">
 688 |       <CertRoot Type="Wellknown" Value="07" />
 689 |       <CertEKU ID="ID_EKU_AM" />
 690 |     </Signer>
 691 |     <Signer ID="ID_SIGNER_RT_FLIGHT_0" Name="Microsoft Flighting Root 2014 RT EKU">
 692 |       <CertRoot Type="Wellknown" Value="0E" />
 693 |       <CertEKU ID="ID_EKU_RT_EXT" />
 694 |     </Signer>
 695 |     <Signer ID="ID_SIGNER_RT_STANDARD_0" Name="Microsoft Standard Root 2001 RT EUK">
 696 |       <CertRoot Type="Wellknown" Value="07" />
 697 |       <CertEKU ID="ID_EKU_RT_EXT" />
 698 |     </Signer>
 699 |     <Signer ID="ID_SIGNER_TEST2010_USER_0" Name="MincryptKnownRootMicrosoftTestRoot2010">
 700 |       <CertRoot Type="Wellknown" Value="0A" />
 701 |     </Signer>
 702 |   </Signers>
 703 |   <!--Driver Signing Scenarios-->
 704 |   <SigningScenarios>
 705 |     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 10-05-2018">
 706 |       <ProductSigners>
 707 |         <AllowedSigners>
 708 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION_0" />
 709 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION_0" />
 710 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION_0" />
 711 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2_0" />
 712 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1_0" />
 713 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5_0" />
 714 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT_0" />
 715 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT_0" />
 716 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT_0" />
 717 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2_0" />
 718 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010_0" />
 719 |         </AllowedSigners>
 720 |         <FileRulesRef>
 721 |           <FileRuleRef RuleID="ID_DENY_KD_KMCI_1" />
 722 |         </FileRulesRef>
 723 |       </ProductSigners>
 724 |     </SigningScenario>
 725 |     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 10-05-2018">
 726 |       <ProductSigners>
 727 |         <AllowedSigners>
 728 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_PRODUCTION_USER_0" />
 729 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_PRODUCTION_USER_0" />
 730 |           <AllowedSigner SignerId="ID_SIGNER_HAL_PRODUCTION_USER_0" />
 731 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA2_USER_0" />
 732 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_SHA1_USER_0" />
 733 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_MD5_USER_0" />
 734 |           <AllowedSigner SignerId="ID_SIGNER_WINDOWS_FLIGHT_ROOT_USER_0" />
 735 |           <AllowedSigner SignerId="ID_SIGNER_ELAM_FLIGHT_USER_0" />
 736 |           <AllowedSigner SignerId="ID_SIGNER_HAL_FLIGHT_USER_0" />
 737 |           <AllowedSigner SignerId="ID_SIGNER_WHQL_FLIGHT_SHA2_USER_0" />
 738 |           <AllowedSigner SignerId="ID_SIGNER_STORE_0" />
 739 |           <AllowedSigner SignerId="ID_SIGNER_RT_PRODUCTION_0" />
 740 |           <AllowedSigner SignerId="ID_SIGNER_DRM_0" />
 741 |           <AllowedSigner SignerId="ID_SIGNER_DCODEGEN_0" />
 742 |           <AllowedSigner SignerId="ID_SIGNER_AM_0" />
 743 |           <AllowedSigner SignerId="ID_SIGNER_RT_FLIGHT_0" />
 744 |           <AllowedSigner SignerId="ID_SIGNER_RT_STANDARD_0" />
 745 |           <AllowedSigner SignerId="ID_SIGNER_TEST2010_USER_0" />
 746 |         </AllowedSigners>
 747 |         <FileRulesRef>
 748 |           <FileRuleRef RuleID="ID_DENY_BGINFO_1" />
 749 |           <FileRuleRef RuleID="ID_DENY_CBD_1" />
 750 |           <FileRuleRef RuleID="ID_DENY_KD_1" />
 751 |           <FileRuleRef RuleID="ID_DENY_NTKD_1" />
 752 |           <FileRuleRef RuleID="ID_DENY_WINDBG_1" />
 753 |           <FileRuleRef RuleID="ID_DENY_MSBUILD_1" />
 754 |           <FileRuleRef RuleID="ID_DENY_CSI_1" />
 755 |           <FileRuleRef RuleID="ID_DENY_DBGHOST_1" />
 756 |           <FileRuleRef RuleID="ID_DENY_DBGSVC_1" />
 757 |           <FileRuleRef RuleID="ID_DENY_DNX_1" />
 758 |           <FileRuleRef RuleID="ID_DENY_RCSI_1" />
 759 |           <FileRuleRef RuleID="ID_DENY_NTSD_1" />
 760 |           <FileRuleRef RuleID="ID_DENY_LXSS_1" />
 761 |           <FileRuleRef RuleID="ID_DENY_BASH_1" />
 762 |           <FileRuleRef RuleID="ID_DENY_FSI_1" />
 763 |           <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU_1" />
 764 |           <FileRuleRef RuleID="ID_DENY_MSHTA_1" />
 765 |           <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY_1" />
 766 |           <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER_1" />
 767 |           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS_1" />
 768 |           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32_1" />
 769 |           <FileRuleRef RuleID="ID_DENY_ADDINUTIL_1" />
 770 |           <FileRuleRef RuleID="ID_DENY_WSL_1" />
 771 |           <FileRuleRef RuleID="ID_DENY_WSLCONFIG_1" />
 772 |           <FileRuleRef RuleID="ID_DENY_WSLHOST_1" />
 773 |           <FileRuleRef RuleID="ID_DENY_INFINSTALL_1" />
 774 |           <FileRuleRef RuleID="ID_DENY_LXRUN_1" />
 775 |           <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST_1" />
 776 |           <FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM_1" />
 777 |           <FileRuleRef RuleID="ID_DENY_KILL_1" />
 778 |           <FileRuleRef RuleID="ID_DENY_WMIC_1" />
 779 |           <FileRuleRef RuleID="ID_DENY_MWFC_1" />
 780 |           <FileRuleRef RuleID="ID_DENY_WFC_1" />
 781 |           <FileRuleRef RuleID="ID_DENY_D_1_1" />
 782 |           <FileRuleRef RuleID="ID_DENY_D_2_1" />
 783 |           <FileRuleRef RuleID="ID_DENY_D_3_1" />
 784 |           <FileRuleRef RuleID="ID_DENY_D_4_1" />
 785 |           <FileRuleRef RuleID="ID_DENY_D_5_1" />
 786 |           <FileRuleRef RuleID="ID_DENY_D_6_1" />
 787 |           <FileRuleRef RuleID="ID_DENY_D_7_1" />
 788 |           <FileRuleRef RuleID="ID_DENY_D_8_1" />
 789 |           <FileRuleRef RuleID="ID_DENY_D_9_1" />
 790 |           <FileRuleRef RuleID="ID_DENY_D_10_1" />
 791 |           <FileRuleRef RuleID="ID_DENY_D_11_1" />
 792 |           <FileRuleRef RuleID="ID_DENY_D_12_1" />
 793 |           <FileRuleRef RuleID="ID_DENY_D_13_1" />
 794 |           <FileRuleRef RuleID="ID_DENY_D_14_1" />
 795 |           <FileRuleRef RuleID="ID_DENY_D_15_1" />
 796 |           <FileRuleRef RuleID="ID_DENY_D_16_1" />
 797 |           <FileRuleRef RuleID="ID_DENY_D_17_1" />
 798 |           <FileRuleRef RuleID="ID_DENY_D_18_1" />
 799 |           <FileRuleRef RuleID="ID_DENY_D_19_1" />
 800 |           <FileRuleRef RuleID="ID_DENY_D_20_1" />
 801 |           <FileRuleRef RuleID="ID_DENY_D_21_1" />
 802 |           <FileRuleRef RuleID="ID_DENY_D_22_1" />
 803 |           <FileRuleRef RuleID="ID_DENY_D_23_1" />
 804 |           <FileRuleRef RuleID="ID_DENY_D_24_1" />
 805 |           <FileRuleRef RuleID="ID_DENY_D_25_1" />
 806 |           <FileRuleRef RuleID="ID_DENY_D_26_1" />
 807 |           <FileRuleRef RuleID="ID_DENY_D_27_1" />
 808 |           <FileRuleRef RuleID="ID_DENY_D_28_1" />
 809 |           <FileRuleRef RuleID="ID_DENY_D_29_1" />
 810 |           <FileRuleRef RuleID="ID_DENY_D_30_1" />
 811 |           <FileRuleRef RuleID="ID_DENY_D_31_1" />
 812 |           <FileRuleRef RuleID="ID_DENY_D_32_1" />
 813 |           <FileRuleRef RuleID="ID_DENY_D_33_1" />
 814 |           <FileRuleRef RuleID="ID_DENY_D_34_1" />
 815 |           <FileRuleRef RuleID="ID_DENY_D_35_1" />
 816 |           <FileRuleRef RuleID="ID_DENY_D_36_1" />
 817 |           <FileRuleRef RuleID="ID_DENY_D_37_1" />
 818 |           <FileRuleRef RuleID="ID_DENY_D_38_1" />
 819 |           <FileRuleRef RuleID="ID_DENY_D_39_1" />
 820 |           <FileRuleRef RuleID="ID_DENY_D_40_1" />
 821 |           <FileRuleRef RuleID="ID_DENY_D_41_1" />
 822 |           <FileRuleRef RuleID="ID_DENY_D_42_1" />
 823 |           <FileRuleRef RuleID="ID_DENY_D_43_1" />
 824 |           <FileRuleRef RuleID="ID_DENY_D_44_1" />
 825 |           <FileRuleRef RuleID="ID_DENY_D_45_1" />
 826 |           <FileRuleRef RuleID="ID_DENY_D_46_1" />
 827 |           <FileRuleRef RuleID="ID_DENY_D_47_1" />
 828 |           <FileRuleRef RuleID="ID_DENY_D_48_1" />
 829 |           <FileRuleRef RuleID="ID_DENY_D_49_1" />
 830 |           <FileRuleRef RuleID="ID_DENY_D_50_1" />
 831 |           <FileRuleRef RuleID="ID_DENY_D_51_1" />
 832 |           <FileRuleRef RuleID="ID_DENY_D_52_1" />
 833 |           <FileRuleRef RuleID="ID_DENY_D_53_1" />
 834 |           <FileRuleRef RuleID="ID_DENY_D_54_1" />
 835 |           <FileRuleRef RuleID="ID_DENY_D_55_1" />
 836 |           <FileRuleRef RuleID="ID_DENY_D_56_1" />
 837 |           <FileRuleRef RuleID="ID_DENY_D_57_1" />
 838 |           <FileRuleRef RuleID="ID_DENY_D_58_1" />
 839 |           <FileRuleRef RuleID="ID_DENY_D_59_1" />
 840 |           <FileRuleRef RuleID="ID_DENY_D_60_1" />
 841 |           <FileRuleRef RuleID="ID_DENY_D_61_1" />
 842 |           <FileRuleRef RuleID="ID_DENY_D_62_1" />
 843 |           <FileRuleRef RuleID="ID_DENY_D_63_1" />
 844 |           <FileRuleRef RuleID="ID_DENY_D_64_1" />
 845 |           <FileRuleRef RuleID="ID_DENY_D_65_1" />
 846 |           <FileRuleRef RuleID="ID_DENY_D_66_1" />
 847 |           <FileRuleRef RuleID="ID_DENY_D_67_1" />
 848 |           <FileRuleRef RuleID="ID_DENY_D_68_1" />
 849 |           <FileRuleRef RuleID="ID_DENY_D_69_1" />
 850 |           <FileRuleRef RuleID="ID_DENY_D_70_1" />
 851 |           <FileRuleRef RuleID="ID_DENY_D_71_1" />
 852 |           <FileRuleRef RuleID="ID_DENY_D_72_1" />
 853 |           <FileRuleRef RuleID="ID_DENY_D_73_1" />
 854 |           <FileRuleRef RuleID="ID_DENY_D_74_1" />
 855 |           <FileRuleRef RuleID="ID_DENY_D_75_1" />
 856 |           <FileRuleRef RuleID="ID_DENY_D_76_1" />
 857 |           <FileRuleRef RuleID="ID_DENY_D_77_1" />
 858 |           <FileRuleRef RuleID="ID_DENY_D_78_1" />
 859 |           <FileRuleRef RuleID="ID_DENY_D_79_1" />
 860 |           <FileRuleRef RuleID="ID_DENY_D_80_1" />
 861 |           <FileRuleRef RuleID="ID_DENY_D_81_1" />
 862 |           <FileRuleRef RuleID="ID_DENY_D_82_1" />
 863 |           <FileRuleRef RuleID="ID_DENY_D_83_1" />
 864 |           <FileRuleRef RuleID="ID_DENY_D_84_1" />
 865 |           <FileRuleRef RuleID="ID_DENY_D_85_1" />
 866 |           <FileRuleRef RuleID="ID_DENY_D_86_1" />
 867 |           <FileRuleRef RuleID="ID_DENY_D_87_1" />
 868 |           <FileRuleRef RuleID="ID_DENY_D_88_1" />
 869 |           <FileRuleRef RuleID="ID_DENY_D_89_1" />
 870 |           <FileRuleRef RuleID="ID_DENY_D_90_1" />
 871 |           <FileRuleRef RuleID="ID_DENY_D_91_1" />
 872 |           <FileRuleRef RuleID="ID_DENY_D_92_1" />
 873 |           <FileRuleRef RuleID="ID_DENY_D_93_1" />
 874 |           <FileRuleRef RuleID="ID_DENY_D_94_1" />
 875 |           <FileRuleRef RuleID="ID_DENY_D_95_1" />
 876 |           <FileRuleRef RuleID="ID_DENY_D_96_1" />
 877 |           <FileRuleRef RuleID="ID_DENY_D_97_1" />
 878 |           <FileRuleRef RuleID="ID_DENY_D_98_1" />
 879 |           <FileRuleRef RuleID="ID_DENY_D_99_1" />
 880 |           <FileRuleRef RuleID="ID_DENY_D_100_1" />
 881 |           <FileRuleRef RuleID="ID_DENY_D_101_1" />
 882 |           <FileRuleRef RuleID="ID_DENY_D_102_1" />
 883 |           <FileRuleRef RuleID="ID_DENY_D_103_1" />
 884 |           <FileRuleRef RuleID="ID_DENY_D_104_1" />
 885 |           <FileRuleRef RuleID="ID_DENY_D_105_1" />
 886 |           <FileRuleRef RuleID="ID_DENY_D_106_1" />
 887 |           <FileRuleRef RuleID="ID_DENY_D_107_1" />
 888 |           <FileRuleRef RuleID="ID_DENY_D_108_1" />
 889 |           <FileRuleRef RuleID="ID_DENY_D_109_1" />
 890 |           <FileRuleRef RuleID="ID_DENY_D_110_1" />
 891 |           <FileRuleRef RuleID="ID_DENY_D_111_1" />
 892 |           <FileRuleRef RuleID="ID_DENY_D_112_1" />
 893 |           <FileRuleRef RuleID="ID_DENY_D_113_1" />
 894 |           <FileRuleRef RuleID="ID_DENY_D_114_1" />
 895 |           <FileRuleRef RuleID="ID_DENY_D_115_1" />
 896 |           <FileRuleRef RuleID="ID_DENY_D_116_1" />
 897 |           <FileRuleRef RuleID="ID_DENY_D_117_1" />
 898 |           <FileRuleRef RuleID="ID_DENY_D_118_1" />
 899 |           <FileRuleRef RuleID="ID_DENY_D_119_1" />
 900 |           <FileRuleRef RuleID="ID_DENY_D_120_1" />
 901 |           <FileRuleRef RuleID="ID_DENY_D_121_1" />
 902 |           <FileRuleRef RuleID="ID_DENY_D_122_1" />
 903 |           <FileRuleRef RuleID="ID_DENY_D_123_1" />
 904 |           <FileRuleRef RuleID="ID_DENY_D_124_1" />
 905 |           <FileRuleRef RuleID="ID_DENY_D_125_1" />
 906 |           <FileRuleRef RuleID="ID_DENY_D_126_1" />
 907 |           <FileRuleRef RuleID="ID_DENY_D_127_1" />
 908 |           <FileRuleRef RuleID="ID_DENY_D_128_1" />
 909 |           <FileRuleRef RuleID="ID_DENY_D_129_1" />
 910 |           <FileRuleRef RuleID="ID_DENY_D_130_1" />
 911 |           <FileRuleRef RuleID="ID_DENY_D_131_1" />
 912 |           <FileRuleRef RuleID="ID_DENY_D_132_1" />
 913 |           <FileRuleRef RuleID="ID_DENY_D_133_1" />
 914 |           <FileRuleRef RuleID="ID_DENY_D_134_1" />
 915 |           <FileRuleRef RuleID="ID_DENY_D_135_1" />
 916 |           <FileRuleRef RuleID="ID_DENY_D_136_1" />
 917 |           <FileRuleRef RuleID="ID_DENY_D_137_1" />
 918 |           <FileRuleRef RuleID="ID_DENY_D_138_1" />
 919 |           <FileRuleRef RuleID="ID_DENY_D_139_1" />
 920 |           <FileRuleRef RuleID="ID_DENY_D_140_1" />
 921 |           <FileRuleRef RuleID="ID_DENY_D_141_1" />
 922 |           <FileRuleRef RuleID="ID_DENY_D_142_1" />
 923 |           <FileRuleRef RuleID="ID_DENY_D_143_1" />
 924 |           <FileRuleRef RuleID="ID_DENY_D_144_1" />
 925 |           <FileRuleRef RuleID="ID_DENY_D_145_1" />
 926 |           <FileRuleRef RuleID="ID_DENY_D_146_1" />
 927 |           <FileRuleRef RuleID="ID_DENY_D_147_1" />
 928 |           <FileRuleRef RuleID="ID_DENY_D_148_1" />
 929 |           <FileRuleRef RuleID="ID_DENY_D_149_1" />
 930 |           <FileRuleRef RuleID="ID_DENY_D_150_1" />
 931 |           <FileRuleRef RuleID="ID_DENY_D_151_1" />
 932 |           <FileRuleRef RuleID="ID_DENY_D_152_1" />
 933 |           <FileRuleRef RuleID="ID_DENY_D_153_1" />
 934 |           <FileRuleRef RuleID="ID_DENY_D_154_1" />
 935 |           <FileRuleRef RuleID="ID_DENY_D_155_1" />
 936 |           <FileRuleRef RuleID="ID_DENY_D_156_1" />
 937 |           <FileRuleRef RuleID="ID_DENY_D_157_1" />
 938 |           <FileRuleRef RuleID="ID_DENY_D_158_1" />
 939 |           <FileRuleRef RuleID="ID_DENY_D_159_1" />
 940 |           <FileRuleRef RuleID="ID_DENY_D_160_1" />
 941 |           <FileRuleRef RuleID="ID_DENY_D_161_1" />
 942 |           <FileRuleRef RuleID="ID_DENY_D_162_1" />
 943 |           <FileRuleRef RuleID="ID_DENY_D_163_1" />
 944 |           <FileRuleRef RuleID="ID_DENY_D_164_1" />
 945 |           <FileRuleRef RuleID="ID_DENY_D_165_1" />
 946 |           <FileRuleRef RuleID="ID_DENY_D_166_1" />
 947 |           <FileRuleRef RuleID="ID_DENY_D_167_1" />
 948 |           <FileRuleRef RuleID="ID_DENY_D_168_1" />
 949 |           <FileRuleRef RuleID="ID_DENY_D_169_1" />
 950 |           <FileRuleRef RuleID="ID_DENY_D_170_1" />
 951 |           <FileRuleRef RuleID="ID_DENY_D_171_1" />
 952 |           <FileRuleRef RuleID="ID_DENY_D_172_1" />
 953 |           <FileRuleRef RuleID="ID_DENY_D_173_1" />
 954 |           <FileRuleRef RuleID="ID_DENY_D_174_1" />
 955 |           <FileRuleRef RuleID="ID_DENY_D_175_1" />
 956 |           <FileRuleRef RuleID="ID_DENY_D_176_1" />
 957 |           <FileRuleRef RuleID="ID_DENY_D_177_1" />
 958 |           <FileRuleRef RuleID="ID_DENY_D_178_1" />
 959 |           <FileRuleRef RuleID="ID_DENY_D_179_1" />
 960 |           <FileRuleRef RuleID="ID_DENY_D_180_1" />
 961 |           <FileRuleRef RuleID="ID_DENY_D_181_1" />
 962 |           <FileRuleRef RuleID="ID_DENY_D_182_1" />
 963 |           <FileRuleRef RuleID="ID_DENY_D_183_1" />
 964 |           <FileRuleRef RuleID="ID_DENY_D_184_1" />
 965 |           <FileRuleRef RuleID="ID_DENY_D_185_1" />
 966 |           <FileRuleRef RuleID="ID_DENY_D_186_1" />
 967 |           <FileRuleRef RuleID="ID_DENY_D_187_1" />
 968 |           <FileRuleRef RuleID="ID_DENY_D_188_1" />
 969 |           <FileRuleRef RuleID="ID_DENY_D_189_1" />
 970 |           <FileRuleRef RuleID="ID_DENY_D_190_1" />
 971 |           <FileRuleRef RuleID="ID_DENY_D_191_1" />
 972 |           <FileRuleRef RuleID="ID_DENY_D_192_1" />
 973 |           <FileRuleRef RuleID="ID_DENY_D_193_1" />
 974 |           <FileRuleRef RuleID="ID_DENY_D_194_1" />
 975 |           <FileRuleRef RuleID="ID_DENY_D_195_1" />
 976 |           <FileRuleRef RuleID="ID_DENY_D_196_1" />
 977 |           <FileRuleRef RuleID="ID_DENY_D_197_1" />
 978 |           <FileRuleRef RuleID="ID_DENY_D_198_1" />
 979 |           <FileRuleRef RuleID="ID_DENY_D_199_1" />
 980 |           <FileRuleRef RuleID="ID_DENY_D_200_1" />
 981 |           <FileRuleRef RuleID="ID_DENY_D_201_1" />
 982 |           <FileRuleRef RuleID="ID_DENY_D_202_1" />
 983 |           <FileRuleRef RuleID="ID_DENY_D_203_1" />
 984 |           <FileRuleRef RuleID="ID_DENY_D_204_1" />
 985 |           <FileRuleRef RuleID="ID_DENY_D_205_1" />
 986 |           <FileRuleRef RuleID="ID_DENY_D_206_1" />
 987 |           <FileRuleRef RuleID="ID_DENY_D_207_1" />
 988 |           <FileRuleRef RuleID="ID_DENY_D_208_1" />
 989 |           <FileRuleRef RuleID="ID_DENY_D_209_1" />
 990 |           <FileRuleRef RuleID="ID_DENY_D_210_1" />
 991 |           <FileRuleRef RuleID="ID_DENY_D_211_1" />
 992 |           <FileRuleRef RuleID="ID_DENY_D_212_1" />
 993 |           <FileRuleRef RuleID="ID_DENY_D_213_1" />
 994 |           <FileRuleRef RuleID="ID_DENY_D_214_1" />
 995 |           <FileRuleRef RuleID="ID_DENY_D_215_1" />
 996 |           <FileRuleRef RuleID="ID_DENY_D_216_1" />
 997 |           <FileRuleRef RuleID="ID_DENY_D_217_1" />
 998 |           <FileRuleRef RuleID="ID_DENY_D_218_1" />
 999 |           <FileRuleRef RuleID="ID_DENY_D_219_1" />
1000 |           <FileRuleRef RuleID="ID_DENY_D_220_1" />
1001 |           <FileRuleRef RuleID="ID_DENY_D_221_1" />
1002 |           <FileRuleRef RuleID="ID_DENY_D_222_1" />
1003 |           <FileRuleRef RuleID="ID_DENY_D_223_1" />
1004 |           <FileRuleRef RuleID="ID_DENY_D_224_1" />
1005 |           <FileRuleRef RuleID="ID_DENY_D_225_1" />
1006 |           <FileRuleRef RuleID="ID_DENY_D_226_1" />
1007 |           <FileRuleRef RuleID="ID_DENY_D_227_1" />
1008 |           <FileRuleRef RuleID="ID_DENY_D_228_1" />
1009 |           <FileRuleRef RuleID="ID_DENY_D_229_1" />
1010 |           <FileRuleRef RuleID="ID_DENY_D_230_1" />
1011 |           <FileRuleRef RuleID="ID_DENY_D_231_1" />
1012 |           <FileRuleRef RuleID="ID_DENY_D_232_1" />
1013 |           <FileRuleRef RuleID="ID_DENY_D_233_1" />
1014 |           <FileRuleRef RuleID="ID_DENY_D_234_1" />
1015 |           <FileRuleRef RuleID="ID_DENY_D_235_1" />
1016 |           <FileRuleRef RuleID="ID_DENY_D_236_1" />
1017 |           <FileRuleRef RuleID="ID_DENY_D_237_1" />
1018 |           <FileRuleRef RuleID="ID_DENY_D_238_1" />
1019 |           <FileRuleRef RuleID="ID_DENY_D_239_1" />
1020 |           <FileRuleRef RuleID="ID_DENY_D_240_1" />
1021 |           <FileRuleRef RuleID="ID_DENY_D_241_1" />
1022 |           <FileRuleRef RuleID="ID_DENY_D_242_1" />
1023 |           <FileRuleRef RuleID="ID_DENY_D_243_1" />
1024 |           <FileRuleRef RuleID="ID_DENY_D_244_1" />
1025 |           <FileRuleRef RuleID="ID_DENY_D_245_1" />
1026 |           <FileRuleRef RuleID="ID_DENY_D_246_1" />
1027 |           <FileRuleRef RuleID="ID_DENY_D_247_1" />
1028 |           <FileRuleRef RuleID="ID_DENY_D_248_1" />
1029 |           <FileRuleRef RuleID="ID_DENY_D_249_1" />
1030 |           <FileRuleRef RuleID="ID_DENY_D_250_1" />
1031 |           <FileRuleRef RuleID="ID_DENY_D_251_1" />
1032 |           <FileRuleRef RuleID="ID_DENY_D_252_1" />
1033 |           <FileRuleRef RuleID="ID_DENY_D_253_1" />
1034 |           <FileRuleRef RuleID="ID_DENY_D_254_1" />
1035 |           <FileRuleRef RuleID="ID_DENY_D_255_1" />
1036 |           <FileRuleRef RuleID="ID_DENY_D_256_1" />
1037 |           <FileRuleRef RuleID="ID_DENY_D_257_1" />
1038 |           <FileRuleRef RuleID="ID_DENY_D_258_1" />
1039 |           <FileRuleRef RuleID="ID_DENY_D_259_1" />
1040 |           <FileRuleRef RuleID="ID_DENY_D_260_1" />
1041 |           <FileRuleRef RuleID="ID_DENY_D_263_1" />
1042 |           <FileRuleRef RuleID="ID_DENY_D_264_1" />
1043 |           <FileRuleRef RuleID="ID_DENY_D_267_1" />
1044 |           <FileRuleRef RuleID="ID_DENY_D_268_1" />
1045 |           <FileRuleRef RuleID="ID_DENY_D_271_1" />
1046 |           <FileRuleRef RuleID="ID_DENY_D_272_1" />
1047 |           <FileRuleRef RuleID="ID_DENY_D_275_1" />
1048 |           <FileRuleRef RuleID="ID_DENY_D_276_1" />
1049 |           <FileRuleRef RuleID="ID_DENY_D_277_1" />
1050 |           <FileRuleRef RuleID="ID_DENY_D_278_1" />
1051 |           <FileRuleRef RuleID="ID_DENY_D_279_1" />
1052 |           <FileRuleRef RuleID="ID_DENY_D_280_1" />
1053 |           <FileRuleRef RuleID="ID_DENY_D_281_1" />
1054 |           <FileRuleRef RuleID="ID_DENY_D_282_1" />
1055 |           <FileRuleRef RuleID="ID_DENY_D_283_1" />
1056 |           <FileRuleRef RuleID="ID_DENY_D_284_1" />
1057 |           <FileRuleRef RuleID="ID_DENY_D_285_1" />
1058 |           <FileRuleRef RuleID="ID_DENY_D_286_1" />
1059 |           <FileRuleRef RuleID="ID_DENY_D_287_1" />
1060 |           <FileRuleRef RuleID="ID_DENY_D_288_1" />
1061 |           <FileRuleRef RuleID="ID_DENY_D_289_1" />
1062 |           <FileRuleRef RuleID="ID_DENY_D_290_1" />
1063 |           <FileRuleRef RuleID="ID_DENY_D_293_1" />
1064 |           <FileRuleRef RuleID="ID_DENY_D_294_1" />
1065 |           <FileRuleRef RuleID="ID_DENY_D_295_1" />
1066 |           <FileRuleRef RuleID="ID_DENY_D_296_1" />
1067 |           <FileRuleRef RuleID="ID_DENY_D_297_1" />
1068 |           <FileRuleRef RuleID="ID_DENY_D_298_1" />
1069 |           <FileRuleRef RuleID="ID_DENY_D_299_1" />
1070 |           <FileRuleRef RuleID="ID_DENY_D_300_1" />
1071 |           <FileRuleRef RuleID="ID_DENY_D_301_1" />
1072 |           <FileRuleRef RuleID="ID_DENY_D_302_1" />
1073 |           <FileRuleRef RuleID="ID_DENY_D_303_1" />
1074 |           <FileRuleRef RuleID="ID_DENY_D_304_1" />
1075 |           <FileRuleRef RuleID="ID_DENY_D_305_1" />
1076 |           <FileRuleRef RuleID="ID_DENY_D_306_1" />
1077 |           <FileRuleRef RuleID="ID_DENY_D_307_1" />
1078 |           <FileRuleRef RuleID="ID_DENY_D_308_1" />
1079 |           <FileRuleRef RuleID="ID_DENY_D_309_1" />
1080 |           <FileRuleRef RuleID="ID_DENY_D_310_1" />
1081 |           <FileRuleRef RuleID="ID_DENY_D_311_1" />
1082 |           <FileRuleRef RuleID="ID_DENY_D_312_1" />
1083 |           <FileRuleRef RuleID="ID_DENY_D_313_1" />
1084 |           <FileRuleRef RuleID="ID_DENY_D_314_1" />
1085 |           <FileRuleRef RuleID="ID_DENY_D_315_1" />
1086 |           <FileRuleRef RuleID="ID_DENY_D_316_1" />
1087 |           <FileRuleRef RuleID="ID_DENY_D_317_1" />
1088 |           <FileRuleRef RuleID="ID_DENY_D_318_1" />
1089 |           <FileRuleRef RuleID="ID_DENY_D_319_1" />
1090 |           <FileRuleRef RuleID="ID_DENY_D_320_1" />
1091 |           <FileRuleRef RuleID="ID_DENY_D_321_1" />
1092 |           <FileRuleRef RuleID="ID_DENY_D_322_1" />
1093 |           <FileRuleRef RuleID="ID_DENY_D_323_1" />
1094 |           <FileRuleRef RuleID="ID_DENY_D_324_1" />
1095 |           <FileRuleRef RuleID="ID_DENY_D_325_1" />
1096 |           <FileRuleRef RuleID="ID_DENY_D_326_1" />
1097 |           <FileRuleRef RuleID="ID_DENY_D_327_1" />
1098 |           <FileRuleRef RuleID="ID_DENY_D_328_1" />
1099 |           <FileRuleRef RuleID="ID_DENY_D_329_1" />
1100 |           <FileRuleRef RuleID="ID_DENY_D_330_1" />
1101 |           <FileRuleRef RuleID="ID_DENY_D_331_1" />
1102 |           <FileRuleRef RuleID="ID_DENY_D_332_1" />
1103 |           <FileRuleRef RuleID="ID_DENY_D_333_1" />
1104 |           <FileRuleRef RuleID="ID_DENY_D_334_1" />
1105 |           <FileRuleRef RuleID="ID_DENY_D_335_1" />
1106 |           <FileRuleRef RuleID="ID_DENY_D_336_1" />
1107 |           <FileRuleRef RuleID="ID_DENY_D_337_1" />
1108 |           <FileRuleRef RuleID="ID_DENY_D_338_1" />
1109 |           <FileRuleRef RuleID="ID_DENY_D_339_1" />
1110 |           <FileRuleRef RuleID="ID_DENY_D_340_1" />
1111 |           <FileRuleRef RuleID="ID_DENY_D_341_1" />
1112 |           <FileRuleRef RuleID="ID_DENY_D_342_1" />
1113 |           <FileRuleRef RuleID="ID_DENY_D_343_1" />
1114 |           <FileRuleRef RuleID="ID_DENY_D_344_1" />
1115 |           <FileRuleRef RuleID="ID_DENY_D_345_1" />
1116 |           <FileRuleRef RuleID="ID_DENY_D_346_1" />
1117 |           <FileRuleRef RuleID="ID_DENY_D_347_1" />
1118 |           <FileRuleRef RuleID="ID_DENY_D_348_1" />
1119 |           <FileRuleRef RuleID="ID_DENY_D_349_1" />
1120 |           <FileRuleRef RuleID="ID_DENY_D_350_1" />
1121 |           <FileRuleRef RuleID="ID_DENY_D_351_1" />
1122 |           <FileRuleRef RuleID="ID_DENY_D_352_1" />
1123 |           <FileRuleRef RuleID="ID_DENY_D_353_1" />
1124 |           <FileRuleRef RuleID="ID_DENY_D_354_1" />
1125 |           <FileRuleRef RuleID="ID_DENY_D_355_1" />
1126 |           <FileRuleRef RuleID="ID_DENY_D_356_1" />
1127 |           <FileRuleRef RuleID="ID_DENY_D_357_1" />
1128 |           <FileRuleRef RuleID="ID_DENY_D_358_1" />
1129 |           <FileRuleRef RuleID="ID_DENY_D_359_1" />
1130 |           <FileRuleRef RuleID="ID_DENY_D_360_1" />
1131 |           <FileRuleRef RuleID="ID_DENY_D_361_1" />
1132 |           <FileRuleRef RuleID="ID_DENY_D_362_1" />
1133 |           <FileRuleRef RuleID="ID_DENY_D_363_1" />
1134 |           <FileRuleRef RuleID="ID_DENY_D_364_1" />
1135 |           <FileRuleRef RuleID="ID_DENY_D_365_1" />
1136 |           <FileRuleRef RuleID="ID_DENY_D_366_1" />
1137 |           <FileRuleRef RuleID="ID_DENY_D_367_1" />
1138 |           <FileRuleRef RuleID="ID_DENY_D_368_1" />
1139 |           <FileRuleRef RuleID="ID_DENY_D_369_1" />
1140 |           <FileRuleRef RuleID="ID_DENY_D_370_1" />
1141 |           <FileRuleRef RuleID="ID_DENY_D_371_1" />
1142 |           <FileRuleRef RuleID="ID_DENY_D_372_1" />
1143 |           <FileRuleRef RuleID="ID_DENY_D_373_1" />
1144 |           <FileRuleRef RuleID="ID_DENY_D_374_1" />
1145 |           <FileRuleRef RuleID="ID_DENY_D_375_1" />
1146 |           <FileRuleRef RuleID="ID_DENY_D_376_1" />
1147 |           <FileRuleRef RuleID="ID_DENY_D_377_1" />
1148 |           <FileRuleRef RuleID="ID_DENY_D_378_1" />
1149 |           <FileRuleRef RuleID="ID_DENY_D_379_1" />
1150 |           <FileRuleRef RuleID="ID_DENY_D_380_1" />
1151 |           <FileRuleRef RuleID="ID_DENY_D_381_1" />
1152 |           <FileRuleRef RuleID="ID_DENY_D_382_1" />
1153 |           <FileRuleRef RuleID="ID_DENY_D_383_1" />
1154 |           <FileRuleRef RuleID="ID_DENY_D_384_1" />
1155 |           <FileRuleRef RuleID="ID_DENY_D_385_1" />
1156 |           <FileRuleRef RuleID="ID_DENY_D_386_1" />
1157 |           <FileRuleRef RuleID="ID_DENY_D_387_1" />
1158 |           <FileRuleRef RuleID="ID_DENY_D_388_1" />
1159 |           <FileRuleRef RuleID="ID_DENY_D_389_1" />
1160 |           <FileRuleRef RuleID="ID_DENY_D_390_1" />
1161 |           <FileRuleRef RuleID="ID_DENY_D_391_1" />
1162 |           <FileRuleRef RuleID="ID_DENY_D_392_1" />
1163 |           <FileRuleRef RuleID="ID_DENY_D_393_1" />
1164 |           <FileRuleRef RuleID="ID_DENY_D_394_1" />
1165 |           <FileRuleRef RuleID="ID_DENY_D_395_1" />
1166 |           <FileRuleRef RuleID="ID_DENY_D_396_1" />
1167 |           <FileRuleRef RuleID="ID_DENY_D_397_1" />
1168 |           <FileRuleRef RuleID="ID_DENY_D_398_1" />
1169 |           <FileRuleRef RuleID="ID_DENY_D_399_1" />
1170 |           <FileRuleRef RuleID="ID_DENY_D_400_1" />
1171 |           <FileRuleRef RuleID="ID_DENY_D_401_1" />
1172 |           <FileRuleRef RuleID="ID_DENY_D_402_1" />
1173 |           <FileRuleRef RuleID="ID_DENY_D_403_1" />
1174 |           <FileRuleRef RuleID="ID_DENY_D_404_1" />
1175 |           <FileRuleRef RuleID="ID_DENY_D_405_1" />
1176 |           <FileRuleRef RuleID="ID_DENY_D_406_1" />
1177 |           <FileRuleRef RuleID="ID_DENY_D_411_1" />
1178 |           <FileRuleRef RuleID="ID_DENY_D_412_1" />
1179 |           <FileRuleRef RuleID="ID_DENY_D_427_1" />
1180 |           <FileRuleRef RuleID="ID_DENY_D_428_1" />
1181 |           <FileRuleRef RuleID="ID_DENY_D_435_1" />
1182 |           <FileRuleRef RuleID="ID_DENY_D_436_1" />
1183 |           <FileRuleRef RuleID="ID_DENY_D_441_1" />
1184 |           <FileRuleRef RuleID="ID_DENY_D_442_1" />
1185 |           <FileRuleRef RuleID="ID_DENY_D_457_1" />
1186 |           <FileRuleRef RuleID="ID_DENY_D_458_1" />
1187 |           <FileRuleRef RuleID="ID_DENY_D_463_1" />
1188 |           <FileRuleRef RuleID="ID_DENY_D_464_1" />
1189 |           <FileRuleRef RuleID="ID_DENY_D_465_1" />
1190 |           <FileRuleRef RuleID="ID_DENY_D_466_1" />
1191 |           <FileRuleRef RuleID="ID_DENY_D_467_1" />
1192 |           <FileRuleRef RuleID="ID_DENY_D_468_1" />
1193 |           <FileRuleRef RuleID="ID_DENY_D_469_1" />
1194 |           <FileRuleRef RuleID="ID_DENY_D_470_1" />
1195 |           <FileRuleRef RuleID="ID_DENY_D_471_1" />
1196 |           <FileRuleRef RuleID="ID_DENY_D_472_1" />
1197 |           <FileRuleRef RuleID="ID_DENY_D_475_1" />
1198 |           <FileRuleRef RuleID="ID_DENY_D_476_1" />
1199 |           <FileRuleRef RuleID="ID_DENY_D_477_1" />
1200 |           <FileRuleRef RuleID="ID_DENY_D_478_1" />
1201 |           <FileRuleRef RuleID="ID_DENY_D_483_1" />
1202 |           <FileRuleRef RuleID="ID_DENY_D_484_1" />
1203 |           <FileRuleRef RuleID="ID_DENY_D_493_1" />
1204 |           <FileRuleRef RuleID="ID_DENY_D_494_1" />
1205 |           <FileRuleRef RuleID="ID_DENY_D_503_1" />
1206 |           <FileRuleRef RuleID="ID_DENY_D_504_1" />
1207 |           <FileRuleRef RuleID="ID_DENY_D_507_1" />
1208 |           <FileRuleRef RuleID="ID_DENY_D_508_1" />
1209 |           <FileRuleRef RuleID="ID_DENY_D_509_1" />
1210 |           <FileRuleRef RuleID="ID_DENY_D_510_1" />
1211 |           <FileRuleRef RuleID="ID_DENY_D_511_1" />
1212 |           <FileRuleRef RuleID="ID_DENY_D_512_1" />
1213 |           <FileRuleRef RuleID="ID_DENY_D_515_1" />
1214 |           <FileRuleRef RuleID="ID_DENY_D_516_1" />
1215 |           <FileRuleRef RuleID="ID_DENY_D_519_1" />
1216 |           <FileRuleRef RuleID="ID_DENY_D_520_1" />
1217 |           <FileRuleRef RuleID="ID_DENY_D_527_1" />
1218 |           <FileRuleRef RuleID="ID_DENY_D_528_1" />
1219 |           <FileRuleRef RuleID="ID_DENY_D_529_1" />
1220 |           <FileRuleRef RuleID="ID_DENY_D_530_1" />
1221 |           <FileRuleRef RuleID="ID_DENY_D_537_1" />
1222 |           <FileRuleRef RuleID="ID_DENY_D_538_1" />
1223 |           <FileRuleRef RuleID="ID_DENY_D_539_1" />
1224 |           <FileRuleRef RuleID="ID_DENY_D_540_1" />
1225 |           <FileRuleRef RuleID="ID_DENY_D_541_1" />
1226 |           <FileRuleRef RuleID="ID_DENY_D_542_1" />
1227 |           <FileRuleRef RuleID="ID_DENY_D_543_1" />
1228 |           <FileRuleRef RuleID="ID_DENY_D_544_1" />
1229 |           <FileRuleRef RuleID="ID_DENY_D_545_1" />
1230 |           <FileRuleRef RuleID="ID_DENY_D_546_1" />
1231 |           <FileRuleRef RuleID="ID_DENY_D_547_1" />
1232 |           <FileRuleRef RuleID="ID_DENY_D_548_1" />
1233 |           <FileRuleRef RuleID="ID_DENY_D_549_1" />
1234 |           <FileRuleRef RuleID="ID_DENY_D_550_1" />
1235 |           <FileRuleRef RuleID="ID_DENY_D_551_1" />
1236 |           <FileRuleRef RuleID="ID_DENY_D_552_1" />
1237 |           <FileRuleRef RuleID="ID_DENY_D_553_1" />
1238 |           <FileRuleRef RuleID="ID_DENY_D_554_1" />
1239 |           <FileRuleRef RuleID="ID_DENY_D_555_1" />
1240 |           <FileRuleRef RuleID="ID_DENY_D_556_1" />
1241 |           <FileRuleRef RuleID="ID_DENY_D_557_1" />
1242 |           <FileRuleRef RuleID="ID_DENY_D_558_1" />
1243 |           <FileRuleRef RuleID="ID_DENY_D_559_1" />
1244 |           <FileRuleRef RuleID="ID_DENY_D_560_1" />
1245 |           <FileRuleRef RuleID="ID_DENY_D_561_1" />
1246 |           <FileRuleRef RuleID="ID_DENY_D_562_1" />
1247 |           <FileRuleRef RuleID="ID_DENY_D_563_1" />
1248 |           <FileRuleRef RuleID="ID_DENY_D_564_1" />
1249 |           <FileRuleRef RuleID="ID_DENY_D_565_1" />
1250 |           <FileRuleRef RuleID="ID_DENY_D_566_1" />
1251 |           <FileRuleRef RuleID="ID_DENY_D_567_1" />
1252 |           <FileRuleRef RuleID="ID_DENY_D_568_1" />
1253 |           <FileRuleRef RuleID="ID_DENY_D_569_1" />
1254 |           <FileRuleRef RuleID="ID_DENY_D_570_1" />
1255 |           <FileRuleRef RuleID="ID_DENY_D_571_1" />
1256 |           <FileRuleRef RuleID="ID_DENY_D_572_1" />
1257 |           <FileRuleRef RuleID="ID_DENY_D_573_1" />
1258 |           <FileRuleRef RuleID="ID_DENY_D_574_1" />
1259 |           <FileRuleRef RuleID="ID_DENY_D_575_1" />
1260 |           <FileRuleRef RuleID="ID_DENY_D_576_1" />
1261 |           <FileRuleRef RuleID="ID_DENY_D_577_1" />
1262 |           <FileRuleRef RuleID="ID_DENY_D_578_1" />
1263 |           <FileRuleRef RuleID="ID_DENY_D_579_1" />
1264 |           <FileRuleRef RuleID="ID_DENY_D_580_1" />
1265 |           <FileRuleRef RuleID="ID_DENY_D_581_1" />
1266 |           <FileRuleRef RuleID="ID_DENY_D_582_1" />
1267 |           <FileRuleRef RuleID="ID_DENY_D_583_1" />
1268 |           <FileRuleRef RuleID="ID_DENY_D_584_1" />
1269 |           <FileRuleRef RuleID="ID_DENY_D_585_1" />
1270 |           <FileRuleRef RuleID="ID_DENY_D_586_1" />
1271 |           <FileRuleRef RuleID="ID_DENY_D_587_1" />
1272 |           <FileRuleRef RuleID="ID_DENY_D_588_1" />
1273 |           <FileRuleRef RuleID="ID_DENY_D_589_1" />
1274 |           <FileRuleRef RuleID="ID_DENY_D_590_1" />
1275 |           <FileRuleRef RuleID="ID_DENY_D_591_1" />
1276 |           <FileRuleRef RuleID="ID_DENY_D_592_1" />
1277 |           <FileRuleRef RuleID="ID_DENY_D_593_1" />
1278 |           <FileRuleRef RuleID="ID_DENY_D_594_1" />
1279 |           <FileRuleRef RuleID="ID_DENY_D_595_1" />
1280 |           <FileRuleRef RuleID="ID_DENY_D_596_1" />
1281 |           <FileRuleRef RuleID="ID_DENY_D_597_1" />
1282 |           <FileRuleRef RuleID="ID_DENY_D_598_1" />
1283 |           <FileRuleRef RuleID="ID_DENY_D_599_1" />
1284 |           <FileRuleRef RuleID="ID_DENY_D_600_1" />
1285 |           <FileRuleRef RuleID="ID_DENY_D_601_1" />
1286 |           <FileRuleRef RuleID="ID_DENY_D_602_1" />
1287 |           <FileRuleRef RuleID="ID_DENY_D_603_1" />
1288 |           <FileRuleRef RuleID="ID_DENY_D_604_1" />
1289 |           <FileRuleRef RuleID="ID_DENY_D_605_1" />
1290 |           <FileRuleRef RuleID="ID_DENY_D_606_1" />
1291 |         </FileRulesRef>
1292 |       </ProductSigners>
1293 |     </SigningScenario>
1294 |   </SigningScenarios>
1295 |   <UpdatePolicySigners />
1296 |   <CiSigners>
1297 |     <CiSigner SignerId="ID_SIGNER_STORE_0" />
1298 |   </CiSigners>
1299 |   <HvciOptions>0</HvciOptions>
1300 |   <Settings>
1301 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
1302 |       <Value>
1303 |         <String>DefaultWindowsAudit</String>
1304 |       </Value>
1305 |     </Setting>
1306 |     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
1307 |       <Value>
1308 |         <String>031017</String>
1309 |       </Value>
1310 |     </Setting>
1311 |   </Settings>
1312 | </SiPolicy>


--------------------------------------------------------------------------------