0

I have a WDAC policy running and have been testing out enforced mode. The machines this will eventually go on cannot have notifications going to the user as this will be a single purpose machine and we can't potentially have notifications disrupting users.

We are currently blocking all desktop notifications and windows defender notifications through GPO but this doesn't seem to apply to either type.

Tony Paolucci
  • 1
  • 1
  • I suggest removing the items on the machine that users aren't supposed to work with and get blocked when they try to run them. That's the only way to prevent the block notification from appearing. The notifications are necessary because otherwise users can't know whether the file they tried to run was actually run or failed. For single purpose machine that you are rolling out to users and has WDAC policy deployed, it's better to remove the extra items that aren't supposed to run on it. – SpyNet May 05 '23 at 09:41

1 Answers1

0

If it is in enforced mode notifications can't be disabled, as they notified when something gets blocked

You could put the rule in audit mode, you won't receive notification but the file won't be blocked, to see what files would be being blocked in enforced mode you would have to go to event Viewer Check this

marcosagni98
  • 80
  • 1
  • 12