Simulation
The Simulation page in AppControl Manager allows you to simulate an App Control for Business policy deployment. Simply select folders or files and a policy XML file, it will show you whether the selected files would be allowed or blocked by your App Control policy if it was actually deployed on a system and those files were running.
There will be very detailed results of each file that participates in the Simulation process. You can use sorting and search features to categories and find the files quickly.
-
Have an App Control policy and you want to test whether all of the files of a program will be allowed by the policy without running the program first? Use this App Control simulation to find out.
-
Employ this simulation method to discover files that are not explicitly specified in the App Control policy but are still authorized to run by it due to implicit authorization.
-
Identify files that have hash mismatch and will not be permitted by App Control engine using signature. These files are typically found in questionable software because they are tampered with.
-
And many more use cases...
-
Select XML File: Use this button to browse for the App Control XML policy file that will be used for the simulation.
-
Select Files: Use this button to browse for file(s) to be tested against the selected policy.
-
Select Folders: Use this button to browse for folder(s) the files of which will be tested against the selected policy.
-
Scalability: Use the gauge to select the number of threads to be used for the simulation. The more threads you use, the faster the simulation will be completed and the more CPU/Disk resources will be consumed.
-
Cat Root Paths: Browse for one or more folders that contain
.catsecurity catalogs. Security catalogs are signed objects that include the hashes of other files. Code Integrity in Windows uses these files to determine the signing status of unsigned files. The security catalogs in the folders you specify will be used to determine the signing status of the files you are testing.
Tip
Files do not need to contain a digital signature in order to be considered as signed in the OS. If a file's hash is included in one of the installed security catalogs on the system, its signing status will be acquired from the security catalog, and it will be considered a signed file.
-
No Cat Root Scanning: It's a toggle button. You can use it to turn off the scanning of security catalogs that are installed on the system by default. If it is turned off, the results of the simulation might not be accurate if the signing status of some of the files depend on security catalogs to be determined.
-
Save Output to CSV: Use this toggle button to save the output of the App Control Simulation to a CSV file at the end.
-
Clear Data: Use this button to clear the Simulation results data displayed on the page.
- Create AppControl Policy
- Create Supplemental Policy
- System Information
- Configure Policy Rule Options
- Simulation
- Allow New Apps
- Build New Certificate
- Create Policy From Event Logs
- Create Policy From MDE Advanced Hunting
- Create Deny Policy
- Merge App Control Policies
- Deploy App Control Policy
- Get Code Integrity Hashes
- Get Secure Policy Settings
- Update
- Sidebar
- Validate Policies
- View File Certificates
- Introduction
- How To Generate Audit Logs via App Control Policies
- How To Create an App Control Supplemental Policy
- The Strength of Signed App Control Policies
- How To Upload App Control Policies To Intune Using AppControl Manager
- How To Create and Maintain Strict Kernel‐Mode App Control Policy
- How to Create an App Control Deny Policy
- App Control Notes
- How to use Windows Server to Create App Control Code Signing Certificate
- Fast and Automatic Microsoft Recommended Driver Block Rules updates
- App Control policy for BYOVD Kernel mode only protection
- EKUs in App Control for Business Policies
- App Control Rule Levels Comparison and Guide
- Script Enforcement and PowerShell Constrained Language Mode in App Control Policies
- How to Use Microsoft Defender for Endpoint Advanced Hunting With App Control
- App Control Frequently Asked Questions (FAQs)
- Create Bootable USB flash drive with no 3rd party tools
- Event Viewer
- Group Policy
- How to compact your OS and free up extra space
- Hyper V
- Overrides for Microsoft Security Baseline
- Git GitHub Desktop and Mandatory ASLR
- Signed and Verified commits with GitHub desktop
- About TLS, DNS, Encryption and OPSEC concepts
- Things to do when clean installing Windows
- Comparison of security benchmarks
- BitLocker, TPM and Pluton | What Are They and How Do They Work
- How to Detect Changes in User and Local Machine Certificate Stores in Real Time Using PowerShell
- Cloning Personal and Enterprise Repositories Using GitHub Desktop
- Only a Small Portion of The Windows OS Security Apparatus
- Rethinking Trust: Advanced Security Measures for High‐Stakes Systems
- Clean Source principle, Azure and Privileged Access Workstations
- How to Securely Connect to Azure VMs and Use RDP
- Basic PowerShell tricks and notes
- Basic PowerShell tricks and notes Part 2
- Basic PowerShell tricks and notes Part 3
- Basic PowerShell tricks and notes Part 4
- Basic PowerShell tricks and notes Part 5
- How To Access All Stream Outputs From Thread Jobs In PowerShell In Real Time
- PowerShell Best Practices To Follow When Coding
- How To Asynchronously Access All Stream Outputs From Background Jobs In PowerShell
- Powershell Dynamic Parameters and How to Add Them to the Get‐Help Syntax
- RunSpaces In PowerShell
- How To Use Reflection And Prevent Using Internal & Private C# Methods in PowerShell
