{"id":7064,"date":"2023-06-20T22:51:54","date_gmt":"2023-06-20T22:51:54","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=7064"},"modified":"2023-06-20T22:51:57","modified_gmt":"2023-06-20T22:51:57","slug":"intune-proactive-remediation-to-clear-old-wdac-policy","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/intune-proactive-remediation-to-clear-old-wdac-policy","title":{"rendered":"Intune Proactive Remediation to clear old WDAC policy"},"content":{"rendered":"\n<p>Recently we had machines not updating their WDAC config from Intune with the Failure 0x87d1fde8<\/p>\n\n\n\n<p>Deleting the file manually fixed this , however we needed to script this<\/p>\n\n\n\n<p>Detection : <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">\r#find old WDAC Files not updating ( 7 days )\n$oldcips = Get-ChildItem -Path \"C:\\Windows\\System32\\CodeIntegrity\\CiPolicies\\Active\" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-7))}\r\n\r\n\r\nif ($oldcips) {\n\r#files found\n    Exit 1\r\n} Else {\n#files not found\r\n    Exit 0\r\n}\r\n\r\n\r\n catch{\r\n    $errMsg = $_.exeption.essage\r\n    Write-Output $errMsg\r\n }<\/code><\/pre>\n\n\n\n<p>Remediation<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">Get-ChildItem -Path \"C:\\Windows\\System32\\CodeIntegrity\\CiPolicies\\Active\" -Recurse | Where-Object {($_.LastWriteTime -lt (Get-Date).AddDays(-7))} | Remove-Item -Force<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>Other scripts available to clear<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-application-control\/disable-windows-defender-application-control-policies\">https:\/\/learn.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-application-control\/disable-windows-defender-application-control-policies<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently we had machines not updating their WDAC config from Intune with the Failure 0x87d1fde8 Deleting the file manually fixed this , however we needed to script [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7064","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=7064"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7064\/revisions"}],"predecessor-version":[{"id":7065,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7064\/revisions\/7065"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=7064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=7064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=7064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}