Threat Detection using Windows Defender Application Control (Device Guard) in Audit Mode
Note: I originally scrapped this post because I didn’t like that audit events were only logged once per boot due to caching, however, Casey’s tweet reminded me that I shouldn’t…