Add to the list of Windows defenses that don't seem to do anything: Starting with Windows 11 22H2, Software Restriction Policies (SRP) no longer seem to do anything. Hopefully nobody is relying on this capability!
Will Dormann @wdormann
5 Nov 2022
Replying to @NathanMcNulty
2 problems: 1) NTFS-level no-exec perms catch EXE and friends. But not other things like JS, HTA... 2) Path-based Software Restriction Policies work way better for blocking things that run. The kicker: Starting with Win11 22H2, newly-created policies don't work. Bugs everywhere!
5
38
6
102
As foundational as SRP was, it really is irrelevant as a modern application control solution (even if it can still do something* in previous OS versions)
1
1
Replying to @bohops
If it's never been officially announced as deprecated or no longer functional, and it's still advertised as a thing that works... Is is really irrelevant?

Nov 6, 2022 · 2:43 AM UTC

2
1
Replying to @wdormann @bohops
I wouldn't at all be surprised if more computers are protected by SRPs that are protected by customized deployments of WDAC.
2
3
For example, I use SRPs on my workstation, and I didn't know until today that they don't work on most Win11 22H2 systems. 🤷‍♂️
1
1
more replies
Replying to @wdormann @bohops
The official announcement that SRPs are deprecated, was somewhere in W10 1803 (I've covered it here: borncity.com/win/2022/11/08/…). But my German blog readers are commenting, that SRP is still working in Win11 22H2. I can't test anything, no machine with that build.

Windows 11 22H2 no longer supports Software Restriction Policies (SRP)

[German]A brief note to Windows administrators who still rely on Software Restriction Policies (SRP). This security feature has been deprecated since 2020, but is still supported in Windows 10. But...

borncity.com
1
1
I have one machine where SRP works on 22H2. With every other machine, including one installed as 22H2 and one that had working SRP as 22H1 and then upgraded to 22H2, SRP does not work. ESPECIALLY on Win11 22H2, one shouldn't assume SRP works w/o testing.
Will Dormann @wdormann
7 Nov 2022
Replying to @wdormann
To visualize this bug in action: Here's a Win11 21H1 system with SRP working fine. Rebooting to install 22H2 (with the boring parts sped up) results in a system with SRP not working at all. Is there any way to interpret this in a way other than Win11 22H2 breaks SRP (for most)?
Show this thread
2
2
more replies