filecheck .ru

WDRulesEngine.exe — это исполняемый файл (программа) для Windows. Расширение имени файла .exe — это аббревиатура от англ. слова executable — исполнимый. Необходимо запускать исполняемые файлы от проверенных производителей программ, потому что исполняемые файлы могут потенциально изменить настройки компьютера или нанести вред вашему компьютеру. Бесплатный форум с информацией о файлах может помочь вам разобраться является ли WDRulesEngine.exe вирусом, трояном, программой-шпионом, рекламой, которую вы можете удалить, или файл принадлежит системе Windows или приложению, которому можно доверять.

Вот так, вы сможете исправить ошибки, связанные с WDRulesEngine.exe

1. Используйте программу Настройщик Windows, чтобы найти причину проблем, в том числе и медленной работы компьютера.
2. Обновите программу WD Rules Engine. Обновление можно найти на сайте производителя (ссылка приведена ниже).
3. В следующих пунктах предоставлено описание работы WDRulesEngine.exe.

Информация о файле WDRulesEngine.exe

Описание: WDRulesEngine.exe не является необходимым для Windows. Файл WDRulesEngine.exe находится в подпапках «C:\Program Files». Известны следующие размеры файла для Windows 10/8/7/XP 1,177,536 байт (40% всех случаев), 1,338,256 байт, 1,177,496 байт, 1,338,264 байт или 1,091,984 байт.
Название сервиса — WDRulesService.
У процесса нет видимого окна. Поставлена цифровая подпись. Это не файл Windows. Процесс можно деинсталлировать из панели инструментов. Это файл, подписанный Verisign. Поэтому технический рейтинг надежности 12% опасности.
Если у вас есть какие-либо проблемы с WDRulesEngine.exe, Вы можете удалить программное обеспечение WD SmartWare, используя функцию «Установка и удаление программ» в Панели управления Windows, получить помощь от поставщика программного обеспечения WDC или обновить программу до последней версии.

Важно: Некоторые вредоносные программы маскируют себя как WDRulesEngine.exe, особенно, если они расположены в каталоге c:\windows или c:\windows\system32. Таким образом, вы должны проверить файл WDRulesEngine.exe на вашем ПК, чтобы убедиться, что это угроза. Мы рекомендуем Security Task Manager для проверки безопасности вашего компьютера.

Комментарий пользователя

Лучшие практики для исправления проблем с WDRulesEngine

Аккуратный и опрятный компьютер — это главное требование для избежания проблем с WDRulesEngine. Для этого требуется регулярная проверка компьютера на вирусы, очистка жесткого диска, используя cleanmgr и sfc /scannow, удаление программ, которые больше не нужны, проверка программ, которые запускаются при старте Windows (используя msconfig) и активация Автоматическое обновление Windows. Всегда помните о создании периодических бэкапов, или в крайнем случае о создании точек восстановления.

Если у вас актуальные проблемы, попробуйте вспомнить, что вы делали в последнее время, или последнюю программу, которую вы устанавливали перед тем, как появилась впервые проблема. Используйте команду resmon, чтобы определить процесс, который вызывает проблемы. Даже если у вас серьезные проблемы с компьютером, прежде чем переустанавливать Windows, лучше попробуйте восстановить целостность установки ОС или для Windows 8 и более поздних версий Windows выполнить команду DISM.exe /Online /Cleanup-image /Restorehealth. Это позволит восстановить операционную систему без потери данных.

Следующие программы могут вам помочь для анализа процесса WDRulesEngine.exe на вашем компьютере: Security Task Manager отображает все запущенные задания Windows, включая встроенные скрытые процессы, такие как мониторинг клавиатуры и браузера или записей автозагрузки. Уникальная оценка рисков безопасности указывает на вероятность процесса быть потенциально опасным — шпионской программой, вирусом или трояном. Malwarebytes Anti-Malware определяет и удаляет бездействующие программы-шпионы, рекламное ПО, трояны, кейлоггеры, вредоносные программы и трекеры с вашего жесткого диска.

WDRulesEngine сканер

Security Task Manager показывает все запущенные сервисы Windows, включая внедренные скрытые приложения (например, мониторинг клавиатуры или браузера, авто вход). Уникальный рейтинг надежности указывает на вероятность того, что процесс потенциально может быть вредоносной программой-шпионом, кейлоггером или трояном.

Бесплатный aнтивирус находит и удаляет неактивные программы-шпионы, рекламу, трояны, кейлоггеры, вредоносные и следящие программы с вашего жесткого диска. Идеальное дополнение к Security Task Manager.

Reimage бесплатное сканирование, очистка, восстановление и оптимизация вашей системы.

Настройка правил общей папки развертывания MDT Configure MDT deployment share rules

В этом разделе вы узнаете, как настроить модуль правил MDT, чтобы обращаться к другим ресурсам, в том числе внешним скриптам, базам данных и веб-службам, для получения дополнительной информации вместо хранения параметров непосредственно в модуле правил. In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. Обработчик правил MDT отличается широкими возможностями: большинство параметров, которые используются для развертывания операционной системы, задаются через обработчик правил. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. Обработчик правил хранит данные в текстовом файле CustomSettings.ini. In its simplest form, the rules engine is the CustomSettings.ini text file.

Назначение параметров Assign settings

При использовании MDT можно задавать параметры тремя различными способами. When using MDT, you can assign setting in three distinct ways:

• Можно предварительно вывести данные перед развертыванием. You can pre-stage the information before deployment.
• Можно запросить данные у пользователя или специалиста. You can prompt the user or technician for information.
• Можно настроить MDT на автоматическое создание параметров. You can have MDT generate the settings automatically.

Чтобы проиллюстрировать эти три варианта, рассмотрим некоторые примеры конфигураций. In order to illustrate these three options, let’s look at some sample configurations.

Примеры конфигураций Sample configurations

Прежде чем добавлять расширенные компоненты, такие как скрипты, базы данных и веб-службы, обратите внимание на часто используемые конфигурации, которые приводятся ниже и демонстрируют возможности обработчика правил. Before adding the more advanced components like scripts, databases, and web services, consider the commonly used configurations below; they demonstrate the power of the rules engine.

Задание имени компьютера на основе MAC-адреса Set computer name by MAC Address

Если у вас небольшая тестовая среда или просто нужно задать параметры для небольшого количества компьютеров, можно изменить правила так, чтобы задавать параметры для определенного MAC-адреса. If you have a small test environment, or simply want to assign settings to a very limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. Если компьютеров много, имеет смысл использовать базу данных. If you have many machines, it makes sense to use the database instead.

В предыдущем примере имя компьютера PC00075 было задано для компьютера с MAC-адресом 00:15:5D:85:6B:00. In the preceding sample, you set the PC00075 computer name for a machine with a MAC Address of 00:15:5D:85:6B:00.

Задание имени компьютера на основе серийного номера Set computer name by serial number

Другой способ задать имя компьютера — использовать его серийный номер. Another way to assign a computer name is to identify the machine via its serial number.

В этом примере имя компьютера PC00075 задано для компьютера с серийным номером CND0370RJ7. In this sample, you set the PC00075 computer name for a machine with a serial number of CND0370RJ7.

Создание имени компьютера на основе серийного номера Generate a computer name based on a serial number

Также можно настроить модуль правил так, чтобы использовать известное свойство, например, серийный номер, для создания имени компьютера при необходимости. You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.

В этом примере правила будут настроены так, чтобы задавать имя компьютера с использованием префикса «PC-» и серийного номера. In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. Если серийный номер компьютера — CND0370RJ7, предыдущая настройка задает имя компьютера как PC-CND0370RJ7. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7. Примечание Note

Будьте осторожны при использовании серийного номера для именования компьютеров. Be careful when using the serial number to assign computer names. Серийный номер может содержать более 15 символов, тогда как настройки Windows ограничивают имя компьютера 15 символами. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.

Создание ограниченного имени компьютера на основе серийного номера Generate a limited computer name based on a serial number

Чтобы избежать назначения компьютеру имени длиной более 15 символов, можно настроить правила более тонко и добавить функции VBScript, например, следующим образом: To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:

В предыдущем примере имя компьютера по-прежнему задается с помощью правил в виде префикса (PC-) и серийного номера. In the preceding sample, you still configure the rules to set the computer name to a prefix (PC-) followed by the serial number. Однако путем добавления функции VBScript Left правило использует только первые 12 символов серийного номера для имени. However, by adding the Left VBScript function, you configure the rule to use only the first 12 serial-number characters for the name.

Добавление компьютеров в другое организационное подразделение в Active Directory Add laptops to a different organizational unit (OU) in Active Directory

В правилах есть встроенные свойства, в которых используется запрос инструментария управления Windows (WMI), чтобы определить, является ли компьютер, на котором выполняется развертывание, ноутбуком, настольным ПК или сервером. In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you are deploying is a laptop, desktop, or server. В данном примере предполагается, что в другие организационные подразделения Active Directory добавляются ноутбуки. In this sample, we assume you want to add laptops to different OUs in Active Directory. Обратите внимание, что ByLaptopType не является зарезервированным словом; это имя читаемого раздела. Note that ByLaptopType is not a reserved word; rather, it is the name of the section to read.

The rules engine reported a failed VL activation attempt.

Freshly installed Windows 10 on Razer blade laptop and activated successfully with purchased key also updated the windows. But regularly getting these error messages in event log(screenshots below) and after that wifi stops working.

The ‘security-spp’ service starts, logs this error message, shuts down the service, then starts it again to repeat the cycle.

I use windows only for gaming so ,installed just steam, origin, kaspersky antivirus and chrome browser nothing else and even if don’t open anything these error gets logged in event manager.

Any help regarding this is highly appreciated and please do not tell me to do things like sfc/ scannow or repairs.

***Post moved by the moderator to the appropriate forum category.***

Replies (3) 

The The rules engine reported a failed VL activation attempt error message is related to volume license activation. If you are receiving this in the Event logs, then you are most likely using a Windows 10 volume license key that is failing to activate. We suggest posting your query in our TechNet forums where we have experts who are more knowledgeable with these types of concerns.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Where did you purchase the Windows 10 Pro key?

Have you tried running the troubleshooter?

The troubleshooter also corrects a second, less common issue. If you searched the web, you might have found and entered a Global Volume License (GVL) Key. GVL Keys only work for PCs in an Enterprise environment where the administrator has setup this system of licensing. If you mistakenly entered a GVL Key, you PC will no longer accept regular product keys, and will give the activation error 0x8007007B (or even 0xC004E016, 0x8007232B, 0xC004F074, 0xC004F038). This troubleshooter will identify the GVL Key and replace it with a regular retail default key. Your PC will not activate yet, but now will accept normal retail and OEM product keys.

Understand WDAC policy rules and file rules

Applies to:

• WindowsВ 10
• WindowsВ Server 2016 and above

Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes policy rules that control options such as audit mode or whether user mode code integrity (UMCI) is enabled in a WDAC policy, and file rules (or file rule levels) that specify the level at which applications will be identified and trusted.

Windows Defender Application Control policy rules

To modify the policy rule options of an existing WDAC policy XML, use Set-RuleOption. The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy:

To ensure that UMCI is enabled for a WDAC policy that was created with the -UserPEs (user mode) option, add rule option 0 to an existing policy by running the following command:

Note that a policy that was created without the -UserPEs option is empty of user mode executables, that is, applications. If you enable UMCI (Option 0) for such a policy and then attempt to run an application, Windows Defender Application Control will see that the application is not on its list (which is empty of applications), and respond. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. To create a policy that includes user mode executables (applications), when you run New-CIPolicy , include the -UserPEs option.

To disable UMCI on an existing WDAC policy, delete rule option 0 by running the following command:

-Option 0 -Delete

You can set several rule options within a WDAC policy. Table 1 describes each rule option.

We recommend that you use Enabled:Audit Mode initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the Enabled:Audit Mode is deleted, the policy runs in enforced mode.

Table 1. Windows Defender Application Control policy — policy rule options

Rule option	Description
0 Enabled:UMCI	WDAC policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts.
1 Enabled:Boot Menu Protection	This option is not currently supported.
2 Required:WHQL	By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified.
3 Enabled:Audit Mode (Default)	Enables the execution of binaries outside of the WDAC policy but logs each occurrence in the CodeIntegrity event log, which can be used to update the existing policy before enforcement. To begin enforcing a WDAC policy, delete this option.
4 Disabled:Flight Signing	If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flighted builds.
5 Enabled:Inherit Default Policy	This option is reserved for future use and currently has no effect.
6 Enabled:Unsigned System Integrity Policy (Default)	Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications.
7 Allowed:Debug Policy Augmented	This option is not currently supported.
8 Required:EV Signers	In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement.
9 Enabled:Advanced Boot Options Menu	The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users.
10 Enabled:Boot Audit on Failure	Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log.
11 Disabled:Script Enforcement	This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to Constrained Language Mode. NOTE: This option is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, as well as on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on pre-1903 versions of Windows 10 without the 10C or later LCU is not supported and may have unintended results.
12 Required:Enforce Store Applications	If this rule option is enabled, WDAC policies will also apply to Universal Windows applications.
13 Enabled:Managed Installer	Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer.
14 Enabled:Intelligent Security Graph Authorization	Use this option to automatically allow applications with «known good» reputation as defined by Microsoft’s Intelligent Security Graph (ISG).
15 Enabled:Invalidate EAs on Reboot	When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically re-validate the reputation for files that were authorized by the ISG.
16 Enabled:Update Policy No Reboot	Use this option to allow future WDAC policy updates to apply without requiring a system reboot. NOTE: This option is only supported on Windows 10, version 1709, and above.
17 Enabled:Allow Supplemental Policies	Use this option on a base policy to allow supplemental policies to expand it. NOTE: This option is only supported on Windows 10, version 1903, and above.
18 Disabled:Runtime FilePath Rule Protection	Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. NOTE: This option is only supported on Windows 10, version 1903, and above.
19 Enabled:Dynamic Code Security	Enables policy enforcement for .NET applications and dynamically-loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above.

Windows Defender Application Control file rule levels

File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as fine-tuned as the hash of each binary or as general as a CA certificate. You specify file rule levels both when you create a new WDAC policy from a scan and when you create a policy from audit events. In addition, to combine rule levels found in multiple policies, you can merge the policies. When merged, WDAC policies combine their file rules, so that any application that would be allowed by either of the original policies will be allowed by the combined policy.

Each file rule level has its benefit and disadvantage. Use Table 2 to select the appropriate protection level for your available administrative resources and Windows Defender Application Control deployment scenario.

Table 2. Windows Defender Application Control policy — file rule levels

Rule level	Description
Hash	Specifies individual hash values for each discovered binary. Although this level is specific, it can cause additional administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update.
FileName	Specifies individual binary file names. Although the hash values for an application are modified when updated, the file names are typically not. This offers less specific security than the hash level but does not typically require a policy update when any binary is modified.
FilePath	Beginning with Windows 10 version 1903, this specifies rules that allow execution of binaries contained under specific file path locations. Additional information about FilePath level rules can be found below.
SignedVersion	This combines the publisher rule with a version number. This option allows anything from the specified publisher, with a version at or above the specified version number, to run.
Publisher	This is a combination of the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. This rule level allows organizations to trust a certificate from a major CA (such as Symantec), but only if the leaf certificate is from a specific company (such as Intel, for device drivers).
FilePublisher	This is a combination of the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number.
LeafCertificate	Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product will have different hash values but typically the same signing certificate. Using this level, no policy update would be needed to run the new version of the application. However, leaf certificates have much shorter validity periods than CA certificates, so additional administrative overhead is associated with updating the WDAC policy when these certificates expire.
PcaCertificate	Adds the highest available certificate in the provided certificate chain to signers. This is typically one certificate below the root certificate, because the scan does not validate anything beyond the certificates included in the provided signature (it does not go online or check local root stores).
RootCertificate	Currently unsupported.
WHQL	Trusts binaries if they have been validated and signed by WHQL. This is primarily for kernel binaries.
WHQLPublisher	This is a combination of the WHQL and the CN on the leaf certificate and is primarily for kernel binaries.
WHQLFilePublisher	Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This is primarily for kernel binaries.

When you create WDAC policies with New-CIPolicy, you can specify a primary file rule level by including the -Level parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the -Fallback parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.

WDAC only supports signer rules for RSA certificate signing keys with a maximum of 4096 bits.

Example of file rule levels in use

For example, consider some IT professionals in a department that runs many servers. They decide they want their servers to run only software signed by the providers of their software and drivers, that is, the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run.

To create the WDAC policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run New-CIPolicy with -Level Publisher (to allow software from their software providers, the «Publishers») and -Fallback Hash (to allow the internal, unsigned application). They enable the policy in auditing mode and gather information about any necessary software that was not included on the reference server. They merge WDAC policies into the original policy to allow that additional software to run. Then they enable the WDAC policy in enforced mode for their servers.

As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the «Publisher» remains the same on those updates and software, they will not need to update their WDAC policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the WDAC policy so that the hash in the policy matches the hash of the updated internal application.

They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by WDAC policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required).

More information about filepath rules

Filepath rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. IT Pros should take care while crafting path rules to allow paths that they know are likely to remain to be admin-writeable only and deny execution from sub-directories where standard users can modify ACLs on the folder.

By default, WDAC performs a user-writeability check at runtime which ensures that the current permissions on the specified filepath and its parent directories (recursively) do not allow standard users write access.

There is a defined list of SIDs which WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable even if the additional SID is associated to a custom admin user. To handle these special cases, you can override WDAC’s runtime admin-writeable check with the Disabled:Runtime FilePath Rule Protection option described above.

WDAC’s list of well-known admin SIDs are:
S-1-3-0; S-1-5-18; S-1-5-19; S-1-5-20; S-1-5-32-544; S-1-5-32-549; S-1-5-32-550; S-1-5-32-551; S-1-5-32-577; S-1-5-32-559; S-1-5-32-568; S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394; S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523.

When generating filepath rules using New-CIPolicy, a unique, fully-qualified path rule is generated for every file discovered in the scanned path(s). To create rules that instead allow all files under a specified folder path, use New-CIPolicyRule to define rules containing wildcards using the -FilePathRules switch.

Wildcards can be used at the beginning or end of a path rule; only one wildcard is allowed per path rule. Wildcards placed at the end of a path authorize all files in that path and its subdirectories recursively (ex. C:\\* would include C:\foo\\* ). Wildcards placed at the beginning of a path will allow the exact specified filename under any path (ex. *\bar.exe would allow C:\bar.exe and C:\foo\bar.exe ). Wildcards in the middle of a path are not supported (ex. C:\\*\foo.exe ). Without a wildcard, the rule will allow only a specific file (ex. C:\foo\bar.exe ).
The use of macros is also supported and useful in scenarios where the system drive is different from the C:\ drive. Supported macros: %OSDRIVE% , %WINDIR% , %SYSTEM32% .

Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in Deploy multiple WDAC policies.

Windows Defender Application Control filename rules

File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies.

Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level.

Table 3. Windows Defender Application Control policy — filename levels