.. /VisualUiaVerifyNative.exe

Star

A Windows SDK binary for manual and automated testing of Microsoft UI Automation implementation and controls.

• https://bohops.com/2020/10/15/exploring-the-wdac-microsoft-recommended-block-rules-visualuiaverifynative/
• https://github.com/MicrosoftDocs/windows-itpro-docs/commit/937db704b9148e9cee7c7010cad4d00ce9c4fdad

AWL bypass

1. Generate Serialized gadget and save to - C:\Users\[current user]\AppData\Roaminguiverify.config before executing.

   VisualUiaVerifyNative.exe

   Use case

   Execute proxied payload with Microsoft signed binary to bypass WDAC policies

   Privileges required

   User

   Operating systems

   Windows 10 2004 (likely previous and newer versions as well)

   ATT&CK® technique

   T1218