Windows Defender Application Control (#WDAC) is one of the strongest protections against malicious code. It is to some extent an evolution of AppLocker, which we know from older Windows.

On the other hand, it is also one of the most complicated to deploy and therefore is usually not deployed on regular PCs, but only on specialized devices such as PAWs / SAWs.

Application Control restricts what applications and executables can be run on the device. As a baseline, you can block, for example, all code and software that is not signed. But you can go further and block specific applications or, conversely, block everything except what you explicitly allow.

Do you have App Control configured and deployed?