WDAC, unsigned DLL's and event 3076

Hello,

Auditing CodeIntegrity logs & WDAC, I notice event 3076 on unsigned DLL's occasionally.

For example I get:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\OpenText\Office Editor\OTEditTray.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\OpenText\Office Editor\DotNetZip.dll that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:{4e5c9183-a679-42e5-bf5b-a7cbfddba137}). However, due to code integrity auditing policy, the image was allowed to load.

This DLL is not signed. But the matching event 3089 says that VerificationError was 0, which would suggest it passes.

I used sigcheck to check my program files folder. There are 2122 files without signature! Surely I'm not expected to define rules for each of them? Also, the ones without certfificates say "Signed".

Finally, I don't see a way to control what WDAC does with unsigned DLL's, and there's nothign in the odcumentation about it that I can find.

So is this 3076 "fake", and the DLL would load anyways? Or am I missing something here?