Forum Discussion
WDAC Policies not applying!
Figured it out.
I used wbemtest to browse the WMI Bridge to see whether I could find instances of the CI policies.
I found 4, two of which were mine. A third was related to driver integrity, and the 4th was the policy that was getting my way.
I deleted the offtending instance direclty from wbemtest, and now everything works as expected, or at least the CI event log is showing things I expected.
This is somewhat documented here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune
Where it mentions that pre-1903 policies must be deleted by script or overridden. Because I had used the intune builtin policy, I fell under this category, even though I was using a 21H2 machine.
Figured it out.
I used wbemtest to browse the WMI Bridge to see whether I could find instances of the CI policies.
I found 4, two of which were mine. A third was related to driver integrity, and the 4th was the policy that was getting my way.
I deleted the offtending instance direclty from wbemtest, and now everything works as expected, or at least the CI event log is showing things I expected.
This is somewhat documented here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune
Where it mentions that pre-1903 policies must be deleted by script or overridden. Because I had used the intune builtin policy, I fell under this category, even though I was using a 21H2 machine.