Applocker CSP updates not working

dasbult · ‎Jan 25 2023

Hello!

We are using applocker via CSP (AppLocker CSP - Windows Client Management | Microsoft Learn) and it has been working great for years. But for some reason it resently stoped working with updates. If i publish a new XML the device will ge the XML, I can verify it by looking att the XML files in c:\Windows\system32\AppLocker\MDM\x\x\Applocker\ApplicationLaunchRestrictions\x\ and then the coresponding folder for each type, but it wont apply unit i remove all .policy files in c:\Windows\system32\AppLocker

Can anyone help me understand why I need to delete those files in order to get it working?

Kurt Mayer · ‎Jan 26 2023

@dasbult

Not sure why it's failing to reapply, but possibly you could take a look at this PowerShell to go about clearing the local policy. Could be a possible workaround to purge the .policy files.

How to clear a local Applocker policy

Only other thought is that possibly during a previous update, some bad policy value got set which ends up clogging the XML from properly refreshing. Only way to know that would be to backtrack through the updates, or possibly restart with a fresh policy config rather than continuing to update the existing.

Please upvote and accept this thread as answered if it's helpful, thanks!

Rudy_Ooms_MVP · ‎Jan 26 2023

Noticed it a couple of times... each time it happened there was an additional applocker policy on the device itself (which is odd ofcourse)
https://call4cloud.nl/2021/01/applocker-the-meltdown/
Removing them indeed sovles it, but shouldn't be necessary.

Applocker CSP updates not working

Applocker CSP updates not working

Re: Applocker CSP updates not working

Re: Applocker CSP updates not working

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Applocker CSP updates not working

Applocker CSP updates not working

Re: Applocker CSP updates not working

Re: Applocker CSP updates not working