Error APPlocker: dont blocking, only audit

Copper Contributor

I created an APPLocker rule via GPO to block the installation of applications; however, the blocking is not working, only generating a log in the event viewer with the message: "softwarexx.exe was allowed to run, but it would have been prevented if the AppLocker policy were applied. 

I have already checked, and the computer is in the OU where the GPO is applied. I verified the GPO links and groups, and they are correct. I also checked the "Application Identity" service on the workstation, and it is running. Both the domain controllers and the workstation are fully up-to-date. The domain controller is Windows Server 2016, and the workstation is Windows 10 Pro version 22H2. I tried using the "Enforce rules" option, but it doesn't work. It only audits.

I created a lab environment, and the APPLocker rule worked correctly there. The only difference from the non-working environment is the version of the domain controller; in my lab, it's Windows Server 2019, while in the non-working environment, it's Windows Server 2016. Could this be related? I checked the APPLocker documentation, and it states that WS 2016 is supported.

Can someone help me?

0 Replies