I retract this question, the cause of the problem was user error, somehow UMCI got unchecked on the policy.
Signing an audit App Control for Business (WDAC) Policy Doesn't Log Events?
Hello,
We have several App Control for Business policies deployed on our fleet of machines, several of them are signed and enforced.
We had one policy in audit mode (unsigned), and the Code Integrity logs for this policy came in just fine. No issues for months.
We decided to sign it and leave it in audit mode -- however, signing the audit policy caused events to not be logged anymore.
We've verified that the policy is "signed","authorized", and "enforced" using the CiTool.
Can someone confirm that signed, audit, app control policies should be logging things?
Thanks!
2 answers
Sort by: Most helpful
-
-
Cyber Person Man 10 Reputation points
2024-11-15T20:43:24.0166667+00:00 [Deleted ]