Windows defender application control policies would block windows apps even though i used the wizard
I am attempting to test out Windows defender application control. I have downloaded the WDAC deployment wizard and used the signed and reputable mode, then added our needed apps. I'm implementing as a single policy as I need to use GPO to deploy these to virtual desktops. I also enabled the merge with recommended user and kernel blocks.
After enabling and rebooting, I am getting a number of messages in the logs of files that would have been blocked. All are Microsoft apps, or windows files and dlls. I have attempted to add the signer for those files, but this causes the wizard to fail to create the binary file. I found that in the xml I now have duplicate signer IDs, and that seems to be what is failing.
Is it possible that these are false positives errors, or is there something I am missing? Im nervous to enable blocking with the massive number of events in the log.
Sample of files that would have been blocked.