This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 65%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi,
we have had an applocker deployed on our Intune-devices over an OMA-URI-Policy for the last 6 months or so in a test phase with about 10 users.
About 3 months ago we equipped a whole department with intune-Laptops and since then some of the new users have been getting error messages from applocker that an application has been blocked without them actively starting an application.
When this happens we don´t get any errors in the applocker-logs in event viewer.
I also couldn´t find any applications that were allowed to start at that point of time.
The Applocker message pops up randomly without a specific action from the user so I´m guessing it´s caused by a background process.
Since Applocker is enabled we have had 2 or 3 applications that were also blocked by applocker but we were always able to find out which file was causing the problem with the event viewer.
So far no user has reportet getting the error message more than once per day, some get it every day, some only once or twice per week.
It also always occurs at different times during the day.
That makes identifying the Problem pretty hard.
Any suggestions on how I can find out which process is being blocked by applocker?
Thank You.
Managing apps and software deployment through Microsoft Intune
Adding the Windows 10 Security tag to this thread to see if any folks that monitor that tag have advice particularly since this really has nothing to do with Intune as AppLocker is a Windows feature. Personally, I've never heard of AppLocker related activity not being logged though. If no one else weighs in here, then a support case is in order. Do you have a screenshot of the message and are you 100% sure it's from AppLocker?
@Jason Sandys since he is refering to oma-uri, it is also about Intune.
Not really. The OMA-URI is just a policy, what that policy does and the actual functionality is part of Windows. There isn't a question here about whether the policy is getting applied or not, it's about what Windows is doing or isn't doing correctly.
Looks like this is even documented by MS staff, so it might be even supported: https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-applocker-to-create-custom-intune-policies-for/ba-p/364981
Sorry, not following at all. No one is questioning whether it's supported or not, I'm simply saying that Intune doesn't define this behavior so looking for the issue in Intune doesn't make sense. Intune is simply telling Windows what it should do and Windows is doing something a bit odd, thus it's completely outside of Intune's purview on why Windows is doing something odd or unexpected. Kind of like asking your friend to wash your car and instead they crash it. Is that your fault or the friend's?
Unfortunatelly there is no built-in management tools for Applocker and I am not even sure, is it supported or not. I think MS tries to push us away from Applocker and utilize new security management tools like ASR, Application Guard and Application Control. Applocker was a great feature, but it seems to be obsolete. Sorry I couldn't solve your problem, but wanted to bring my 5 cents to the discussion :)
