I've recently run into a problem with AppLocker where it isn't respecting policy updates made locally. When I check the AppLocker logs, I see an error message stating, "AppID policy conversion failed. Status The access control list (ACL) structure is invalid." This issue has been happening for about two days, and now AppLocker doesn't recognize any new Allow rules I add—they simply seem ignored. I tried disabling the "Block Registry Editing" option in Group Policy to see if that was the cause, but it didn't change anything. I'm looking for insights on what might be causing this issue. Just so you know, I'm testing this in a Hyper-V VM as I go through the ACSC Security Benchmark for Windows. Previously, I had no issues with AppLocker in this same VM before I started applying the security policies. I'm hoping to identify if a specific policy from the benchmark is at fault for this problem, so I can avoid applying it on any actual systems.
2 Answers
Are you running this on a single host or multiple machines? It could help narrow down the issue.
Have you checked when you last updated your AppLocker ADMX files? That could be affecting how policies are managed.
I hadn't made any changes to the AppLocker policy until yesterday, but I did check before that and everything seemed fine.
Just one VM. I've mentioned that in my post now, but I'm really trying to pinpoint the cause of the error related to the security policies I'm testing.