https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916387#M88 <P>I'm finding the same issue you are, but *only* with WebEx. The Get-AppLockerFileInformation is reporting no publisher info on the machines having trouble. On machines without AppLocker activated I'm able to get the info and test-applocker... works fine including Test-Applocker. On my test machine I stopped the Application Identity service waited 30 or so seconds, started it again (I may have done this 2x). Then it started seeing the publisher again. I rebooted the machine after, and it continued to work.</P><P>&nbsp;</P><P>Users reporting the issue have rebooted their computers, so I'm not sure a simple restart of the computer is sufficient nor am I completely certain why the service restarts seem to have fixed this test machine, at least temporarily.</P> Thu, 29 Aug 2019 23:30:45 GMT will.schroeder 2019-08-29T23:30:45Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3860792#M85 <P>Hello</P><P>&nbsp;</P><P>WebEx-Team, for a few days AppLocker blocked Webex.exe although an exception has been set up.</P><P>Windows does not recognize a publisher of the Webex.exe file. The digital signature SHA256 has been updated.</P><P>AppLocker can not cope with this yet.</P><P>&nbsp;</P><P>Please change this to old SHA so that we can continue to use webex in the organization.</P><P>&nbsp;</P><P>GPO Rule: O=CISCO WEBEX LLC, L=SAN JOSE, S=CALIFORNIA, C=US</P><P>&nbsp;</P><P>Now: Publisher is missing:</P><P>&nbsp;</P><PRE><SPAN>Current Issue:<BR /><BR /></SPAN>TimeCreated : 22.05.2019 13:00:57<BR />UserName : Org.\User<BR />PolicyName : EXE<BR />FilePath : %OSDRIVE%\USERS\User\DOWNLOADS\WEBEX.EXE<BR />Publisher : -<BR />FileHash : 3964C9A1424D9DB7F4E2EDAB623716E05F7AC4F176CEA1A77C26395EF8C0DA81</PRE><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 May 2019 11:16:53 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3860792#M85 virenschutz 2019-05-22T11:16:53Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3863498#M86 That isn’t going to happen. SHA1 has been widely discredited at this point. Mon, 27 May 2019 19:29:06 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3863498#M86 Jonathan Schulenberg 2019-05-27T19:29:06Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3915727#M87 <P>I have the same issue you do but I don't think it's SHA1 vs SHA256. I have plenty of exes that I added publisher certs that were SHA256 and still worked. WebEx is the only one I've seen, to date, that I can't seem to get anything cert related added that works. I've been using App Locker for years too.</P><P>&nbsp;</P><P>If I find a resolution, I'll post it.</P> Wed, 28 Aug 2019 22:33:33 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3915727#M87 will.schroeder 2019-08-28T22:33:33Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916387#M88 <P>I'm finding the same issue you are, but *only* with WebEx. The Get-AppLockerFileInformation is reporting no publisher info on the machines having trouble. On machines without AppLocker activated I'm able to get the info and test-applocker... works fine including Test-Applocker. On my test machine I stopped the Application Identity service waited 30 or so seconds, started it again (I may have done this 2x). Then it started seeing the publisher again. I rebooted the machine after, and it continued to work.</P><P>&nbsp;</P><P>Users reporting the issue have rebooted their computers, so I'm not sure a simple restart of the computer is sufficient nor am I completely certain why the service restarts seem to have fixed this test machine, at least temporarily.</P> Thu, 29 Aug 2019 23:30:45 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916387#M88 will.schroeder 2019-08-29T23:30:45Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916410#M89 <P><STRONG>Resolution Found</STRONG></P><P>The intermediate cert authority cert wasn't on my machines, root was though. I'm not sure how but it ended up on my test machine at one point (maybe I tested running webex as admin and that auto-installed it). What made me check it was this thread:</P><P>&nbsp;</P><P><A href="https://social.technet.microsoft.com/Forums/en-US/1468bd38-6d71-4fdd-a1d5-fc8cbf8ac156/applocker-wont-detect-publisher-of-an-exe-on-random-computers" target="_blank" rel="noopener">https://social.technet.microsoft.com/Forums/en-US/1468bd38-6d71-4fdd-a1d5-fc8cbf8ac156/applocker-wont-detect-publisher-of-an-exe-on-random-computers</A></P><P>&nbsp;</P><P>Strangely after adding the intermediate cert to Intermediate Certificate Authorities the get-applockerfileinformation showed the publisher and a test-applockerpolicy now showed it should be allowed, but the previously downloaded temp webex app was still blocked. Subsequent fresh downloads were good though.</P><P>&nbsp;</P><P>Note: I saw an install that's been on one of my machines for a long while and it had a Symantec cert chain instead of a DigiCert (fresh temp apps downloaded). I'm guessing the problem occurred when they switched.</P> Fri, 30 Aug 2019 01:16:54 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916410#M89 will.schroeder 2019-08-30T01:16:54Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916564#M91 <P>We had the same behavior in AppLocker (publisher not visible).</P><P>The intermediate certificate was in the certificate store but not the root one.</P><P>We performed an update via certutil and everything is back to normal</P><P>&nbsp;</P><P>Download <A href="http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab" target="_blank" rel="noopener">http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab</A> and extract authroot.stl<BR />Download <A href="http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab" target="_blank" rel="noopener">http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab</A> and extract disallowedcert.stl</P><P>Check the files, they shall be signed by Microsoft</P><P>As admin, execute the following 2 commands</P><P>certutil -addstore -f root authroot.stl<BR />certutil -addstore -f disallowed disallowedcert.stl</P><P>&nbsp;</P><P>As mentioned above, this is surely linked to the switch from Symantec to DigiCert</P> Fri, 30 Aug 2019 08:41:29 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916564#M91 mkutilek 2019-08-30T08:41:29Z https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916867#M93 <P>FYI, I used a GPO to deploy it to all the computers.</P> Fri, 30 Aug 2019 17:02:24 GMT https://community.cisco.com/t5/webex-administration/applocker-blocked-webex-exe-although-exception/m-p/3916867#M93 will.schroeder 2019-08-30T17:02:24Z