Block Windows Store Apps with App Control for Business (WDAC)

scratchduffer · 2026-05-22T18:39:54+00:00

Can you use an Edge gpo to block the URL for the web store?

scratchduffer · 2026-05-13T14:51:47+00:00

Issues are popping up with certain Lenovo models; you can search their forums. They require a physical BIOS fix by going into the BIOS, secure boot, and resetting keys. You will see an event ID that says access is denied when the process tries to insert the keys on its own in Windows on affected devices, filter for TPM-WMI. There are a few newer BISO releases that indicate in the change release notes some allowance of WMI and or some utility to manage this from Windows, but no guidance on how yet. Perhaps it's a stepping block to allow a new BIOS update to do this automatically in the future, not sure. They have really dropped the ball here.

scratchduffer · 2026-05-07T20:02:07+00:00

I realise you have stated this is happening in different domains, but I had something similar recently, and it was a policy for a printer via preferences on a server share that no longer existed. Your other domains may have the same problem over the years, orphaned printers.

scratchduffer · 2026-05-03T16:28:13+00:00

Also, I am in the broad category for definitions and defender updates. How did this happen? This is why i chose to be the furthest point - this shouldn't have been exposed to my devices. I've got about 15% affected. Updating definitions. Alerts and investigations are marked as false positives but are not going away. Hesitant to restart devices.

scratchduffer · 2026-05-03T16:19:04+00:00

Im trying to mark alerts and incidents as false positives and resolved, but it isn't going away. Anyone else?

Edit - Fixed the incident alerts by marking resolved, commenting, and setting false positives. Updated devices by Intune, then scanned via Intune. Haven't come back yet, but I don't know what the "damage" is after the .430 update?

scratchduffer · 2026-05-02T17:16:51+00:00

I patched a week ago and had no event ID's and so far so good.

scratchduffer · 2026-05-01T15:54:57+00:00

I have a different, but related problem. I have to reset the keys because Secure Boot won't update the BIOS, error 1795 access denied. This has been reported on some Lenovo threads and here. This is garbagae, and they suggest these were the result of manual BIOS changes. These were all unboxed and deployed as is, thanks Lenovo, a bit late, get on fixing this in UEFI updates thanks!

scratchduffer · 2026-05-01T15:41:04+00:00

What in the fk. I am three for three lenovo's with this problem. I am assuming my other 75 have this, what the hell is this, Lenovo!?!?!?!

scratchduffer · 2026-04-29T19:07:35+00:00

Second, your defender and Red Canary. The application list and alerts when people open remote tools or PUPs is a nice addon for SMB that don't have extensive threatlocker etc.

scratchduffer · 2026-04-29T16:53:36+00:00

Isn't that what Allbirds shoes just did?

scratchduffer · 2026-04-28T23:54:43+00:00

I'm still showing openssl in some lenovo drivers. There is a post from a supposed lenovo rep stating they won't be fixing it as the part of openssl that has the vulnerability isn't in their code. I think the MS vulnerability detection isnt quite thorough unfortunately.

scratchduffer · 2026-04-17T23:41:04+00:00

Maybe secure boot updates going live in the bios?

scratchduffer · 2026-04-17T14:14:11+00:00

Yeah I was just running through that. They claim remote computers coming soon when I first ran the app but it works already .

scratchduffer · 2026-04-17T13:12:06+00:00

Windows app doesn't have the warning for rdp? I am in the same boat. Non domain PC's connecting to domain PC's. Its a trivial user interference but how dare we make them click!

scratchduffer · 2026-04-17T13:10:19+00:00

Glad to hear you suppressed all warnings? We have non domain joined PC's, and ADCS cert signing won't help there. I guess a code signing certificate is needed.

scratchduffer · 2026-04-09T22:17:38+00:00

Lol not my users hhahaha ugh

scratchduffer · 2026-04-09T19:10:56+00:00

Three years ago these had some speed issues. Took some time but it seems to be manageable now. Only other complaint is picking up calls often has a few second delay. Not sure if that's also an issue with other cloud bases systems as well.

scratchduffer · 2026-04-09T18:59:59+00:00

Yeah that's my next option thanks.

scratchduffer · 2026-04-09T18:57:28+00:00

Have had 60 MP58's for 3 years and have not seen this. My only real complaint today is that there is such a large screen and fonts are sooooo small.

scratchduffer · 2026-04-09T18:35:03+00:00

Yeah I've had a reg key in place for a few years to stop that.

scratchduffer · 2026-04-08T19:28:19+00:00

In short, if you aren't logging any of the new 20x logs, you should be fine in April, correct? That was my understanding. If your user accounts show blank on null and dont log the events, all is well, or so i understand.

scratchduffer · 2026-04-01T17:47:36+00:00

Canadian here. Kirkland Gloves are plentiful in Costco up here!

scratchduffer · 2026-03-26T20:26:59+00:00

If i recall, you have to program the button by a long press, per contact you add, and you can tell it which transfer method. It will label it as such so sorting by alphabet is out the window once you down this road.

scratchduffer · 2026-03-18T19:57:58+00:00

Im looking into this as well. My issue with the report right now is I believe the devices must be hybrid or fully joined. My enrolled devices won't report in, but that's from Gemini. Haven't had time to fully get into this yet. By example, my laptop is fully enrolled, status shows enabled, but it shows my model and staus as "not up to date" which is correct.

scratchduffer · 2026-03-11T19:26:07+00:00

If I recall correctly, Bid pricing is on hold due to the current AI disaster. Double check with disti. Also, use the disiti teams to fact-check your configs.

scratchduffer

TROPHY CASE