The wizard builds the file and then says finished creating WDAC policy and output location, however the file isn't created. The log file shows an error on accessing Recommended_UserMode_Blocklist.xml, however I can open this file manually, there isn't any file permission issue etc. From the log:
"
2024-07-07T07-25-15 [INFO]: Merge-CIPolicy -PolicyPaths "C:\Users\username\AppData\Local\Temp\WDACWizard\Temp\2024-07-07T07-21-07\policy.xml","C:\Users\username\AppData\Local\Temp\WDACWizard\Temp\2024-07-07T07-21-07\Merged_CustomRules_Policy.xml","C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml","C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_Driver_Blocklist.xml" -OutputFilePath "C:\Temp\policy.xml"
2024-07-07T07-25-17 [ERROR]: Exception encountered in MergeTemplatesPolicy(): System.Management.Automation.CmdletInvocationException: Access to the path 'C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml' is denied.
---> System.UnauthorizedAccessException: Access to the path 'C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml' is denied.
at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable1 unixCreateMode) at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable1 unixCreateMode)
at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable1 unixCreateMode) at System.IO.FileStream..ctor(String path, FileMode mode) at Microsoft.SecureBoot.UserConfig.XmlPolicy..ctor(String filePath) at Microsoft.SecureBoot.UserConfig.Policy.ValidateXmlFile(String xmlFilePath) at Microsoft.SecureBoot.UserConfig.Policy..ctor(String xmlFilePath) at Microsoft.SecureBoot.UserConfig.MergeCIPolicy.ProcessRecord() at System.Management.Automation.Cmdlet.DoProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord() --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.Runspaces.Pipeline.Invoke() at WDAC_Wizard.PSCmdlets.MergePolicies(List1 policyPaths, String schemaPath, String destPath)
"
If I uncheck the option to use Microsoft's recommended block rules it works. This started happening the last 4 versions or something of the WDAC wizard, not sure if it is related. Same after reinstallation of WDAC wizard. There are no blocks from Defender or AppLocker/WDAC/CFA/ASR etc.
The wizard builds the file and then says finished creating WDAC policy and output location, however the file isn't created. The log file shows an error on accessing Recommended_UserMode_Blocklist.xml, however I can open this file manually, there isn't any file permission issue etc. From the log: " 2024-07-07T07-25-15 [INFO]: Merge-CIPolicy -PolicyPaths "C:\Users\username\AppData\Local\Temp\WDACWizard\Temp\2024-07-07T07-21-07\policy.xml","C:\Users\username\AppData\Local\Temp\WDACWizard\Temp\2024-07-07T07-21-07\Merged_CustomRules_Policy.xml","C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml","C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_Driver_Blocklist.xml" -OutputFilePath "C:\Temp\policy.xml" 2024-07-07T07-25-17 [ERROR]: Exception encountered in MergeTemplatesPolicy(): System.Management.Automation.CmdletInvocationException: Access to the path 'C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml' is denied. ---> System.UnauthorizedAccessException: Access to the path 'C:\Program Files\WindowsApps\Microsoft.WDAC.WDACWizard_2.4.4.0_x648wekyb3d8bbwe\Recommended_UserMode_Blocklist.xml' is denied. at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options) at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable
1 unixCreateMode) at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable1 unixCreateMode) at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable1 unixCreateMode) at System.IO.FileStream..ctor(String path, FileMode mode) at Microsoft.SecureBoot.UserConfig.XmlPolicy..ctor(String filePath) at Microsoft.SecureBoot.UserConfig.Policy.ValidateXmlFile(String xmlFilePath) at Microsoft.SecureBoot.UserConfig.Policy..ctor(String xmlFilePath) at Microsoft.SecureBoot.UserConfig.MergeCIPolicy.ProcessRecord() at System.Management.Automation.Cmdlet.DoProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord() --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.Runspaces.Pipeline.Invoke() at WDAC_Wizard.PSCmdlets.MergePolicies(List1 policyPaths, String schemaPath, String destPath) "If I uncheck the option to use Microsoft's recommended block rules it works. This started happening the last 4 versions or something of the WDAC wizard, not sure if it is related. Same after reinstallation of WDAC wizard. There are no blocks from Defender or AppLocker/WDAC/CFA/ASR etc.