System Information
Use this section in AppControl Manager to view details about the deployed App Control policies on the system.
-
Search through the list of policies
-
View the rule options in each policy
-
Determine which policy is signed or unsigned (requires Windows 11 24H2 or later/Windows Server 2025 or later, otherwise all policies will appear as
unsignedregardless of their actual signing status) -
Sort the policies using multiple criteria
-
See which policy is Base, Supplemental or System
-
View the version of each policy
-
Easily open the selected deployed policy in Policy Editor where you can view all of its details, modify it and save it to a file. This is very useful to know what rules are included in the deployed policies on your system. It also supports protected System policies that come by default with the OS.
Tip
You can view the version of the Microsoft Vulnerable Driver Block List in this page by checking the box for including System policies in the list.
This section also allows you to remove the deployed non-system App Control policies from the system.
Whenever you select a policy from the list, the app will automatically present to you the best and most appropriate course of action in order to remove it.
Unsigned Base or signed/unsigned Supplemental Application Control policies can be removed with a single click/tap of a button. Simply select a policy from the list and then use the Remove button to remove it.
Starting with Windows 11 24H2/Windows Server 2025, no reboot is required for unsigned base or supplemental policies.
Signed Base policies require additional information during the removal process. Select a signed policy and then press the Remove button, you will be presented with a dialog asking for additional information.
-
Certificate File: Provide the path to the certificate
.cerfile. The certificate's details must exist in the XML policy file as signers, so ensure it is the same certificate that you used to sign the policy with. The certificate must exist in the Personal store of the Current User certificate stores with private key. -
Certificate Common Name: The Common Name (CN) of the same certificate file you select.
-
XML File: The path to the XML policy file of the same policy you're trying to remove from the system.
Once all four fields are populated, press the Verify button. This action validates your inputs and enables the Submit button, allowing you to proceed with the removal process. All of the information you submit will be saved in app settings so that the next time they will be automatically populated for you.
Following this step, the policy will be re-signed and redeployed on the system with a new rule option labeled Enabled: Unsigned System Integrity Policy.
Important
After completing this process, restart your system. Since signed policies are tamper-resistant, they leverage Secure Boot and reside in the EFI partition. Upon reboot, select the same signed policy and press the Remove button. The AppControl Manager will detect the policy as safe for removal and delete it from the system without requiring further input. (If you do not reboot your system and attempt to remove the signed policy that was just re-signed and re-deployed, it will lead to boot failure.)
Note
About the Automatic Policies filter option
Enabling this checkbox includes supplemental policies named AppControlManagerSupplementalPolicy in the displayed results. Each base policy created and deployed via the AppControl Manager automatically deploys a corresponding supplemental policy with this name. This supplemental policy is essential for the operation of the AppControl Manager application itself.
If you intentionally remove this policy, you will no longer be able to launch the AppControl Manager when certain base policies are active.
Note that these supplemental policies are automatically removed when their associated base policy is removed from the system, so no additional action is required on your part.
You can view the XML source of the AppControlManagerSupplementalPolicy supplemental policy here.
You can seamlessly swap any deployed policy on the System Information page. For example, if the "Allow Microsoft" policy is active and you want to switch to "Default Windows," simply select "Default Windows" from the dropdown menu and confirm your choice. All supplemental policies associated with the base policy will continue to function. Currently, this feature supports only unsigned policies; support for signed policies will be added in a future release.
Use the 
Microsoft Graph Button to sign into your account and then press the Retrieve Online Policies button to retrieve any available App Control policies from Intune. They will be populated in the List View where you can see them in detail, sort them, search through them and manage them.
- Remove Policy: After selecting an Intune policy, use this button to remove it from Intune. The devices that this policy is deployed to will have to reboot in order for the policy to be fully removed from them.
In the Code Integrity Information section you can view advanced details about the current status of Code Integrity on the system.
You can also check the status of Application Control for Business, including whether User-Mode or Kernel-Mode policies are deployed and whether they are set to Enforced mode or Audit mode.
- Create AppControl Policy
- Create Supplemental Policy
- System Information
- Configure Policy Rule Options
- Policy Editor
- Simulation
- Allow New Apps
- Build New Certificate
- Create Policy From Event Logs
- Create Policy From MDE Advanced Hunting
- Create Deny Policy
- Merge App Control Policies
- Deploy App Control Policy
- Get Code Integrity Hashes
- Get Secure Policy Settings
- Update
- Sidebar
- Validate Policies
- View File Certificates
- Microsoft Graph
- Protect
- Microsoft Security Baselines
- Microsoft Security Baselines Overrides
- Microsoft 365 Apps Security Baseline
- Microsoft Defender
- Attack Surface Reduction
- Bitlocker
- Device Guard
- TLS Security
- Lock Screen
- User Account Control
- Windows Firewall
- Optional Windows Features
- Windows Networking
- Miscellaneous Configurations
- Windows Update
- Edge Browser
- Certificate Checking
- Country IP Blocking
- Non Admin Measures
- Group Policy Editor
- Manage Installed Apps
- File Reputation
- Audit Policies
- Cryptographic Bill of Materials
- Introduction
- How To Generate Audit Logs via App Control Policies
- How To Create an App Control Supplemental Policy
- The Strength of Signed App Control Policies
- How To Upload App Control Policies To Intune Using AppControl Manager
- How To Create and Maintain Strict Kernel‐Mode App Control Policy
- How to Create an App Control Deny Policy
- App Control Notes
- How to use Windows Server to Create App Control Code Signing Certificate
- Fast and Automatic Microsoft Recommended Driver Block Rules updates
- App Control policy for BYOVD Kernel mode only protection
- EKUs in App Control for Business Policies
- App Control Rule Levels Comparison and Guide
- Script Enforcement and PowerShell Constrained Language Mode in App Control Policies
- How to Use Microsoft Defender for Endpoint Advanced Hunting With App Control
- App Control Frequently Asked Questions (FAQs)
- System Integrity Policy Transformations | XML to CIP and Back
- About Code Integrity Policy Signing
- Create Bootable USB flash drive with no 3rd party tools
- Event Viewer
- Group Policy
- How to compact your OS and free up extra space
- Hyper V
- Git GitHub Desktop and Mandatory ASLR
- Signed and Verified commits with GitHub desktop
- About TLS, DNS, Encryption and OPSEC concepts
- Things to do when clean installing Windows
- Comparison of security benchmarks
- BitLocker, TPM and Pluton | What Are They and How Do They Work
- How to Detect Changes in User and Local Machine Certificate Stores in Real Time Using PowerShell
- Cloning Personal and Enterprise Repositories Using GitHub Desktop
- Only a Small Portion of The Windows OS Security Apparatus
- Rethinking Trust: Advanced Security Measures for High‐Stakes Systems
- Clean Source principle, Azure and Privileged Access Workstations
- How to Securely Connect to Azure VMs and Use RDP
- Basic PowerShell tricks and notes
- Basic PowerShell tricks and notes Part 2
- Basic PowerShell tricks and notes Part 3
- Basic PowerShell tricks and notes Part 4
- Basic PowerShell tricks and notes Part 5
- How To Access All Stream Outputs From Thread Jobs In PowerShell In Real Time
- PowerShell Best Practices To Follow When Coding
- How To Asynchronously Access All Stream Outputs From Background Jobs In PowerShell
- Powershell Dynamic Parameters and How to Add Them to the Get‐Help Syntax
- RunSpaces In PowerShell
- How To Use Reflection And Prevent Using Internal & Private C# Methods in PowerShell
