Hello. I'm testing AC 5.1.1 with a binary rule that blocks notepad. With policy enforced, the application can still launch. If you look in ePO or the application log in event viewer on the client, it actually reports that execution of notepad was prevented yet it actually still launched. Has anyone ever seen this? Am I missing something? I've read the PG, EG, seen the video's, etc. Everything is patched. The client is running on VMWorkstation. Could that be it? Change Control works just fine. So does adding an Updater in AC.
did you check if the rule is applied on the host? is local cli locked or recovered.
Try the 'always unauthorize' flag under exception rules.