Fix Applocker Error after KB5019959, KB5019980 in Windows 10, 11

Are you coming across AppLocker error after installing an update in Windows 10 or 11? Several users complain about “This app has been blocked by your system administrator” after they received KB5019959 and KB5019980, 08 November 2022 Security patch. When launching the Store apps or start menu this error message appears restricting their access.

We have already written a  post in this concern, Fix This app has been blocked by your system administrator Error in Windows 11. But if the solutions there don’t work, follow the methods here to get rid of the AppLocker error message. This problem prevents users from accessing Start menu and Store apps. The issue occurs even when the AppLocker enforcement is disabled.

This app has been blocked by your system administrator Applocker KB5019980, KB5019959

Here is how to fix Applocker Error after KB5019959, KB5019980 in Windows 10, 11 –

Way-1: Create Default Rules in Local Security Policy

This error pops up because of AppLocker which can help you determine if your organization can benefit from deploying application control policies. Generally, you enforce AppLocker to run and at the same time you don’t want anything to be prohibited.

For this, you will require clicking on the categories “Executable Rules”, “Windows installer Rules”, “Script Rules”, “Packaged app Rules” and “Create Default Rules”. This will fix the AppLocker error message so follow –

1. Press Windows and R.
2. Type – secpol.msc.
3. Hit – Enter.
4. Navigate to –

Computer => Policies => Windows Settings => Security Settings => Application Control Policies => AppLocker => Packaged app Rules

5. Right-click and select Create Default Rules.
6. This modification will allow everyone to run All signed packaged apps.

7. Now Go to Application Control Policies => AppLocker.
8. Click on Configure rule enforcement.
9. Under Executable rules, select Configured. Enforce rules must be selected in drop-down.

10. Restart the computer and click on Search.
11. Type services.msc and press Enter.
12. On the Services window, find Application Identity and make sure it’s in Running state.

13. Repeat the same with “Executable Rules”, “Windows installer Rules”, “Script Rules”, and “Create Default Rules”.

The error should have been fixed now.

Way-2: Use RestoreHealth DISM

Sometimes, running the DISM with the parameters /Cleanup-Image and /RestoreHealth helps fix Applocker Error after KB5019959 in and KB5019980 in Windows  10 and 11 –

1. Press Windows + I.
2. Type –

DISM /Online /Cleanup-Image /RestoreHealth

3. Hit Enter.
4. This will scan the image to check for corruption and take time depending on the size and performance of the machine. Afterward, you need to do a reboot.

Read – What is DISM in Windows 10 (Deployment Image Servicing and Management)?

Way-3: Clean up AppLocker Directory and delete AppLocker rules

If the above methods could not fix – “This app has been blocked by your system administrator error” after KB5019959, and KB5019980 in Windows 10, and 11 then this is the most effective one. However, you need to be extra careful because this procedure will delete all your previously created AppLocker rules.

1. Open Local Security Policy (secpol.msc).
2. Go to Computer => Policies => Windows Settings => Security Settings => Application Control Policies => AppLocker.
3. Select – Configure rule enforcement.
4. Uncheck the option Configured and Click on OK.

5. Restart the computer and again open Local Security Policy.
6. Right click on Applocker and then select Clear Policy.
7. Once more reboot the device.

8. Open Notepad.
9. Copy the following cmdlet and paste it into the notepad –

<AppLockerPolicy Version="1">

<RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
</AppLockerPolicy>

10. Click on File > Save as.
11. Name this file “clear.xml” and save it in a directory such as C:\temp.
12. Now go to C:\temp.
13. Open Windows PowerShell as administrator.
14. Use the following command to import the AppLocker PoSh module –

import-module AppLocker

15. Then run the command –

Set-AppLockerPolicy -XMLPolicy .\clear.xml

16. Restart the machine.

In maximum cases, this process will fix Applocker Error and the computer will work as before AppLocker was enabled. If in some cases, the method does not work then you will have to manually clean up the AppLocker directory using the below steps –

17. Press Winkey+R.
18. Copy paste –

%windir%\System32\AppLocker\

19. Click on OK to access the AppLocker directory.
20. Select all items there and delete them. In case, AppCahce.dat is in use this will not be deleted.

21. Again run the above PowerShell cleanup and restart the machine.

Methods:
Way-1: Create Default Rules in Local Security Policy
Way-2: Use RestoreHealth DISM
Way-3: Clean up AppLocker Directory and delete AppLocker rules

That’s all!!