We are starting to pilot Application Control here and we ran into a scenario where we've put a group of systems in a learning audit mode to allow all of our current applications. When we setup a policy to start enforcing app control and someone tries to install software with nested installation packages (ie: Wireshark), we get pop ups to authorize some of the nested installers, but not all of them.
We've even tried to authorize the path that the installation files exrtact themselves to without any luck.
Has anyone else run into this issue before? Do we need to make some kind of exception to the rules to allow these ad-hoc?