38386504 - Edit 2

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -142,7 +142,7 @@ You can also use the following macros when the exact volume may vary: `%OSDRIVE%
 > For others to better understand the WDAC policies that has been deployed, we recommend maintaining separate ALLOW and DENY policies on Windows 10, version 1903 and later.
 
 > [!NOTE]
-> There is currently a bug where MSIs cannot be allow listed in file path rules.
+> There is currently a bug where MSIs cannot be allow listed in file path rules. MSIs must be allow listed using other rule types, for example, publisher rules or file attribute rules.
 
 ## More information about hashes
 

windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

@@ -109,7 +109,3 @@ If you do not have a code signing certificate, see [Optional: Create a code sign
 
 > [!NOTE]
 > The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set. 
-
-## Disable unsigned Windows Defender Application Control policies
-
-For information regarding Event ID 3099 Options, see [Understanding Application Control events](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#event-id-3099-options).