WDAC and kernelbase.dll

Hi

I've got a simple WDAC environment based on the default enforced XML and don't have any problems with most apps deployed by Intune using the managed installer. Microsoft apps run fine and so does all apps installed in Prog files via deployment during autopilot or manual install using the company portal

Got one app deployment for Cloudflare WARP tunnel that installs via the managed installer but cant run presumably because of a dependence on c:\windows\system32\kernelbase.dll. I'm guessing because its a kind of VPN product it needs to create virtual interfaces in Network Connections, its a user app thats calling on a kernel based DLL

I've tried using a supplemental policy to permit the publisher and filepaths of the Cloudflare program files folder, doesnt make a difference. Its already permitted because of the managed installer

Removing Enabled:UMCI from the base policy allows it to run but that effectively allows ANY user space app to run, defeating the point of WDAC

Bit stumped and cant find anything online relating to kernelbase or cloudflare + WDAC. This problem has the potential to kill my WDAC project as the cloudflare agent is essential for our base build

Faulting application name: Cloudflare WARP.exe, version: 2024.1.159.0, time stamp: 0x656f6b0f

Faulting module name: KERNELBASE.dll, version: 10.0.26100.1882, time stamp: 0xdebc683b

Exception code: 0xc000041d

Fault offset: 0x00000000000c83ea

Faulting process id: 0x215C

Faulting application start time: 0x1DB765D2C9C014E

Faulting application path: C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 65ed503d-a17b-4200-b826-fd7b7634d214

and

Application: Cloudflare WARP.exe

CoreCLR Version: 6.0.2623.60508

.NET Version: 6.0.26

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\user\AppData\Local\Cloudflare\gui.second.log'.

at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)

at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)

at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)

at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)

at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize)

at System.IO.StreamWriter.ValidateArgsAndOpenPath(String path, Boolean append, Encoding encoding, Int32 bufferSize)