legitimate appx packages not signed by ms used part of an enterprise.

windows
sigma

Techniques

Sample rules

AppX Package Deployment Failed Due to Signing Requirements

source: sigma
technicques:

Description

Detects an appx package deployment / installation with the error code “0x80073cff” which indicates that the package didn’t meet the signing requirements.

Detection logic

condition: selection
selection:
  ErrorCode: '0x80073cff'
  EventID: 401