Issue: New-CIPolicy uses the -Fallback level for any file where the primary level can't be determined. Unsigned files have no certificate/publisher info, so the cmdlet falls back to Hash for those files. Without a fallback, unsigned files would be silently skipped and wouldn't get any rule at all.
- "File Scan" hash is hardcoded as the default fallback, but when you select multiple levels, Hash is dropped from fallbacks. Need to add hash as default fallback
- Update UI to give admins an understanding what rule is level and fallback.
Issue: New-CIPolicy uses the -Fallback level for any file where the primary level can't be determined. Unsigned files have no certificate/publisher info, so the cmdlet falls back to Hash for those files. Without a fallback, unsigned files would be silently skipped and wouldn't get any rule at all.