Under Defense+, Advanced, Computer Security Policy, I see explorer.exe listed separately. I looked at the “Run an executable” access rights for that program and noticed that there were many entries for programs that are no longer installed on my host. There is no Purge option there to find which executables no longer list and offer me a choice to delete all those irrelevant access right entries. Instead I have to manually scroll through the list and delete them one at a time (which is a real pain because everytime you delete anything from the list refreshes the lists and shoves you back to the top of the list so you have to scroll down to find where you were before; i.e., you lose your place during your manual cleanup progress).
Seems like this would also be where the Purge button would be handy. Users do uninstall programs so continuing to list their executables in the access rights policy for a program is probably not just irrelevant and adds clutter but might also slow how long it takes to scan this list to check if the program is allowed to open one of those still in the list and which still does exist.
i’ve seen the purge feature for access rights been mentioned in the wishlist at least once (probably numerous times).
the bug where the D+ scrolls up to the top after removing an entry was also mentioned in the bug list for CIS.
