Since Applocker sends no "service started" or "service stopped" events in event viewer i wonder if there is another way to do this. Basically whenever the application identity service i stopped i want to run a script. I have tried this solution for Group Policy objects and Windows defender firewall with event viewer but i wonder how can i do this with Applocker?