It would be useful to have some kind of report to show why a UAC prompt didn't catch a rule. If we can select a UAC prompt and have a button to run a report for all the rules against the computer/site/company/global and see what rules had a partial hit. This could help to identify where a rule could be modified to be more robust, where we have duplicate rules in place, or where there was a mistake in a rule's creation.

This kind of report could show how the target UAC prompt had a different file path than what the rule had expected. Or how the target had the right file path, but the cert changed.

Being able to run these kinds of reports could help to improve our rules and ensure that they're working the way we expect them to.