diff --git a/src/detections/applocker.rs b/src/detections/applocker.rs
index dd67c1a0..f378d339 100644
--- a/src/detections/applocker.rs
+++ b/src/detections/applocker.rs
@@ -1,4 +1,7 @@
+extern crate regex;
+
 use crate::models::event;
+use regex::Regex;
 use std::collections::HashMap;
 
 pub struct AppLocker {}
@@ -11,39 +14,40 @@ impl AppLocker {
     pub fn detection(
         &mut self,
         event_id: String,
-        AppLocker: &event::AppLocker,
-        event_data: HashMap<String, String>,
+        _system: &event::System,
+        _event_data: HashMap<String, String>,
     ) {
-        if event_id == "8003" {
-            &self.AppLocker_log_warning();
-        } else if event_id == "8004" {
-            &self.AppLocker_log_block(event_data);
-        }
-        // -- Not Implemented 8006 and 8007 on DeepBlueCLI, but reserved these ID. -- 
-        //
-        //} else if event_id == "8006" {
-        //    &self.windows_event_log(event_data);
-        //} else if event_id == "8007" {
-        //    &self.windows_event_log(event_data);
-        //}
+        self.appLocker_log_warning(&event_id, &_system);
+        self.appLocker_log_block(&event_id, &_system);
     }
 
-    fn AppLocker_log_warning(&mut self, applocker: &event::AppLocker) {
+    fn appLocker_log_warning(&mut self, event_id: &String, system: &event::System) {
+        if event_id != "8003" {
+            return;
+        }
+
         let re = Regex::new(r" was .*$").unwrap();
-        let command = re.replace_all(message, "");
+        let default = "".to_string();
+        let message = &system.message.as_ref().unwrap_or(&default);
+        let command = re.replace_all(&message, "");
 
         println!("Message Applocker Warning");
         println!("Command : {}", command);
         println!("Results : {}", message);
     }
 
-    fn AppLocker_log_block(&mut self, applocker: &event::AppLocker) {
+    fn appLocker_log_block(&mut self, event_id: &String, system: &event::System) {
+        if event_id != "8004" {
+            return;
+        }
+
         let re = Regex::new(r" was .*$").unwrap();
-        let command = re.replace_all(message, "");
+        let default = "".to_string();
+        let message = &system.message.as_ref().unwrap_or(&default);
+        let command = re.replace_all(&message, "");
 
         println!("Message Applocker Block");
         println!("Command : {}", command);
         println!("Results : {}", message);
     }
-
 }
diff --git a/src/detections/mod.rs b/src/detections/mod.rs
index 11454f71..ad3011e6 100644
--- a/src/detections/mod.rs
+++ b/src/detections/mod.rs
@@ -1,4 +1,5 @@
 mod application;
+mod applocker;
 mod common;
 mod configs;
 pub mod detection;