This table details the Windows event log descriptions for StellarProtect.
|
Event ID |
Level |
Category |
Event Content |
Event Details |
|---|---|---|---|---|
|
256 |
Information |
System |
Service started |
The service has started. |
|
257 |
Information |
System |
Policy applied successfully (Version: %version%) |
Policy has been applied successfully. |
|
258 |
Information |
System |
Patch applied. File Name: %file_name% |
Patch has been applied successfully. |
|
259 |
Information |
System |
Patching in progress |
Patching is in progress. After the earlier-applied patch has been completely updated, the system will automatically try to apply this patch: %deferred_file_name%. |
|
513 |
Information |
intelli_av |
ICS Inventory List Update Succeeded |
The ICS Inventory List has been updated successfully. |
|
514 |
Information |
intelli_av |
Real Time Scan Enabled |
The real-time scan is enabled. |
|
515 |
Information |
intelli_av |
Scheduled Scan Start |
The scheduled scan has started. |
|
516 |
Information |
intelli_av |
Scheduled Scan End |
The scheduled scan has ended. |
|
517 |
Information |
intelli_av |
On-Demand Scan Start |
The manually launched scan has started. |
|
518 |
Information |
intelli_av |
On-Demand Scan End |
The manually launched scan has ended. |
|
519 |
Information |
intelli_av |
Scheduled Scan Enabled |
The scheduled scan has been enabled. Next scan will be on %NextScan%. |
|
520 |
Information |
intelli_av |
Scheduled Scan Disabled |
The scheduled scan has been disabled. |
|
768 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection Enabled |
Mode: %Mode% Level: %Level% |
|
769 |
Information |
anomaly_detect |
Added Operations Behavior Anomaly Detection Approved Operation |
Access User: %USERNAME% ID: %ID% Target Process: %PATH% %ARGUMENT% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% |
|
770 |
Information |
anomaly_detect |
Removed Operations Behavior Anomaly Detection Approved Operation |
ID: %ID% Target Process: %PATH% %ARGUMENT% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% |
|
784 |
Information |
anomaly_detect |
DLL Injection Prevention Enabled |
The DLL Injection Prevention has been enabled. |
|
1280 |
Information |
device_control |
Device Control Enabled |
The Device Control has been enabled. |
|
1281 |
Information |
device_control |
Trusted USB Device Added |
Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% Type: permanent or one time |
|
1282 |
Information |
device_control |
Trusted USB Device Removed |
Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% |
|
1792 |
Information |
lockdown |
File access allowed: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% List: %LIST% |
|
1793 |
Information |
lockdown |
Added to Approved List in Maintenance Mode |
Path: %PATH% Hash: %SHA256_HEXSTR% |
|
1794 |
Information |
lockdown |
Approved List updated in Maintenance Mode |
Path: %PATH% Hash: %SHA256_HEXSTR% |
|
1795 |
Information |
lockdown |
Approved List initialization started |
Approved List initialization started |
|
1796 |
Information |
lockdown |
Approved List initialization completed |
Approved List initialization completed Count: %COUNT% |
|
1797 |
Information |
lockdown |
Application Lockdown enabled |
Application Lockdown enabled Mode: %MODE% |
|
1798 |
Information |
lockdown |
DLL/Driver Lockdown enabled |
DLL/Driver Lockdown enabled |
|
1799 |
Information |
lockdown |
Script Lockdown enabled |
Script Lockdown enabled |
|
1800 |
Information |
lockdown |
Intelligent Runtime Learning enabled |
Intelligent Runtime Learning enabled |
|
2048 |
Information |
update |
Component update has started. |
Component update has started |
|
2049 |
Information |
update |
Component update has ended. |
Component update has ended. |
|
2050 |
Information |
update |
Scheduled component update has been enabled. Next update will be on %NEXT_UPDATE_LOCAL_TIME_STR% (agent's local system time). |
Scheduled component update has been enabled. Next update will be on %NEXT_UPDATE_LOCAL_TIME_STR% (agent's local system time). |
|
2051 |
Information |
update |
Scheduled component update has been disabled. |
Scheduled component update has been disabled. |
|
4352 |
Warning |
system |
Service stopped |
The service has stopped. |
|
4353 |
Warning |
system |
Unable to apply policy (Version: %version%) |
The policy can not be applied. |
|
4354 |
Warning |
system |
Unable to update file: %dst_path% |
Unable to update file. Source Path: %src_path% Destination Path: %dst_path% Error Code: %err_code% |
|
4355 |
Warning |
system |
Unable to apply patch. File Name: %file_name% |
Unable to apply patch. File Name: %file_name% Error Code: %err_code% |
|
4609 |
Warning |
intelli_av |
Incoming Files Scanned, Action Taken by Antivirus: %PATH% |
Incoming files were scanned by antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
|
4610 |
Warning |
intelli_av |
Incoming Files Scanned, Action Taken by Next-Generation Antivirus: %PATH% |
Incoming files were scanned by next-generation antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
|
4611 |
Warning |
intelli_av |
Local Files Scanned, Action Taken by Antivirus: %PATH% |
Local files were scanned by antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
|
4612 |
Warning |
intelli_av |
Local Files Scanned, Action Taken by Next-Generation Antivirus: %PATH% |
Local files were scanned by next-generation antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
|
4613 |
Warning |
intelli_av |
Suspicious Program Execution Blocked: %PATH% |
Suspicious program execution was blocked. File Path: %PATH% File Hash: %STRING% |
|
4614 |
Warning |
intelli_av |
Suspicious Program Currently Running: %PATH% |
Suspicious program is currently running. Process ID: %PID% File Path: %PATH% File Hash: %STRING% File Credibility: %STRING% |
|
4615 |
Warning |
intelli_av |
Application Execution Blocked By Antivirus: %PATH% |
Application execution was blocked by antivirus. Target Process: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% |
|
4617 |
Warning |
intelli_av |
Application Execution Blocked By Next-Generation Antivirus: %PATH% |
Application execution was blocked by next-generation antivirus. Target Process: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% |
|
4864 |
Warning |
anomaly_detect |
Operations Behavior Anomaly Detection Disabled |
Operations Behavior Anomaly Detection has been disabled. |
|
4865 |
Warning |
anomaly_detect |
Process Allowed by Operations Behavior Anomaly Detection: %PATH% %ARGUMENT% |
Access User: %USERNAME% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% Mode: %Mode% |
|
4866 |
Warning |
anomaly_detect |
Process Blocked by Operations Behavior Anomaly Detection: %PATH% %ARGUMENT% |
Access User: %USERNAME% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% Mode: %Mode% |
|
4880 |
Warning |
anomaly_detect |
DLL Injection Prevention Disabled |
DLL Injection Prevention has been disabled. |
|
5120 |
Warning |
change_control |
ICS File Change Blocked by SafeGuard: %PATH% |
ICS files changed to executable files were blocked by SafeGuard. Blocked Process: %PATH% Target File: %PATH% |
|
5121 |
Warning |
change_control |
ICS Process Manipulation Blocked by SafeGuard: %PATH% |
ICS Process Manipulation was blocked by SafeGuard. Blocked Process: %PATH% Target Process: %PATH% |
|
5376 |
Warning |
device_control |
Device Control Disabled |
Device Control has been disabled. |
|
5377 |
Warning |
device_control |
USB Access Blocked: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% |
|
5888 |
Warning |
lockdown |
File access allowed: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% Reason: %ALLOWED_REASON% File hash allowed: %SHA256_HEXSTR%%THROTTLING_INFO_MSG% |
|
5889 |
Warning |
lockdown |
File access blocked: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% Reason: %BLOCKED_REASON% File hash blocked: %SHA256_HEXSTR%%THROTTLING_INFO_MSG% |
|
5890 |
Warning |
lockdown |
Unable to add to or update Approved List: %PATH% |
Unable to add to or update Approved List: %PATH% |
|
5891 |
Warning |
lockdown |
Application Lockdown disabled |
Application Lockdown disabled |
|
5892 |
Warning |
lockdown |
DLL/Driver Lockdown disabled |
DLL/Driver Lockdown disabled |
|
5893 |
Warning |
lockdown |
Script Lockdown disabled |
Script Lockdown disabled |
|
5894 |
Warning |
lockdown |
Intelligent Runtime Learning disabled |
Intelligent Runtime Learning disabled |
|
5895 |
Warning |
lockdown |
Approved List initialization canceled |
Approved List initialization canceled |
|
8706 |
Critical |
intelli_av |
Real Time Scan Disabled |
The Real-Time Scan has been disabled. |
|
9216 |
Critical |
change_control |
Maintenance Mode Start |
The Maintenance Mode has started. |
| 9217 |
Critical |
change_control |
Maintenance Mode End |
The Maintenance Mode has ended. |