This table details the Windows event log descriptions for StellarProtect.
Event ID |
Level |
Category |
Event Content |
Event Details |
---|---|---|---|---|
256 |
Information |
System |
Service started |
The service has started. |
257 |
Information |
System |
Policy applied successfully (Version: %version%) |
Policy has been applied successfully. |
258 |
Information |
System |
Patch applied. File Name: %file_name% |
Patch has been applied successfully. |
259 |
Information |
System |
Patching in progress |
Patching is in progress. After the earlier-applied patch has been completely updated, the system will automatically try to apply this patch: %deferred_file_name%. |
513 |
Information |
intelli_av |
ICS Inventory List Update Succeeded |
The ICS Inventory List has been updated successfully. |
514 |
Information |
intelli_av |
Real Time Scan Enabled |
The real-time scan is enabled. |
515 |
Information |
intelli_av |
Scheduled Scan Start |
The scheduled scan has started. |
516 |
Information |
intelli_av |
Scheduled Scan End |
The scheduled scan has ended. |
517 |
Information |
intelli_av |
On-Demand Scan Start |
The manually launched scan has started. |
518 |
Information |
intelli_av |
On-Demand Scan End |
The manually launched scan has ended. |
519 |
Information |
intelli_av |
Scheduled Scan Enabled |
The scheduled scan has been enabled. Next scan will be on %NextScan%. |
520 |
Information |
intelli_av |
Scheduled Scan Disabled |
The scheduled scan has been disabled. |
768 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection Enabled |
Mode: %Mode% Level: %Level% |
769 |
Information |
anomaly_detect |
Added Operations Behavior Anomaly Detection Approved Operation |
Access User: %USERNAME% ID: %ID% Target Process: %PATH% %ARGUMENT% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% |
770 |
Information |
anomaly_detect |
Removed Operations Behavior Anomaly Detection Approved Operation |
ID: %ID% Target Process: %PATH% %ARGUMENT% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% |
784 |
Information |
anomaly_detect |
DLL Injection Prevention Enabled |
The DLL Injection Prevention has been enabled. |
1280 |
Information |
device_control |
Device Control Enabled |
The Device Control has been enabled. |
1281 |
Information |
device_control |
Trusted USB Device Added |
Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% Type: permanent or one time |
1282 |
Information |
device_control |
Trusted USB Device Removed |
Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% |
1792 |
Information |
lockdown |
File access allowed: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% List: %LIST% |
1793 |
Information |
lockdown |
Added to Approved List in Maintenance Mode |
Path: %PATH% Hash: %SHA256_HEXSTR% |
1794 |
Information |
lockdown |
Approved List updated in Maintenance Mode |
Path: %PATH% Hash: %SHA256_HEXSTR% |
1795 |
Information |
lockdown |
Approved List initialization started |
Approved List initialization started |
1796 |
Information |
lockdown |
Approved List initialization completed |
Approved List initialization completed Count: %COUNT% |
1797 |
Information |
lockdown |
Application Lockdown enabled |
Application Lockdown enabled Mode: %MODE% |
1798 |
Information |
lockdown |
DLL/Driver Lockdown enabled |
DLL/Driver Lockdown enabled |
1799 |
Information |
lockdown |
Script Lockdown enabled |
Script Lockdown enabled |
1800 |
Information |
lockdown |
Intelligent Runtime Learning enabled |
Intelligent Runtime Learning enabled |
2048 |
Information |
update |
Component update has started. |
Component update has started |
2049 |
Information |
update |
Component update has ended. |
Component update has ended. |
2050 |
Information |
update |
Scheduled component update has been enabled. Next update will be on %NEXT_UPDATE_LOCAL_TIME_STR% (agent's local system time). |
Scheduled component update has been enabled. Next update will be on %NEXT_UPDATE_LOCAL_TIME_STR% (agent's local system time). |
2051 |
Information |
update |
Scheduled component update has been disabled. |
Scheduled component update has been disabled. |
4352 |
Warning |
system |
Service stopped |
The service has stopped. |
4353 |
Warning |
system |
Unable to apply policy (Version: %version%) |
The policy can not be applied. |
4354 |
Warning |
system |
Unable to update file: %dst_path% |
Unable to update file. Source Path: %src_path% Destination Path: %dst_path% Error Code: %err_code% |
4355 |
Warning |
system |
Unable to apply patch. File Name: %file_name% |
Unable to apply patch. File Name: %file_name% Error Code: %err_code% |
4609 |
Warning |
intelli_av |
Incoming Files Scanned, Action Taken by Antivirus: %PATH% |
Incoming files were scanned by antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
4610 |
Warning |
intelli_av |
Incoming Files Scanned, Action Taken by Next-Generation Antivirus: %PATH% |
Incoming files were scanned by next-generation antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
4611 |
Warning |
intelli_av |
Local Files Scanned, Action Taken by Antivirus: %PATH% |
Local files were scanned by antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
4612 |
Warning |
intelli_av |
Local Files Scanned, Action Taken by Next-Generation Antivirus: %PATH% |
Local files were scanned by next-generation antivirus. Actions were taken according to settings. File Path: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% Action Result: %INTEGER% Quarantine Path: %PATH% |
4613 |
Warning |
intelli_av |
Suspicious Program Execution Blocked: %PATH% |
Suspicious program execution was blocked. File Path: %PATH% File Hash: %STRING% |
4614 |
Warning |
intelli_av |
Suspicious Program Currently Running: %PATH% |
Suspicious program is currently running. Process ID: %PID% File Path: %PATH% File Hash: %STRING% File Credibility: %STRING% |
4615 |
Warning |
intelli_av |
Application Execution Blocked By Antivirus: %PATH% |
Application execution was blocked by antivirus. Target Process: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% |
4617 |
Warning |
intelli_av |
Application Execution Blocked By Next-Generation Antivirus: %PATH% |
Application execution was blocked by next-generation antivirus. Target Process: %PATH% File Hash: %STRING% Threat Type: %STRING% Threat Name: %STRING% |
4864 |
Warning |
anomaly_detect |
Operations Behavior Anomaly Detection Disabled |
Operations Behavior Anomaly Detection has been disabled. |
4865 |
Warning |
anomaly_detect |
Process Allowed by Operations Behavior Anomaly Detection: %PATH% %ARGUMENT% |
Access User: %USERNAME% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% Mode: %Mode% |
4866 |
Warning |
anomaly_detect |
Process Blocked by Operations Behavior Anomaly Detection: %PATH% %ARGUMENT% |
Access User: %USERNAME% Parent Process 1: %PATH% %ARGUMENT% Parent Process 2: %PATH% %ARGUMENT% Parent Process 3: %PATH% %ARGUMENT% Parent Process 4: %PATH% %ARGUMENT% Mode: %Mode% |
4880 |
Warning |
anomaly_detect |
DLL Injection Prevention Disabled |
DLL Injection Prevention has been disabled. |
5120 |
Warning |
change_control |
ICS File Change Blocked by SafeGuard: %PATH% |
ICS files changed to executable files were blocked by SafeGuard. Blocked Process: %PATH% Target File: %PATH% |
5121 |
Warning |
change_control |
ICS Process Manipulation Blocked by SafeGuard: %PATH% |
ICS Process Manipulation was blocked by SafeGuard. Blocked Process: %PATH% Target Process: %PATH% |
5376 |
Warning |
device_control |
Device Control Disabled |
Device Control has been disabled. |
5377 |
Warning |
device_control |
USB Access Blocked: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Vendor ID: %HEX% Product ID: %HEX% Serial Number: %STRING% |
5888 |
Warning |
lockdown |
File access allowed: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% Reason: %ALLOWED_REASON% File hash allowed: %SHA256_HEXSTR%%THROTTLING_INFO_MSG% |
5889 |
Warning |
lockdown |
File access blocked: %PATH% |
Access Image Path: %PATH% Access User: %USERNAME% Mode: %MODE% Reason: %BLOCKED_REASON% File hash blocked: %SHA256_HEXSTR%%THROTTLING_INFO_MSG% |
5890 |
Warning |
lockdown |
Unable to add to or update Approved List: %PATH% |
Unable to add to or update Approved List: %PATH% |
5891 |
Warning |
lockdown |
Application Lockdown disabled |
Application Lockdown disabled |
5892 |
Warning |
lockdown |
DLL/Driver Lockdown disabled |
DLL/Driver Lockdown disabled |
5893 |
Warning |
lockdown |
Script Lockdown disabled |
Script Lockdown disabled |
5894 |
Warning |
lockdown |
Intelligent Runtime Learning disabled |
Intelligent Runtime Learning disabled |
5895 |
Warning |
lockdown |
Approved List initialization canceled |
Approved List initialization canceled |
8706 |
Critical |
intelli_av |
Real Time Scan Disabled |
The Real-Time Scan has been disabled. |
9216 |
Critical |
change_control |
Maintenance Mode Start |
The Maintenance Mode has started. |
9217 |
Critical |
change_control |
Maintenance Mode End |
The Maintenance Mode has ended. |