This table details the Windows event log descriptions for StellarProtect (Legacy Mode).
|
Event ID |
Level |
Category |
Event |
Details |
|---|---|---|---|---|
|
1000 |
Information |
System |
Service started |
|
|
1001 |
Warning |
System |
Service stopped |
|
|
1002 |
Information |
System |
Application Lockdown Turned On |
|
|
1003 |
Warning |
System |
Application Lockdown Turned Off |
|
|
1004 |
Information |
System |
Disabled |
|
|
1005 |
Information |
System |
Administrator password changed |
|
|
1006 |
Information |
System |
User password changed |
|
|
1007 |
Information |
System |
User account enabled |
|
|
1008 |
Information |
System |
User account disabled |
|
|
1009 |
Information |
System |
Product activated |
|
|
1010 |
Information |
System |
Product deactivated |
|
|
1011 |
Warning |
System |
License Expired. Grace period enabled. |
|
|
1012 |
Warning |
System |
License Expired. Grace period ended. |
|
|
1013 |
Information |
System |
Product configuration import started: %path% |
|
|
1014 |
Information |
System |
Product configuration import completed: %path% |
|
|
1015 |
Information |
System |
Product configuration exported to: %path% |
|
|
1016 |
Information |
System |
USB Malware Protection set to Allow |
|
|
1017 |
Information |
System |
USB Malware Protection set to Block |
|
|
1018 |
Information |
System |
USB Malware Protection enabled |
|
|
1019 |
Warning |
System |
USB Malware Protection disabled |
|
|
1025 |
Information |
System |
Memory Randomization enabled |
|
|
1026 |
Warning |
System |
Memory Randomization disabled |
|
|
1027 |
Information |
System |
API Hooking Prevention set to Allow |
|
|
1028 |
Information |
System |
API Hooking Prevention set to Block |
|
|
1029 |
Information |
System |
API Hooking Prevention enabled |
|
|
1030 |
Warning |
System |
API Hooking Prevention disabled |
|
|
1031 |
Information |
System |
DLL Injection Prevention set to Allow |
|
|
1032 |
Information |
System |
DLL Injection Prevention set to Block |
|
|
1033 |
Information |
System |
DLL Injection Prevention enabled |
|
|
1034 |
Warning |
System |
DLL Injection Prevention disabled |
|
|
1035 |
Information |
System |
Pre-defined Trusted Update enabled |
|
|
1036 |
Information |
System |
Pre-defined Trusted Update disabled |
|
|
1037 |
Information |
System |
DLL/Driver Lockdown enabled |
|
|
1038 |
Warning |
System |
DLL/Driver Lockdown disabled |
|
|
1039 |
Information |
System |
Script Lockdown enabled |
|
|
1040 |
Warning |
System |
Script Lockdown disabled |
|
|
1041 |
Information |
System |
Script added |
File extension: %extension% Interpreter: %interpreter% |
|
1042 |
Information |
System |
Script removed |
File extension: %extension% Interpreter: %interpreter% |
|
1044 |
Information |
System |
Exception path enabled |
|
|
1045 |
Information |
System |
Exception path disabled |
|
|
1047 |
Information |
System |
Trusted certificate enabled |
|
|
1048 |
Information |
System |
Trusted certificate disabled |
|
|
1049 |
Information |
System |
Write Protection enabled |
|
|
1050 |
Warning |
System |
Write Protection disabled |
|
|
1051 |
Information |
System |
Write Protection set to Allow |
|
|
1052 |
Information |
System |
Write Protection set to Block |
|
|
1055 |
Information |
System |
Added file to Write Protection List Path: %path% |
|
|
1056 |
Information |
System |
Removed file from Write Protection List Path: %path% |
|
|
1057 |
Information |
System |
Added file to Write Protection Exception List Path: %path% Process: %process% |
|
|
1058 |
Information |
System |
Removed file from Write Protection Exception List Path: %path% Process: %process% |
|
|
1059 |
Information |
System |
Added folder to Write Protection List Path: %path% Scope: %scope% |
|
|
1060 |
Information |
System |
Removed folder from Write Protection List Path: %path% Scope: %scope% |
|
|
1061 |
Information |
System |
Added folder to Write Protection Exception List Path: %path% Scope: %scope% Process: %process% |
|
|
1062 |
Information |
System |
Removed folder from Write Protection Exception List Path: %path% Scope: %scope% Process: %process% |
|
|
1063 |
Information |
System |
Added registry value to Write Protection List Registry Key: %regkey% Registry Value Name: %regvalue% |
|
|
1064 |
Information |
System |
Removed registry value from Write Protection List Registry Key: %regkey% Registry Value Name: %regvalue% |
|
|
1065 |
Information |
System |
Added registry value to Write Protection Exception List Registry Key: %regkey% Registry Value Name: %regvalue% Process: %process% |
|
|
1066 |
Information |
System |
Removed registry value from Write Protection Exception List Registry Key: %regkey% Registry Value Name: %regvalue% Process: %process% |
|
|
1067 |
Information |
System |
Added registry key to Write Protection List Path: %regkey% Scope: %scope% |
|
|
1068 |
Information |
System |
Removed registry key from Write Protection List Path: %regkey% Scope: %scope% |
|
|
1069 |
Information |
System |
Added registry key to Write Protection Exception List Path: %regkey% Scope: %scope% Process: %process% |
|
|
1070 |
Information |
System |
Removed registry key from Write Protection Exception List Path: %regkey% Scope: %scope% Process: %process% |
|
|
1071 |
Information |
System |
Custom Action set to Ignore |
|
|
1072 |
Information |
System |
Custom Action set to Quarantine |
|
|
1073 |
Information |
System |
Custom Action set to Ask StellarOne |
|
|
1074 |
Information |
System |
Quarantined file is restored. |
Original Location: %path% Source: %source% |
|
1075 |
Information |
System |
Quarantined file is deleted. |
Original Location: %path% Source: %source% |
|
1076 |
Information |
System |
Integrity Monitoring enabled |
|
|
1077 |
Information |
System |
Integrity Monitoring disabled |
|
|
1078 |
Information |
System |
Root cause analysis report unsuccessful |
Access Image Path: %path% |
|
1079 |
Information |
System |
Server certification imported: %path% |
|
|
1080 |
Information |
System |
Server certification exported: %path% |
|
|
1081 |
Information |
System |
Managed mode configuration imported: %path% |
|
|
1082 |
Information |
System |
Managed mode configuration exported: %path% |
|
|
1083 |
Information |
System |
Managed mode enabled |
|
|
1084 |
Information |
System |
Managed mode disabled |
|
|
1085 |
Information |
System |
Protection applied to Write Protection List and Approved List while Write Protection is enabled |
|
|
1086 |
Warning |
System |
Protection applied to Write Protection List while Write Protection is enabled. |
|
|
1088 |
Information |
System |
Windows Update Support enabled |
|
|
1089 |
Information |
System |
Windows Update Support disabled |
|
|
1094 |
Information |
System |
Applied a patch to agent by StellarOne File applied: %file_name% |
|
|
1096 |
Information |
System |
Trusted hash enabled |
|
|
1097 |
Information |
System |
Trusted hash disabled |
|
|
1099 |
Information |
System |
Storage device access set to Allow |
|
|
1100 |
Information |
System |
Storage device access set to Block |
|
|
1101 |
Information |
System |
Storage device control enabled |
|
|
1102 |
Warning |
System |
Storage device control disabled |
|
|
1103 |
Information |
System |
Event Log settings changed |
Windows Event Log: %ON|off% Level: Warning Log: %ON|off% Information Log: %ON|off% System Log: %ON|off% Exception Path Log: %ON|off% Write Protection Log: %ON|off% List Log: %ON|off% Approved Access Log: DllDriver Log: %ON|off% Trusted Updater Log: %ON|off% Exception Path Log: %ON|off% Trusted Certification Log: %ON|off% Trusted Hash Log: %ON|off% Write Protection Log: %ON|off% Blocked Access Log: %ON|off% USB Malware Protection Log: %ON|off% Execution Prevention Log: %ON|off% Integrity Monitoring Log File Created Log: %ON|off% File Modified Log: %ON|off% File Deleted Log: %ON|off% File Renamed Log: %ON|off% RegValue Modified Log: %ON|off% RegValue Deleted Log: %ON|off% RegKey Created Log: %ON|off% RegKey Deleted Log: %ON|off% RegKey Renamed Log: %ON|off% Device Control Log: %ON|off% Debug Log: %ON|off% |
|
1104 |
Warning |
System |
Memory Randomization is not available in this version of Windows. |
|
|
1105 |
Information |
System |
Blocked File Notification enabled |
|
|
1106 |
Information |
System |
Blocked File Notification disabled |
|
|
1107 |
Information |
System |
Administrator password changed remotely |
|
|
1111 |
Information |
System |
Fileless Attack Prevention enabled |
|
|
1112 |
Warning |
System |
Fileless Attack Prevention disabled |
|
|
1500 |
Information |
List |
Trusted Update started. |
|
|
1501 |
Information |
List |
Trusted Update stopped. |
|
|
1502 |
Information |
List |
Approved List import started: %path% |
|
|
1503 |
Information |
List |
Approved List import complete: %path% |
|
|
1504 |
Information |
List |
Approved List exported to: %path% |
|
|
1505 |
Information |
List |
Added to Approved List: %path% |
|
|
1506 |
Information |
List |
Added to Trusted Updater List: %path% |
|
|
1507 |
Information |
List |
Removed from Approved List: %path% |
|
|
1508 |
Information |
List |
Removed from Trusted Updater List: %path% |
|
|
1509 |
Information |
List |
Approved List updated: %path% |
|
|
1510 |
Information |
List |
Trusted Updater List updated: %path% |
|
|
1511 |
Warning |
List |
Unable to add to or update Approved List: %path% |
|
|
1512 |
Warning |
List |
Unable to add to or update Trusted Updater List: %path% |
|
|
1513 |
Information |
System |
Added to Exception Path List |
Type: %exceptionpathtype% Path: %exceptionpath% |
|
1514 |
Information |
System |
Removed from Exception Path List |
Type: %exceptionpathtype% Path: %exceptionpath% |
|
1515 |
Information |
System |
Added to Trusted Certification List |
Label: %label% Hash: %hashvalue% Type: %type% Subject: %subject% Issuer: %issuer% |
|
1516 |
Information |
System |
Removed from Trusted Certification List |
Label: %label% Hash: %hashvalue% Type: %type% Subject: %subject% Issuer: %issuer% |
|
1517 |
Information |
System |
Added to Trusted Hash List.%n |
Label : %label% Hash : %hashvalue% Type : %type% Add to Approved List: %yes|no% Path : %path% Note: %note% |
|
1518 |
Information |
System |
Removed from Trusted Hash List.%n |
Label : %label% Hash : %hashvalue% Type : %type% Add to Approved List: %yes|no% Path : %path% Note: %note% |
|
1519 |
Information |
List |
Removed from Approved List remotely: %path% |
|
|
1520 |
Warning |
List |
Unable to create Approved List because an unexpected error occurred during enumeration of the files in %1 %n Error Code: %2 %n |
|
|
1521 |
Information |
System |
Added Fileless Attack Prevention exception |
Label : %label% Target Process: %process_name% Arguments: %arguments% %regex_flag% Parent Process 1 Image Path: %path% Parent Process 2 Image Path: %path% Parent Process 3 Image Path: %path% Parent Process 4 Image Path: %path% |
|
1522 |
Information |
System |
Removed Fileless Attack Prevention exception |
Label : %label% Target Process: %process_name% Arguments: %arguments% %regex_flag% Parent Process 1 Image Path: %path% Parent Process 2 Image Path: %path% Parent Process 3 Image Path: %path% Parent Process 4 Image Path: %path% |
|
1523 |
Information |
System |
Maintenance Mode started |
|
|
1524 |
Information |
System |
Leaving Maintenance Mode |
|
|
1525 |
Information |
System |
Maintenance Mode stopped |
|
|
1526 |
Information |
List |
Added to Approved List in Maintenance Mode Path: %1 Hash: %2 |
|
|
1527 |
Information |
List |
Approved List updated in Maintenance Mode Path: %1 Hash: %2 |
|
|
2000 |
Information |
Access Approved |
File access allowed: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% List: %list% |
|
2001 |
Warning |
Access Approved |
File access allowed: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% File Hash allowed: %hash% |
|
2002 |
Warning |
Access Approved |
File access allowed: %path% Unable to get the file path while checking the Approved List |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2003 |
Warning |
Access Approved |
File access allowed: %path% Unable to calculate hash while checking the Approved List |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2004 |
Warning |
Access Approved |
File access allowed: %path% Unable to get notifications to monitor process |
|
|
2005 |
Warning |
Access Approved |
File access allowed: %path% Unable to add process to non exception list |
|
|
2006 |
Information |
Access Approved |
File access allowed: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2007 |
Warning |
Access Approved |
File access allowed: %path% An error occurred while checking the Exception Path List |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2008 |
Warning |
Access Approved |
File access allowed: %path% An error occurred while checking the Trusted Certification List |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2011 |
Information |
Access Approved |
Registry access allowed Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2012 |
Information |
Access Approved |
Registry access allowed Registry Key: %regkey% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2013 |
Information |
Access Approved |
Change of File/Folder allowed by Exception List: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2015 |
Information |
Access Approved |
Change of Registry Value allowed by Exception List Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2016 |
Information |
Access Approved |
Change of Registry Key allowed by Exception List Registry Key: %regkey% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2017 |
Warning |
Access Approved |
Change of File/Folder allowed: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2019 |
Warning |
Access Approved |
Change of Registry Value allowed Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2020 |
Warning |
Access Approved |
Change of Registry Key allowed Registry Key: %regkey% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2021 |
Warning |
Access Approved |
File access allowed: %path% An error occurred while checking the Trusted Hash List |
Access Image Path: %path% Access User: %username% Mode: %mode% |
| 2022 |
Warning |
Access Approved |
Process allowed by Fileless Attack Prevention: %path% %argument% |
Access User: %username% Parent Process 1 Image Path: %path% Parent Process 2 Image Path: %path% Parent Process 3 Image Path: %path% Parent Process 4 Image Path: %path% Mode: Unlocked Reason: %reason% |
|
2503 |
Warning |
Access Blocked |
Change of File/Folder blocked: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2505 |
Warning |
Access Blocked |
Change of Registry Value blocked. Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2506 |
Warning |
Access Blocked |
Change of Registry Key blocked. Registry Key: %regkey% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2507 |
Information |
Access Blocked |
Action completed successfully: %path% |
Action: %action% Source: %source% |
|
2508 |
Warning |
Access Blocked |
Unable to take specified action: %path% |
Action: %action% Source: %source% |
|
2509 |
Warning |
Access Blocked |
File access blocked: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% Reason: Not in Approved List File Hash blocked: %hash% |
|
2510 |
Warning |
Access Blocked |
File access blocked: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% Reason: Hash does not match expected value File Hash blocked: %hash% |
|
2511 |
Information |
Access Blocked |
Change of File/Folder blocked: %path% |
Access Image Path: %path% Access User: %username% Mode: %mode% |
|
2512 |
Warning |
Access Blocked |
Change of Registry Value blocked. Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access User: %username% Note:
Enabling the Service Creation Prevention feature triggers Event ID 2512. |
|
2513 |
Warning |
Access Blocked |
Process blocked by Fileless Attack Prevention: %path% %argument% |
Access User: %username% Parent Process 1 Image Path: %path% Parent Process 2 Image Path: %path% Parent Process 3 Image Path: %path% Parent Process 4 Image Path: %path% Mode: locked Reason: %reason% |
|
2514 |
Warning |
Access Blocked |
File access blocked: %BLOCKED_FILE_PATH% |
Access Image Path: %PARENT_PROCESS_PATH% Access User: %USER_NAME% Reason: Blocked file is in a folder that has the case sensitive attribute enabled. |
|
3000 |
Warning |
USB Malware Protection |
Device access allowed: %path% |
Access Image Path: %path% Access User: %username% Device Type: %type% |
|
3001 |
Warning |
USB Malware Protection |
Device access blocked: %path% |
Access Image Path: %path% Access User: %username% Device Type: %type% |
|
4000 |
Warning |
Process Protection Event |
API Hooking/DLL Injection allowed: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4001 |
Warning |
Process Protection Event |
API Hooking/DLL Injection blocked: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4002 |
Warning |
Process Protection Event |
API Hooking allowed: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4003 |
Warning |
Process Protection Event |
API Hooking blocked: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4004 |
Warning |
Process Protection Event |
DLL Injection allowed: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4005 |
Warning |
Process Protection Event |
DLL Injection blocked: %path% |
Threat Image Path: %path% Threat User: %username% |
|
4500 |
Information |
Changes in System |
File/Folder created: %path% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4501 |
Information |
Changes in System |
File modified: %path% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4502 |
Information |
Changes in System |
File/Folder deleted: %path% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4503 |
Information |
Changes in System |
File/Folder renamed: %path% New Path: %path% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4504 |
Information |
Changes in System |
Registry Value modified. Registry Key: %regkey% Registry Value Name: %regvalue% Registry Value Type: %regvaluetype% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4505 |
Information |
Changes in System |
Registry Value deleted. Registry Key: %regkey% Registry Value Name: %regvalue% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4506 |
Information |
Changes in System |
Registry Key created. Registry Key: %regkey% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4507 |
Information |
Changes in System |
Registry Key deleted. Registry Key: %regkey% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
4508 |
Information |
Changes in System |
Registry Key renamed. Registry Key: %regkey% New Registry Key: %regkey% |
Access Image Path: %path% Access Process Id: %pid% Access User: %username% |
|
5000 |
Warning |
Device Control |
Storage device access allowed: %PATH% |
Access Image path: %PATH% Access User: %USERNAME% Device Type: %TYPE% %DEVICEINFO% |
|
5001 |
Warning |
Device Control |
Storage device access blocked: %PATH% |
Access Image path: %PATH% Access User: %USERNAME% Device Type: %TYPE% %DEVICEINFO% |
|
6000 |
Information |
System |
%Result% |
Update Source: %SERVER% [Original Version] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% [Updated Version] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6001 |
Warning |
System |
Update failed: %ERROR_MSG% (%ERROR_CODE%) |
Update Source: %SERVER% [Original Version] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% [Updated Version] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6002 |
Information |
System |
Malware scan started: %SCAN_TYPE% |
Files to scan: %SCAN_FOLDER_TYPE% Scanned folders: %PATHS% Excluded paths: %PATHS% Excluded files: %PATHS% Excluded extensions: %PATHS% [Components] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6003 |
Information |
System |
Malware scan completed: %SCAN_TYPE%. Number of infected files: %NUM% |
Files to scan: %SCAN_FOLDER_TYPE% Scanned folders: %PATHS% Excluded paths: %PATHS% Excluded files: %PATHS% Excluded extensions: %PATHS% Start date/time: %DATE_TIME% End date/time: %DATE_TIME% Number of scanned files: %NUM% Number of infected files: %NUM% Number of cleaned files: %NUM% Number of files cleaned after reboot: %NUM% [Components] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6004 |
Warning |
System |
Malware scan unsuccessful: %SCAN_TYPE% %ERROR% |
Files to scan: %SCAN_FOLDER_TYPE% Scanned folders: %PATHS% Excluded paths: %PATHS% Excluded files: %PATHS% Excluded extensions: %PATHS% Start date/time: %DATE_TIME% End date/time: %DATE_TIME% Number of scanned files: %NUM% Number of infected files: %NUM% Number of cleaned files: %NUM% Number of files cleaned after reboot: %NUM% [Components] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6005 |
Information |
System |
Malware detected: %ACTION% File path: %PATH% |
Reboot required: %NEED_REBOOT% [Scan Result] Threat type: %TYPE% Threat name: %NAME% [Components] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6006 |
Warning |
System |
Malware detected. Unable to perform scan actions: %PATH% |
First action: %1ST_ACTION% Second action: %2ND_ACTION% Threat type: %TYPE% Threat name: %NAME% [Components] Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6007 |
Warning |
Maintenance Mode |
Malware detected in Maintenance Mode (file quarantine successful): %PATH% |
Component versions: %VERSION% Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6008 |
Warning |
Maintenance Mode |
Malware detected in Maintenance Mode (file quarantine unsuccessful): %PATH% |
Component versions: Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
6009 |
Warning |
Maintenance Mode |
Malware detected in Maintenance Mode: %PATH% |
Component versions: Virus Pattern: %VERSION% Spyware Pattern: %VERSION% Digital Signature Pattern: %VERSION% Program Inspection Pattern: %VERSION% Damage Cleanup Template: %VERSION% Damage Cleanup Engine Configuration: %VERSION% Virus Scan Engine: %VERSION% Damage Cleanup Engine: %VERSION% Scanner: %VERSION% |
|
7000 |
Information |
System |
Group policy applied |
Old Group Name: %GROUP NAME% Old Policy Version: %VERSION% New Group Name: %GROUP NAME% New Policy Version: %VERSION% |
|
7001 |
Warning |
System |
Unable to synchronize group policy |
Old Group Name: %GROUP NAME% Old Policy Version: %VERSION% New Group Name: %GROUP NAME% New Policy Version: %VERSION% Reason: %Reason% |
|
8000 |
Information |
System |
Real Time Scan is enabled. |
|
|
8001 |
Warning |
System |
Real Time Scan is disabled. |
|
|
8010 |
Warning |
System |
Incoming files were scanned by antivirus. Action was taken according to settings. |
File Path: %PATH% File Hash: %HASH% Threat Type: %TYPE% Threat Name: %NAME% Action Result: %INTEGER% Quarantine Path: %PATH% |
|
8011 |
Warning |
System |
Application execution was blocked by antivirus. |
Process Image Path: %PATH% File Hash: %HASH% Threat Type: %TYPE% Threat Name: %NAME% |
|
8500 |
Information |
System |
Scheduled component update has been enabled. Next update will be on %TIME% (agent's local system time). |
|
|
8501 |
Information |
System |
Scheduled component update has been disabled. |
|
|
8601 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection (User Login) has been enabled. |
Mode: %Mode% Level: %Level% Learning time: %LearningTime% day(s) |
|
8602 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection (User Login) has been disabled. |
|
|
8603 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection (Application Behavior) has been enabled. |
Mode: %Mode% Level: %Level% Learning time: %LearningTime% day(s) |
|
8604 |
Information |
anomaly_detect |
Operations Behavior Anomaly Detection (Application Behavior) has been disabled. |
|
|
8610 |
warning |
anomaly_detect |
An abnormal user login has been detected by Operations Behavior Anomaly Detection. |
Domain: %Domain% Account: %Account% Login Type: %LoginType% Source IP: %IP% |
|
8611 |
warning |
anomaly_detect |
A user login failure has been detected by Operations Behavior Anomaly Detection. |
Domain: %Domain% Account: %Account% Login Type: %LoginType% Source IP: %IP% |
|
8612 |
warning |
anomaly_detect |
An unrecognized application has been detected by Operations Behavior Anomaly Detection. |
PID: %PID% Program Path: %Path% Program Hash: %SHA256% Program Size: %Size% Certificate: %CertificateSigner% Vendor: %VendorName% Product: %Product% |
|
8613 |
warning |
anomaly_detect |
Malicious application behavior has been detected by Operations Behavior Anomaly Detection |
Program Path: %Path% Program Hash: %SHA256% Program Size: %Size% Certificate: %CertificateSigner% Vendor: %VendorName% Product: %Product% |
|
8614 |
warning |
anomaly_detect |
Suspicious application behavior has been detected by Operations Behavior Anomaly Detection. |
Program Path: %Path% Program Hash: %SHA256% Program Size: %Size% Certificate: %CertificateSigner% Vendor: %VendorName% Product: %Product% |
|
8620 |
Information |
anomaly_detect |
A user login account has been added to the Situational Awareness baseline. |
Domain: %Domain% Account: %Account% Login Type: %LoginType% Source IP: %IP% |
|
8621 |
Information |
anomaly_detect |
A user login account has been excluded from the Situational Awareness baseline. |
Domain: %Domain% Account: %Account% Login Type: %LoginType% Source IP: %IP% |
|
8622 |
Information |
anomaly_detect |
An application has been added to the Situational Awareness baseline. |
Application Path: %Path% |
|
8623 |
Information |
anomaly_detect |
An application has been excluded from the Situational Awareness baseline. |
Application Path: %Path% |