Views:

This table details the Windows event log descriptions for StellarProtect.

Event ID

Level

Category

Event

Details

256

Information

System

Service has started.

 

257

Information

System

Policy has been applied successfully. (Version: %version%)

 

258

Information

System

Patch has been applied.

File Name: %file_name%

 

259

Information

System

Patching in progress

After the earlier-applied patch is completed, the system will automatically try to apply this patch: %deferred_file_name%.

513

Information

intelli_av

Application vault update was successful

 

514

Information

intelli_av

Real Time Scan has been enabled.

 

515

Information

intelli_av

A scheduled scan has started.

 

516

Information

intelli_av

A scheduled scan has ended.

Folders scanned: %1

Symbolic links: %2

Regular files: %3

Files scanned: %4

Files passed: %5

Threats detected: %6

517

Information

intelli_av

A manually launched scan has started.

 

518

Information

intelli_av

A manually launched scan has ended.

Folders scanned: %1

Symbolic links: %2

Regular files: %3

Files scanned: %4

Files passed: %5

Threats detected: %6

519

Information

intelli_av

A scheduled scan has been enabled.

Next scan will be on %NextScan%.

520

Information

intelli_av

A scheduled scan has been disabled.

 

521

Information

intelli_av

A scan manually launched by local user has started.

 

522

Information

intelli_av

A scan manually launched by local user has ended.

Folders scanned: %1

Symbolic links: %2

Regular files: %3

Files scanned: %4

Files passed: %5

Threats detected: %6

768

Information

anomaly_detect

Operations Behavior Anomaly Detection (Script Behavior) has been enabled.

Mode: %Mode%

Level: %Level%

Learning time: %LearningTime% day(s)

769

Information

anomaly_detect

Script behavior has been added to the Situational Awareness baseline.

Access User: %USERNAME%

ID: %ID%

Target Process: %PATH% %ARGUMENT%

Parent Process 1: %PATH% %ARGUMENT%

Parent Process 2: %PATH% %ARGUMENT%

Parent Process 3: %PATH% %ARGUMENT%

Parent Process 4: %PATH% %ARGUMENT%

770

Information

anomaly_detect

A script behavior has been excluded from the Situational Awareness baseline.

ID: %ID%

Target Process: %PATH% %ARGUMENT%

Parent Process 1: %PATH% %ARGUMENT%

Parent Process 2: %PATH% %ARGUMENT%

Parent Process 3: %PATH% %ARGUMENT%

Parent Process 4: %PATH% %ARGUMENT%

771

Information

anomaly_detect

Operations Behavior Anomaly Detection (User Login) has been enabled.

Mode: %Mode%

Level: %Level%

Learning time: %LearningTime% day(s)

772

Information

anomaly_detect

Operations Behavior Anomaly Detection (Application Behavior) has been enabled.

Mode: %Mode%

Level: %Level%

Learning time: %LearningTime% day(s)

773

Information

anomaly_detect

A user login account has been added to the Situational Awareness baseline.

Domain: %Domain%

Account: %Account%

Login Type: %LoginType%

Source IP: %IP%

774

Information

anomaly_detect

A user login account has been excluded from the Situational Awareness baseline.

Domain: %Domain%

Account: %Account%

Login Type: %LoginType%

Source IP: %IP%

775

Information

anomaly_detect

An application has been added to the Situational Awareness baseline.

Application Path: %Path%

776

Information

anomaly_detect

An application has been excluded from the Situational Awareness baseline.

Application Path: %Path%

784

Information

anomaly_detect

DLL Injection Prevention has been enabled.

 

1280

Information

device_control

Device Control has been enabled.

 

1281

Information

device_control

Trusted USB device has been added.

Vendor ID: %HEX%

Product ID: %HEX%

Serial Number: %STRING%

Type: permanent or one time

1282

Information

device_control

Trusted USB device has been removed.

Vendor ID: %HEX%

Product ID: %HEX%

Serial Number: %STRING%

1792

Information

lockdown

File access has been allowed: %PATH%

Access Image Path: %PATH%

Access User: %USERNAME%

Mode: %MODE%

List: %LIST%

1793

Information

lockdown

A new file has been added to Approved List in Maintenance Mode.

Path: %PATH%

Hash: %SHA256_HEXSTR%

1794

Information

lockdown

The hash of an existing file in Approved List has been updated in Maintenance Mode.

Path: %PATH%

Hash: %SHA256_HEXSTR%

1795

Information

lockdown

Approved List initialization has started.

 

1796

Information

lockdown

Approved List initialization has completed

Count: %COUNT%

1797

Information

lockdown

Application Lockdown has been enabled

Mode: %MODE%

1798

Information

lockdown

DLL/Driver Lockdown has been enabled.

 

1799

Information

lockdown

Script Lockdown has been enabled.

 

1800

Information

lockdown

Intelligent Runtime Learning has been enabled.

 

2048

Information

update

Component update has started.

 

2049

Information

update

Component update has ended.

 

2050

Information

update

Scheduled component update has been enabled. Next update will be on %NEXT_UPDATE_LOCAL_TIME_STR% (agent's local system time).

 

2051

Information

update

Scheduled component update has been disabled.

 

2052

Information

update

Components updated successfully.

Update Source: %UPDATE_URL%

[Original Version]

%COMPONENTS_INFO%

[Updated Version]

%COMPONENTS_INFO%

3840

Information

misc

User account has been enabled.

 

3841

Information

misc

User account has been disabled.

 

3842

Information

misc

User password has been changed.

 

4352

Warning

system

Service has stopped.

 

4353

Warning

system

Unable to apply policy (Version: %version%)

 

4354

Warning

system

Unable to update file.

Source Path: %src_path%

Destination Path: %dst_path%

Error Code: %err_code%

4355

Warning

system

Unable to apply patch.

File Name: %file_name%

Error Code: %err_code%

4609

Warning

intelli_av

Incoming Files Scanned, Action Taken by Antivirus: %PATH%

Incoming files were scanned by antivirus. Action was taken according to settings.

File Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

Action Result: %INTEGER%

Quarantine Path: %PATH%

4610

Warning

intelli_av

Incoming Files Scanned, Action Taken by Next-Generation Antivirus: %PATH%

Incoming files were scanned by next-generation antivirus. Action was taken according to settings.

File Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

Action Result: %INTEGER%

Quarantine Path: %PATH%

4611

Warning

intelli_av

Local Files Scanned, Action Taken by Antivirus: %PATH%

Local files were scanned by antivirus. Action was taken according to settings.

File Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

Action Result: %INTEGER%

Quarantine Path: %PATH%

4612

Warning

intelli_av

Local Files Scanned, Action Taken by Next-Generation Antivirus: %PATH%

Local files were scanned by next-generation antivirus. Action was taken according to settings.

File Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

Action Result: %INTEGER%

Quarantine Path: %PATH%

4613

Warning

intelli_av

Suspicious Program Execution Blocked

Suspicious program execution was blocked.

File Path: %PATH%

File Hash: %STRING%

4614

Warning

intelli_av

Suspicious Program Currently Running

Suspicious program is currently running.

Process ID: %PID%

File Path: %PATH%

File Hash: %STRING%

File Credibility: %STRING%

4615

Warning

intelli_av

Application Execution Blocked By Antivirus

Application execution was blocked by antivirus.

Process Image Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

4617

Warning

intelli_av

Application Execution Blocked By Next-Generation Antivirus

Application execution was blocked by next-generation antivirus.

Process Image Path: %PATH%

File Hash: %STRING%

Threat Type: %STRING%

Threat Name: %STRING%

4864

Warning

anomaly_detect

Operations Behavior Anomaly Detection (Script Behavior) has been disabled.

 

4865

Warning

anomaly_detect

Script Behavior has been allowed by Operations Behavior Anomaly Detection: %PATH%

Access User: %USERNAME%

Parent Process 1: %PATH% %ARGUMENT%

Parent Process 2: %PATH% %ARGUMENT%

Parent Process 3: %PATH% %ARGUMENT%

Parent Process 4: %PATH% %ARGUMENT%

Mode: %Mode%

Level: %LEVEL%

4866

Warning

anomaly_detect

Script Behavior has been blocked by Operations Behavior Anomaly Detection: %PATH%

Access User: %USERNAME%

Parent Process 1: %PATH% %ARGUMENT%

Parent Process 2: %PATH% %ARGUMENT%

Parent Process 3: %PATH% %ARGUMENT%

Parent Process 4: %PATH% %ARGUMENT%

Mode: %Mode%

Level: %LEVEL%

4867

warning

anomaly_detect

Operations Behavior Anomaly Detection (User Login) has been disabled.

 

4868

warning

anomaly_detect

Operations Behavior Anomaly Detection (Application Behavior) has been disabled.

 

4869

warning

anomaly_detect

A user login failure has been detected by Operations Behavior Anomaly Detection.

Domain: %Domain%

Account: %Account%

Login Type: %LoginType%

Source IP: %IP%

4870

warning

anomaly_detect

An abnormal user Login has been detected by Operations Behavior Anomaly Detection.

Domain: %Domain%

Account: %Account%

Login Type: %LoginType%

Source IP: %IP%

4871

warning

anomaly_detect

Suspicious application behavior has been detected by Operations Behavior Anomaly Detection.

Program Path: %Path%

Program Hash: %SHA256%

Program Size: %Size%

Certificate: %CertificateSigner%

Vendor: %VendorName%

Product: %Product%

4872

warning

anomaly_detect

An unrecognized application has been detected by Operations Behavior Anomaly Detection.

PID: %PID%

Program Path: %Path%

Program Hash: %SHA256%

Program Size: %Size%

Certificate: %CertificateSigner%

Vendor: %VendorName%

Product: %Product%

4873

warning

anomaly_detect

Malicious application behavior has been detected by Operations Behavior Anomaly Detection

Program Path: %Path%

Program Hash: %SHA256%

Program Size: %Size%

Certificate: %CertificateSigner%

Vendor: %VendorName%

Product: %Product%

4880

Warning

anomaly_detect

DLL Injection Prevention has been disabled.

 

5120

Warning

change_control

Change to an ICS file was blocked by OT Application Safeguard.

Blocked Process: %PATH%

Target File: %PATH%

5121

Warning

change_control

Manipulation to existing ICS process was blocked by OT Application Safeguard.

Blocked Process: %PATH%

Target Process: %PATH%

5376

Warning

device_control

Device Control has been disabled.

 

5377

Warning

device_control

USB access has been blocked: %PATH%

Access Image Path: %PATH%

Access User: %USERNAME%

Vendor ID: %HEX%

Product ID: %HEX%

Serial Number: %STRING%

5378

Warning

device_control

USB autorun.inf file has been blocked: %PATH%

 

5888

Warning

lockdown

File access has been allowed: %PATH%

Access Image Path: %PATH%

Access User: %USERNAME%

Mode: %MODE%

Reason: %ALLOWED_REASON%

File hash allowed: %SHA256_HEXSTR%%THROTTLING_INFO_MSG%

5889

Warning

lockdown

File access has been blocked: C:\object_file_path

Access Image Path: %PATH%

Access User: %USERNAME%

Mode: %MODE%

Reason: %BLOCKED_REASON%

File hash blocked: %SHA256_HEXSTR%%THROTTLING_INFO_MSG%

5890

Warning

lockdown

Unable to add to or update Approved List: %PATH%

 

5891

Warning

lockdown

Application Lockdown has been disabled

 

5892

Warning

lockdown

DLL/Driver Lockdown has been disabled.

 

5893

Warning

lockdown

Script Lockdown has been disabled.

 

5894

Warning

lockdown

Intelligent Runtime Learning has been disabled.

 

5895

Warning

lockdown

Approved List initialization has been canceled.

 

6144

Warning

update

Component update unsuccessful.(%AU_ERROR_CODE%)

Update Source: %UPDATE_URL%

[Original Version]

%COMPONENTS_INFO%

[Updated Version]

%COMPONENTS_INFO%

8706

Critical

intelli_av

Real-Time Scan has been disabled.

 

9216

Critical

change_control

The Maintenance Mode has now started.

 
9217

Critical

change_control

The Maintenance Mode has now ended.