This table details the Windows event log descriptions for StellarProtect
(Legacy Mode).
|
Event ID
|
Level
|
Category
|
Event
|
Details | ||
|
1000
|
Information
|
System
|
Service started
|
|||
|
1001
|
Warning
|
System
|
Service stopped
|
|||
|
1002
|
Information
|
System
|
Application Lockdown turned on
|
|||
|
1003
|
Warning
|
System
|
Application Lockdown turned off
|
|||
|
1005
|
Information
|
System
|
Administrator password changed
|
|||
|
1006
|
Information
|
System
|
User password
changed
|
|||
|
1007
|
Information
|
System
|
User account enabled
|
|||
|
1008
|
Information
|
System
|
User account disabled
|
|||
|
1009
|
Information
|
System
|
Product activated
|
|||
|
1010
|
Information
|
System
|
Product deactivated
|
|||
|
1011
|
Warning
|
System
|
License Expired. Grace period enabled
|
|||
|
1012
|
Warning
|
System
|
License Expired. Grace period ended
|
|||
|
1013
|
Information
|
System
|
Product configuration import started: %path%
|
|||
|
1014
|
Information
|
System
|
Product configuration import completed: %path%
|
|||
|
1015
|
Information
|
System
|
Product configuration exported to: %path%
|
|||
|
1016
|
Information
|
System
|
USB Malware Protection set to Allow
|
|||
|
1017
|
Information
|
System
|
USB Malware Protection set to Block
|
|||
|
1018
|
Information
|
System
|
USB Malware Protection enabled
|
|||
|
1019
|
Warning
|
System
|
USB Malware Protection disabled
|
|||
|
1025
|
Information
|
System
|
Memory Randomization enabled
|
|||
|
1026
|
Warning
|
System
|
Memory Randomization disabled
|
|||
|
1027
|
Information
|
System
|
API Hooking Prevention set to Allow
|
|||
|
1028
|
Information
|
System
|
API Hooking Prevention set to Block
|
|||
|
1029
|
Information
|
System
|
API Hooking Prevention enabled
|
|||
|
1030
|
Warning
|
System
|
API Hooking Prevention disabled
|
|||
|
1031
|
Information
|
System
|
DLL Injection Prevention set to Allow
|
|||
|
1032
|
Information
|
System
|
DLL Injection Prevention set to Block
|
|||
|
1033
|
Information
|
System
|
DLL Injection Prevention enabled
|
|||
|
1034
|
Warning
|
System
|
DLL Injection Prevention disabled
|
|||
|
1035
|
Information
|
System
|
Pre-defined Trusted Update enabled
|
|||
|
1036
|
Information
|
System
|
Pre-defined Trusted Update disabled
|
|||
|
1037
|
Information
|
System
|
DLL/Driver Lockdown enabled
|
|||
|
1038
|
Warning
|
System
|
DLL/Driver Lockdown disabled
|
|||
|
1039
|
Information
|
System
|
Script Lockdown enabled
|
|||
|
1040
|
Warning
|
System
|
Script Lockdown disabled
|
|||
|
1041
|
Information
|
System
|
Script added
|
File extension: %extension%
Interpreter: %interpreter%
|
||
|
1042
|
Information
|
System
|
Script removed
|
File extension: %extension%
Interpreter: %interpreter%
|
||
|
1044
|
Information
|
System
|
Exception path enabled
|
|||
|
1045
|
Information
|
System
|
Exception path disabled
|
|||
|
1047
|
Information
|
System
|
Trusted certificate enabled
|
|||
|
1048
|
Information
|
System
|
Trusted certificate disabled
|
|||
|
1049
|
Information
|
System
|
Write Protection enabled
|
|||
|
1050
|
Warning
|
System
|
Write Protection disabled
|
|||
|
1051
|
Information
|
System
|
Write Protection set to Allow
|
|||
|
1052
|
Information
|
System
|
Write Protection set to Block
|
|||
|
1055
|
Information
|
System
|
Added file to Write Protection List
Path: %path%
|
|||
|
1056
|
Information
|
System
|
Removed file from Write Protection List
Path: %path%
|
|||
|
1057
|
Information
|
System
|
Added file to Write Protection Exception List
Path: %path%
Process: %process%
|
|||
|
1058
|
Information
|
System
|
Removed file from Write Protection Exception List
Path: %path%
Process: %process%
|
|||
|
1059
|
Information
|
System
|
Added folder to Write Protection List
Path: %path%
Scope: %scope%
|
|||
|
1060
|
Information
|
System
|
Removed folder from Write Protection List
Path: %path%
Scope: %scope%
|
|||
|
1061
|
Information
|
System
|
Added folder to Write Protection Exception List
Path: %path%
Scope: %scope%
Process: %process%
|
|||
|
1062
|
Information
|
System
|
Removed folder from Write Protection Exception List
Path: %path%
Scope: %scope%
Process: %process%
|
|||
|
1063
|
Information
|
System
|
Added registry value to Write Protection List
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
|||
|
1064
|
Information
|
System
|
Removed registry value from Write Protection List
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
|||
|
1065
|
Information
|
System
|
Added registry value to Write Protection Exception List
Registry Key: %regkey%
Registry Value Name: %regvalue%
Process: %process%
|
|||
|
1066
|
Information
|
System
|
Removed registry value from Write Protection Exception List
Registry Key: %regkey%
Registry Value Name: %regvalue%
Process: %process%
|
|||
|
1067
|
Information
|
System
|
Added registry key to Write Protection List
Path: %regkey%
Scope: %scope%
|
|||
|
1068
|
Information
|
System
|
Removed registry key from Write Protection List
Path: %regkey%
Scope: %scope%
|
|||
|
1069
|
Information
|
System
|
Added registry key to Write Protection Exception List
Path: %regkey%
Scope: %scope%
Process: %process%
|
|||
|
1070
|
Information
|
System
|
Removed registry key from Write Protection Exception List
Path: %regkey%
Scope: %scope%
Process: %process%
|
|||
|
1071
|
Information
|
System
|
Custom Action set to Ignore
|
|||
|
1072
|
Information
|
System
|
Custom Action set to Quarantine
|
|||
|
1073
|
Information
|
System
|
Custom Action set to Ask StellarOne
|
|||
|
1074
|
Information
|
System
|
Quarantined file is restored.
|
Original Location: %path%
Source: %source%
|
||
|
1075
|
Information
|
System
|
Quarantined file is deleted.
|
Original Location: %path%
Source: %source%
|
||
|
1076
|
Information
|
System
|
Integrity Monitoring enabled
|
|||
|
1077
|
Information
|
System
|
Integrity Monitoring disabled
|
|||
|
1079
|
Information
|
System
|
Server certification imported: %path%
|
|||
|
1080
|
Information
|
System
|
Server certification exported: %path%
|
|||
|
1081
|
Information
|
System
|
Managed mode configuration imported: %path%
|
|||
|
1082
|
Information
|
System
|
Managed mode configuration exported: %path%
|
|||
|
1083
|
Information
|
System
|
Managed mode enabled
|
|||
|
1084
|
Information
|
System
|
Managed mode disabled
|
|||
|
1085
|
Information
|
System
|
Protection applied to Write Protection List and Approved List while Write
Protection was
enabled
|
|||
|
1086
|
Warning
|
System
|
Protection applied to Write Protection List while Write Protection was
enabled.
|
|||
|
1088
|
Information
|
System
|
Windows Update Support enabled
|
|||
|
1089
|
Information
|
System
|
Windows Update Support disabled
|
|||
|
1094
|
Information
|
System
|
Applied a patch to agent by StellarOne
File applied: %file_name%
|
|||
|
1096
|
Information
|
System
|
Trusted hash enabled
|
|||
|
1097
|
Information
|
System
|
Trusted hash disabled
|
|||
|
1099
|
Information
|
System
|
Storage device access set to Allow
|
|||
|
1100
|
Information
|
System
|
Storage device access set to Block
|
|||
|
1101
|
Information
|
System
|
Storage device control enabled
|
|||
|
1102
|
Warning
|
System
|
Storage device control disabled
|
|||
|
1103
|
Information
|
System
|
Event Log settings changed
|
Windows Event Log: %ON|off%
Level: Warning Log: %ON|off%
Information Log: %ON|off%
System Log: %ON|off%
Exception Path Log: %ON|off%
Write Protection Log: %ON|off%
List Log: %ON|off%
Approved Access Log: DllDriver Log: %ON|off%
Trusted Updater Log: %ON|off%
Exception Path Log: %ON|off%
Trusted Certification Log: %ON|off%
Trusted Hash Log: %ON|off%
Write Protection Log: %ON|off%
Blocked Access Log: %ON|off%
USB Malware Protection Log: %ON|off%
Execution Prevention Log: %ON|off%
Integrity Monitoring Log
File Created Log: %ON|off%
File Modified Log: %ON|off%
File Deleted Log: %ON|off%
File Renamed Log: %ON|off%
RegValue Modified Log: %ON|off%
RegValue Deleted Log: %ON|off%
RegKey Created Log: %ON|off%
RegKey Deleted Log: %ON|off%
RegKey Renamed Log: %ON|off%
Device Control Log: %ON|off%
Debug Log: %ON|off%
|
||
|
1104
|
Warning
|
System
|
Memory Randomization is not available in this version of Windows.
|
|||
|
1105
|
Information
|
System
|
Blocked File Notification enabled
|
|||
|
1106
|
Information
|
System
|
Blocked File Notification disabled
|
|||
|
1107
|
Information
|
System
|
Administrator password changed
remotely
|
|||
|
1108
|
Information
|
System
|
Prescan completed successfully
|
Prescan log: %PATH%
Scanned files: %NUM%
Infected files: %NUM%
Files with resolved threats: %NUM%
|
||
|
1109
|
Warning
|
System
|
Prescan completed successfully; system restart required
|
Prescan log: %PATH%
Scanned files: %NUM%
Infected files: %NUM%
Files with resolved threats: %NUM%
Files with resolved threats after restart: %NUM%
|
||
|
1110
|
Warning
|
System
|
Prescan unsuccessful
|
Prescan log: %PATH%
Scanned files: %NUM%
Infected files: %NUM%
Files with resolved threats: %NUM%
Files with resolved threats after restart: %NUM%
Files with unresolved threats: %NUM%
|
||
|
1111
|
Information
|
System
|
Fileless Attack Prevention enabled
|
|||
|
1112
|
Warning
|
System
|
Fileless Attack Prevention disabled
|
|||
|
1113
|
Warning
|
System
|
Intelligent Runtime Learning enabled
|
|||
|
1114
|
Warning
|
System
|
Intelligent Runtime Learning disabled
|
|||
|
1115
|
Critical
|
System
|
Protection stopped manually via protection stop button or CLI
|
|||
|
1116
|
Critical
|
System
|
Protection resumed
|
%REASON% could be one of the followings:
|
||
|
1500
|
Information
|
List
|
Trusted Update started.
|
|||
|
1501
|
Information
|
List
|
Trusted Update stopped.
|
|||
|
1502
|
Information
|
List
|
Approved List import started: %path%
|
|||
|
1503
|
Information
|
List
|
Approved List import complete: %path%
|
|||
|
1504
|
Information
|
List
|
Approved List exported to: %path%
|
|||
|
1505
|
Information
|
List
|
Added to Approved List: %path%
|
|||
|
1506
|
Information
|
List
|
Added to Trusted Updater List: %path%
|
|||
|
1507
|
Information
|
List
|
Removed from Approved List: %path%
|
|||
|
1508
|
Information
|
List
|
Removed from Trusted Updater List: %path%
|
|||
|
1509
|
Information
|
List
|
Approved List updated: %path%
|
|||
|
1510
|
Information
|
List
|
Trusted Updater List updated: %path%
|
|||
|
1511
|
Warning
|
List
|
Unable to add to or update Approved List: %path%
|
|||
|
1512
|
Warning
|
List
|
Unable to add to or update Trusted Updater List: %path%
|
|||
|
1513
|
Information
|
System
|
Added to Exception Path List
|
Type: %exceptionpathtype%
Path: %exceptionpath%
|
||
|
1514
|
Information
|
System
|
Removed from Exception Path List
|
Type: %exceptionpathtype%
Path: %exceptionpath%
|
||
|
1515
|
Information
|
System
|
Added to Trusted Certification List
|
Label: %label%
Hash: %hashvalue%
Type: %type%
Subject: %subject%
Issuer: %issuer%
|
||
|
1516
|
Information
|
System
|
Removed from Trusted Certification List
|
Label: %label%
Hash: %hashvalue%
Type: %type%
Subject: %subject%
Issuer: %issuer%
|
||
|
1517
|
Information
|
System
|
Added to Trusted Hash List.%n
|
Label : %label%
Hash : %hashvalue%
Type : %type%
Add to Approved List: %yes|no%
Path : %path%
Note: %note%
|
||
|
1518
|
Information
|
System
|
Removed from Trusted Hash List.%n
|
Label : %label%
Hash : %hashvalue%
Type : %type%
Add to Approved List: %yes|no%
Path : %path%
Note: %note%
|
||
|
1519
|
Information
|
List
|
Removed from Approved List remotely: %path%
|
|||
|
1520
|
Warning
|
List
|
Unable to create Approved List because an unexpected error occurred during
enumeration of the files in %1 %n
Error Code: %2 %n
|
|||
|
1521
|
Information
|
System
|
Added Fileless Attack Prevention exception
|
Label : %label%
Target Process: %process_name%
Arguments: %arguments% %regex_flag%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
|
||
|
1522
|
Information
|
System
|
Removed Fileless Attack Prevention exception
|
Label : %label%
Target Process: %process_name%
Arguments: %arguments% %regex_flag%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
|
||
|
1523
|
Information
|
System
|
Maintenance Mode started
|
|||
|
1524
|
Information
|
System
|
Leaving Maintenance Mode
|
|||
|
1525
|
Information
|
System
|
Maintenance Mode stopped
|
|||
|
1526
|
Information
|
List
|
Added to Approved List in Maintenance Mode
Path: %1
Hash: %2
|
|||
|
1527
|
Information
|
List
|
Approved List updated in Maintenance Mode
Path: %1
Hash: %2
|
|||
|
1528
|
Information
|
List
|
Maintenance Mode Summary
|
|||
|
1529
|
Information
|
List
|
Approved List initialization started
|
|||
|
1530
|
Information
|
List
|
Approved List initialization completed
|
|||
|
1531
|
Warning
|
List
|
Approved List initialization canceled
|
|||
|
2000
|
Information
|
Access Approved
|
File access allowed: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
List: %list%
|
||
|
2001
|
Warning
|
Access Approved
|
File access allowed: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
File Hash allowed: %hash%
|
||
|
2002
|
Warning
|
Access Approved
|
File access allowed: %path%
Unable to get the file path while checking the Approved List
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2003
|
Warning
|
Access Approved
|
File access allowed: %path%
Unable to calculate hash while checking the Approved List
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2004
|
Warning
|
Access Approved
|
File access allowed: %path%
Unable to get notifications to monitor process
|
|||
|
2005
|
Warning
|
Access Approved
|
File access allowed: %path%
Unable to add process to non exception list
|
|||
|
2006
|
Information
|
Access Approved
|
File access allowed: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2007
|
Warning
|
Access Approved
|
File access allowed: %path%
An error occurred while checking the Exception Path List
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2008
|
Warning
|
Access Approved
|
File access allowed: %path%
An error occurred while checking the Trusted Certification List
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2011
|
Information
|
Access Approved
|
Registry access allowed
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2012
|
Information
|
Access Approved
|
Registry access allowed
Registry Key: %regkey%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2013
|
Information
|
Access Approved
|
Change of File/Folder allowed by Exception List: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2015
|
Information
|
Access Approved
|
Change of Registry Value allowed by Exception List
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2016
|
Information
|
Access Approved
|
Change of Registry Key allowed by Exception List
Registry Key: %regkey%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2017
|
Warning
|
Access Approved
|
Change of File/Folder allowed: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2019
|
Warning
|
Access Approved
|
Change of Registry Value allowed
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2020
|
Warning
|
Access Approved
|
Change of Registry Key allowed
Registry Key: %regkey%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2021
|
Warning
|
Access Approved
|
File access allowed: %path%
An error occurred while checking the Trusted Hash List
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
| 2022 |
Warning
|
Access Approved
|
Process allowed by Fileless Attack Prevention: %path% %argument%
|
Access User: %username%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
Mode: Unlocked
Reason: %reason%
|
||
|
2500
|
Warning
|
Access Blocked
|
File access blocked
|
|||
|
2503
|
Warning
|
Access Blocked
|
Change of File/Folder blocked: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2505
|
Warning
|
Access Blocked
|
Change of Registry Value blocked.
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2506
|
Warning
|
Access Blocked
|
Change of Registry Key blocked.
Registry Key: %regkey%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2507
|
Information
|
Access Blocked
|
Action completed successfully: %path%
|
Action: %action%
Source: %source%
|
||
|
2508
|
Warning
|
Access Blocked
|
Unable to take specified action: %path%
|
Action: %action%
Source: %source%
|
||
|
2509
|
Warning
|
Access Blocked
|
File access blocked: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
Reason: Not in Approved List
File Hash blocked: %hash%
|
||
|
2510
|
Warning
|
Access Blocked
|
File access blocked: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
Reason: Hash does not match expected value
File Hash blocked: %hash%
|
||
|
2511
|
Information
|
Access Blocked
|
Change of File/Folder blocked: %path%
|
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2512
|
Warning
|
Access Blocked
|
Change of Registry Value blocked.
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access User: %username%
|
||
|
2513
|
Warning
|
Access Blocked
|
Process blocked by Fileless Attack Prevention: %path% %argument%
|
Access User: %username%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
Mode: locked
Reason: %reason%
|
||
|
2514
|
Warning
|
Access Blocked
|
File access blocked: %BLOCKED_FILE_PATH%
|
Access Image Path: %PARENT_PROCESS_PATH%
Access User: %USER_NAME%
Reason: Blocked file is in a folder that has the case sensitive attribute
enabled.
|
||
|
3000
|
Warning
|
USB Malware Protection
|
Device access allowed: %path%
|
Access Image Path: %path%
Access User: %username%
Device Type: %type%
|
||
|
3001
|
Warning
|
USB Malware Protection
|
Device access blocked: %path%
|
Access Image Path: %path%
Access User: %username%
Device Type: %type%
|
||
|
4002
|
Warning
|
Process Protection Event
|
API Hooking allowed: %path%
|
Threat Image Path: %path%
Threat User: %username%
|
||
|
4003
|
Warning
|
Process Protection Event
|
API Hooking blocked: %path%
|
Threat Image Path: %path%
Threat User: %username%
|
||
|
4004
|
Warning
|
Process Protection Event
|
DLL Injection allowed: %path%
|
Threat Image Path: %path%
Threat User: %username%
|
||
|
4005
|
Warning
|
Process Protection Event
|
DLL Injection blocked: %path%
|
Threat Image Path: %path%
Threat User: %username%
|
||
|
4500
|
Information
|
Changes in System
|
File/Folder created: %path%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4501
|
Information
|
Changes in System
|
File modified: %path%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4502
|
Information
|
Changes in System
|
File/Folder deleted: %path%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4503
|
Information
|
Changes in System
|
File/Folder renamed: %path%
New Path: %path%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4504
|
Information
|
Changes in System
|
Registry Value modified.
Registry Key: %regkey%
Registry Value Name: %regvalue%
Registry Value Type: %regvaluetype%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4505
|
Information
|
Changes in System
|
Registry Value deleted.
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4506
|
Information
|
Changes in System
|
Registry Key created.
Registry Key: %regkey%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4507
|
Information
|
Changes in System
|
Registry Key deleted.
Registry Key: %regkey%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4508
|
Information
|
Changes in System
|
Registry Key renamed.
Registry Key: %regkey%
New Registry Key: %regkey%
|
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
5000
|
Warning
|
Device Control
|
Storage device access allowed: %PATH%
|
Access Image path: %PATH%
Access User: %USERNAME%
Device Type: %TYPE% %DEVICEINFO%
|
||
|
5001
|
Warning
|
Device Control
|
Storage device access blocked: %PATH%
|
Access Image path: %PATH%
Access User: %USERNAME%
Device Type: %TYPE% %DEVICEINFO%
|
||
|
5002
|
Information
|
Device Control
|
Trusted USB device connected
|
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
Active User: %STRING%
|
||
|
5003
|
Information
|
Device Control
|
Trusted USB device disconnected
|
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
Active User: %STRING%
|
||
|
5004
|
Warning
|
Device Control
|
Untrusted USB device connected
|
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
Active User: %STRING%
|
||
|
5005
|
Warning
|
Device Control
|
Untrusted USB device disconnected
|
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
Active User: %STRING%
|
||
|
5006
|
Information
|
Device Control
|
USB device added into trusted device list
|
Device Type: %STRING%
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
Type: %STRING%
|
||
|
5007
|
Information
|
Device Control
|
USB device removed from trusted device list
|
Device Type: %STRING%
Vendor ID: %HEX%
Product ID: %HEX%
Serial Number: %STRING%
|
||
|
6000
|
Information
|
System
|
%Result%
|
Update Source: %SERVER%
[Original Version]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
[Updated Version]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6001
|
Warning
|
System
|
Update failed: %ERROR_MSG% (%ERROR_CODE%)
|
Update Source: %SERVER%
[Original Version]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
[Updated Version]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6002
|
Information
|
System
|
Malware scan started: %SCAN_TYPE%
|
Files to scan: %SCAN_FOLDER_TYPE%
Scanned folders: %PATHS%
Excluded paths: %PATHS%
Excluded files: %PATHS%
Excluded extensions: %PATHS%
[Components]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6003
|
Information
|
System
|
Malware scan completed: %SCAN_TYPE%.
Number of infected files: %NUM%
|
Files to scan: %SCAN_FOLDER_TYPE%
Scanned folders: %PATHS%
Excluded paths: %PATHS%
Excluded files: %PATHS%
Excluded extensions: %PATHS%
Start date/time: %DATE_TIME%
End date/time: %DATE_TIME%
Number of scanned files: %NUM%
Number of infected files: %NUM%
Number of cleaned files: %NUM%
Number of files cleaned after reboot: %NUM%
[Components]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6004
|
Warning
|
System
|
Malware scan unsuccessful: %SCAN_TYPE% %ERROR%
|
Files to scan: %SCAN_FOLDER_TYPE%
Scanned folders: %PATHS%
Excluded paths: %PATHS%
Excluded files: %PATHS%
Excluded extensions: %PATHS%
Start date/time: %DATE_TIME%
End date/time: %DATE_TIME%
Number of scanned files: %NUM%
Number of infected files: %NUM%
Number of cleaned files: %NUM%
Number of files cleaned after reboot: %NUM%
[Components]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6005
|
Information
|
System
|
Malware detected: %ACTION%
File path: %PATH%
|
Reboot required: %NEED_REBOOT%
[Scan Result]
Threat type: %TYPE%
Threat name: %NAME%
[Components]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6006
|
Warning
|
System
|
Malware detected.
Unable to perform scan actions: %PATH%
|
First action: %1ST_ACTION%
Second action: %2ND_ACTION%
Threat type: %TYPE%
Threat name: %NAME%
[Components]
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6007
|
Warning
|
Maintenance Mode
|
Malware detected in Maintenance Mode (file quarantine successful): %PATH%
|
Component versions: %VERSION%
Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6008
|
Warning
|
Maintenance Mode
|
Malware detected in Maintenance Mode (file quarantine unsuccessful): %PATH%
|
Component versions: Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
6009
|
Warning
|
Maintenance Mode
|
Malware detected in Maintenance Mode: %PATH%
|
Component versions: Virus Pattern: %VERSION%
Spyware Pattern: %VERSION%
Digital Signature Pattern: %VERSION%
Program Inspection Pattern: %VERSION%
Damage Cleanup Template: %VERSION%
Damage Cleanup Engine Configuration: %VERSION%
Virus Scan Engine: %VERSION%
Damage Cleanup Engine: %VERSION%
Scanner: %VERSION%
|
||
|
8000
|
Information
|
System
|
Real Time Scan is enabled.
|
|||
|
8001
|
Warning
|
System
|
Real Time Scan is disabled.
|
|||
|
8010
|
Warning
|
System
|
Incoming files were scanned by antivirus. Action was taken according to
settings.
|
File Path: %PATH%
File Hash: %HASH%
Threat Type: %TYPE%
Threat Name: %NAME%
Action Result: %INTEGER%
Quarantine Path: %PATH%
|
||
|
8011
|
Warning
|
System
|
Application execution was blocked by antivirus.
|
Process Image Path: %PATH%
File Hash: %HASH%
Threat Type: %TYPE%
Threat Name: %NAME%
|
||
|
8012
|
Information
|
System
|
Incoming file detected malicious and quarantined successfully
|
File Path: %PATH%
File Hash: %STRING%
Threat Type: %STRING%
Threat Name: %STRING%
Quarantine Path: %PATH%
Reboot Required: %NEED_REBOOT%
|
||
|
8013
|
Warning
|
System
|
Failed to quarantine incoming file detected malicious
|
File Path: %PATH%
File Hash: %STRING%
Threat Type: %STRING%
Threat Name: %STRING%
|
||
|
8014
|
Information
|
System
|
Malicious file execution was detected. The infected executable file was
quarantined successfully
|
File Path: %PATH%
File Hash: %STRING%
Threat Type: %STRING%
Threat Name: %STRING%
Quarantine Path: %PATH%
Reboot Required: %NEED_REBOOT%
|
||
|
8015
|
Warning
|
System
|
Malicious file execution detected. Failed to quarantine the infected executable
file
|
File Path: %PATH%
File Hash: %STRING%
Threat Type: %STRING%
Threat Name: %STRING%
|
||
|
8016
|
Warning
|
suspicious_objects
|
Suspicious program execution blocked
|
File Path: %PATH%
File Hash: %STRING%
|
||
|
8500
|
Information
|
System
|
Scheduled component update has been enabled. Next update will be on %TIME%
(agent's local system time).
|
|||
|
8501
|
Information
|
System
|
Scheduled component update has been disabled.
|
|||
|
8601
|
Information
|
anomaly_detect
|
Operations Behavior Anomaly Detection (User Login) enabled
|
Mode: %Mode%
Level: %Level%
Learning time: %LearningTime% day(s)
|
||
|
8602
|
Information
|
anomaly_detect
|
Operations Behavior Anomaly Detection (User Login) disabled
|
|||
|
8603
|
Information
|
anomaly_detect
|
Operations Behavior Anomaly Detection (Application Behavior) enabled
|
Mode: %Mode%
Level: %Level%
Learning time: %LearningTime% day(s)
|
||
|
8604
|
Warning
|
anomaly_detect
|
Operations Behavior Anomaly Detection (Application Behavior) disabled
|
|||
|
8605
|
Information
|
anomaly_detect
|
Operations Behavior Anomaly Detection (Script Behavior) enabled
|
Mode: %Mode%
Level: %Level%
Learning time: %LearningTime% day(s)
|
||
|
8606
|
Warning
|
anomaly_detect
|
Operations Behavior Anomaly Detection (Script Behavior) disabled
|
|||
|
8610
|
warning
|
anomaly_detect
|
An abnormal user login detected by Operations Behavior Anomaly Detection
|
Domain: %Domain%
Account: %Account%
Login Type: %LoginType%
Source IP: %IP%
|
||
|
8611
|
warning
|
anomaly_detect
|
A user login failure detected by Operations Behavior Anomaly Detection
|
Domain: %Domain%
Account: %Account%
Login Type: %LoginType%
Source IP: %IP%
|
||
|
8612
|
warning
|
anomaly_detect
|
An unrecognized application detected by Operations Behavior Anomaly Detection
|
PID: %PID%
Program Path: %Path%
Program Hash: %SHA256%
Program Size: %Size%
Certificate: %CertificateSigner%
Vendor: %VendorName%
Product: %Product%
|
||
|
8613
|
warning
|
anomaly_detect
|
Malicious application behavior detected by Operations Behavior Anomaly
Detection
|
Program Path: %Path%
Program Hash: %SHA256%
Program Size: %Size%
Certificate: %CertificateSigner%
Vendor: %VendorName%
Product: %Product%
|
||
|
8614
|
warning
|
anomaly_detect
|
Suspicious application behavior detected by Operations Behavior Anomaly
Detection
|
Program Path: %Path%
Program Hash: %SHA256%
Program Size: %Size%
Certificate: %CertificateSigner%
Vendor: %VendorName%
Product: %Product%
|
||
|
8615
|
warning
|
anomaly_detect
|
Script Behavior allowed by Operations Behavior Anomaly Detection: %PATH%
%ARGUMENT%
|
Access User: %USERNAME%
Parent Process 1: %PATH% %ARGUMENT%
Parent Process 2: %PATH% %ARGUMENT%
Parent Process 3: %PATH% %ARGUMENT%
Parent Process 4: %PATH% %ARGUMENT%
Mode: %MODE%
Level: %LEVEL%%THROTTLING_INFO_MSG%
|
||
|
8616
|
warning
|
anomaly_detect
|
Script Behavior blocked by Operations Behavior Anomaly Detection: %PATH%
%ARGUMENT%
|
Access User: %USERNAME%
Parent Process 1: %PATH% %ARGUMENT%
Parent Process 2: %PATH% %ARGUMENT%
Parent Process 3: %PATH% %ARGUMENT%
Parent Process 4: %PATH% %ARGUMENT%
Mode: %MODE%
Level: %LEVEL%%THROTTLING_INFO_MSG%
|
||
|
8620
|
Information
|
anomaly_detect
|
Login account added baseline
|
Domain: %Domain%
Account: %Account%
Login Type: %LoginType%
Source IP: %IP%
|
||
|
8621
|
Information
|
anomaly_detect
|
Login account excluded from baseline
|
Domain: %Domain%
Account: %Account%
Login Type: %LoginType%
Source IP: %IP%
|
||
|
8622
|
Information
|
anomaly_detect
|
Application added to baseline
|
Application Path: %Path%
|
||
|
8623
|
Information
|
anomaly_detect
|
Application excluded from baseline
|
Application Path: %Path%
|
||
|
8624
|
Information
|
anomaly_detect
|
Script behavior added to baseline
|
Access User: %USERNAME%
ID:%ID%
Monitored Process / Script: %PATH% %ARGUMENT%
Parent Process 1: %PATH% %ARGUMENT%
Parent Process 2: %PATH% %ARGUMENT%
Parent Process 3: %PATH% %ARGUMENT%
Parent Process 4: %PATH% %ARGUMENT%
|
||
|
8625
|
Information
|
anomaly_detect
|
Script behavior excluded from baseline
|
ID:%ID%
Monitored Process / Script: %PATH% %ARGUMENT%
Parent Process 1: %PATH% %ARGUMENT%
Parent Process 2: %PATH% %ARGUMENT%
Parent Process 3: %PATH% %ARGUMENT%
Parent Process 4: %PATH% %ARGUMENT%
|
