Application Control events

For general best practices related to events, see Events in Workload Security.

To see the Application Control events captured by Workload Security, go to Events & Reports > Events > Application Control Events > Security Events.

What information is displayed for Application Control events?

These columns can be displayed on the Application Control Events page. You can click Columns to select which columns are displayed in the table.

  • Time: Time the event took place on the computer.
  • Computer: The computer on which this event was logged. (If the computer has been removed, this entry will read "Unknown Computer".)
  • Event: The name of the event.
  • Rules: View event details and change the rule from Allow to Block or vice versa.
  • Ruleset: Ruleset that's associated with the event.
  • Action: The action that caused the event to be triggered.
  • Reason: The reason the event was triggered.
  • Repeat count: The number of events that are aggregated.
  • Tag(s): Event tags associated with this event.
  • Path: Path to the affected file.
  • File: File affected by the event.
  • User Name: User that's responsible for executing the unrecognized software.
  • Event Origin: The Workload Security component from which the event originated.
  • MD5: MD5 hash.
  • SHA1: SHA-1 hash.
  • SHA256: SHA-256 hash.
  • Group: The name of the group.
  • Group ID: The ID of the group.
  • User ID: User ID of the file owner.
  • Process ID: ID of process that ran the execution.
  • Process Name: Process that ran the execution.

List of all Application Control events

For system events related to Application Control, see System events.

Events
Execution of Unrecognized Software Allowed
Execution of Unrecognized Software Blocked
Execution of Software Blocked by Rule