Windows Event Log Entries Created by Device Control
Learn about the entries created in the Windows Event logs by Device Control actions.
| Code | Message Name | Description |
|---|---|---|
| 1 | MSG_NO_VALID_KEY | SCC was unable to find a valid public key. It is currently using the default public key. |
| 2 | MSG_NO_VALID_KEY_WITH_LIST | SCC was unable to find a valid public key. It is currently using the default public key. For your reference |
| 3 | MSG_KEY_FOUND | SCC found a valid key in directory "%1" and is now using it. |
| 4 | MSG_WINSOCK_START_FAILURE | The Windows socket library could not be started. |
| 5 | MSG_PERMISSION_REMOVE_TIMEOUT | Unable to update permissions. Operation to remove old permissions timed out with error %1 on file "%2". |
| 6 | MSG_PERMISSION_REPLACE_TIMEOUT | Unable to update permissions. Operation to replace old permissions timed out with error %1 on file "%2". |
| 7 | MSG_ACCESS_DENIED | Application Control denied execution of the file "%1". For the full path and other details |
| 8 | MSG_ACCESS_NEARLY_DENIED | Application Control would have denied execution of the file "%1" |
| 9 | SWAVE_FSFILTER_ERROR_CANNOT_USE_SHADOW_DIRECTORY | The shadow directory does not exist or cannot be accessed. The floppy and removable drives will be disabled by the shadow driver. |
| 10 | SWAVE_UNSUPPORTED_CDBURNING | Unsupported CD/DVD burning mode |
| 11 | SWAVE_CDSHADOW_ERROR | Error during the processing CD/DVD shadow images |
| 12 | MSG_NO_VALID_PUBLIC_KEY | SK was unable to find a valid public key. It is currently using a default key. You should |
| 13 | DWAVE_FSFILTER_ERROR_INTERNAL_ERROR | The shadow driver encountered an internal error that prevents normal operation. The drives will be disabled by the shadow driver. |
| 14 | SWAVE_FSFILTER_INFO_MEDIUM_INSERT | Action: Medium inserted%rVolume Name: %1%rSerial Number: %2 Encryption: %3 |
| 15 | SWAVE_CDSHADOW_OVERRIDE | Unsupported CD/DVD burning mode |
| 16 | MSG_DEVICE_ATTACHED | Device "%1" (%2) attached to endpoint by user %3. |
| 17 | MSG_QUOTA_EXCEEDED | File copy quota has been reached. |
| 18 | MSG_READ_DENIED | Device Control denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
| 19 | MSG_WRITE_DENIED | Device Control denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
| 20 | MSG_WLAN_BLOCKED | Device Control device wlan blocked for %1. For the full path and other details |
| 21 | MSG_KEYLOGGER_DETECTED | Device Control detected a keylogger for device "%1" by user %2. |
| 22 | MSG_KEYBOARD_DISABLED | Device Control disabled keyboard "%1". |
| 23 | MSG_MEDIUM_ENCRYPTED | Device "%1" (%2) mounted as volume %4 was encrypted by user %3. |
| 24 | MSG_INVALID_PASSWORD | Invalid password entered for device "%1" (%2) by user %3. |
| 25 | MSG_WRITE_GRANTED | Device Control shadowed file "%1" from a write to device "%2" (%3) by user %4. For the full path and other details |
| 26 | MSG_READ_GRANTED | Device Control shadowed file "%1" from a read of device "%2" (%3) by user %4. For the full path and other details |
| 27 | MSG_DEVICE_DETACHED | Device "%1" (%2) detached from endpoint by user %3. |
| 28 | MSG_READ_AUDIT | Device Control audited a denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
| 29 | MSG_WRITE_AUDIT | Device Control audited a denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
Related Information:
- The Log Explorer Window
- Navigation Control Bar
- Column Headers
- Criteria/Properties Panel
- Results Panel/Custom Report Contents
- Log Explorer Templates
- Select and Edit Templates Dialog
- Template Settings Dialog
- Forcing the Upload of Shadow Files from a Client Upon User Log Off