Windows Event Log Entries Created by Device Control
Learn about the entries created in the Windows Event logs by Device Control actions.
|
Code |
Message Name |
Description |
|---|---|---|
|
1 |
MSG_NO_VALID_KEY |
SCC was unable to find a valid public key. It is currently using the default public key. |
|
2 |
MSG_NO_VALID_KEY_WITH_LIST |
SCC was unable to find a valid public key. It is currently using the default public key. For your reference |
|
3 |
MSG_KEY_FOUND |
SCC found a valid key in directory "%1" and is now using it. |
|
4 |
MSG_WINSOCK_START_FAILURE |
The Windows socket library could not be started. |
|
5 |
MSG_PERMISSION_REMOVE_TIMEOUT |
Unable to update permissions. Operation to remove old permissions timed out with error %1 on file "%2". |
|
6 |
MSG_PERMISSION_REPLACE_TIMEOUT |
Unable to update permissions. Operation to replace old permissions timed out with error %1 on file "%2". |
|
7 |
MSG_ACCESS_DENIED |
Application Control denied execution of the file "%1". For the full path and other details |
|
8 |
MSG_ACCESS_NEARLY_DENIED |
Application Control would have denied execution of the file "%1" |
|
9 |
SWAVE_FSFILTER_ERROR_CANNOT_USE_SHADOW_DIRECTORY |
The shadow directory does not exist or cannot be accessed. The floppy and removable drives will be disabled by the shadow driver. |
|
10 |
SWAVE_UNSUPPORTED_CDBURNING |
Unsupported CD/DVD burning mode |
|
11 |
SWAVE_CDSHADOW_ERROR |
Error during the processing CD/DVD shadow images |
|
12 |
MSG_NO_VALID_PUBLIC_KEY |
SK was unable to find a valid public key. It is currently using a default key. You should |
|
13 |
DWAVE_FSFILTER_ERROR_INTERNAL_ERROR |
The shadow driver encountered an internal error that prevents normal operation. The drives will be disabled by the shadow driver. |
|
14 |
SWAVE_FSFILTER_INFO_MEDIUM_INSERT |
Action: Medium inserted%rVolume Name: %1%rSerial Number: %2 Encryption: %3 |
|
15 |
SWAVE_CDSHADOW_OVERRIDE |
Unsupported CD/DVD burning mode |
|
16 |
MSG_DEVICE_ATTACHED |
Device "%1" (%2) attached to endpoint by user %3. |
|
17 |
MSG_QUOTA_EXCEEDED |
File copy quota has been reached. |
|
18 |
MSG_READ_DENIED |
Device Control denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
|
19 |
MSG_WRITE_DENIED |
Device Control denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
|
20 |
MSG_WLAN_BLOCKED |
Device Control device wlan blocked for %1. For the full path and other details |
|
21 |
MSG_KEYLOGGER_DETECTED |
Device Control detected a keylogger for device "%1" by user %2. |
|
22 |
MSG_KEYBOARD_DISABLED |
Device Control disabled keyboard "%1". |
|
23 |
MSG_MEDIUM_ENCRYPTED |
Device "%1" (%2) mounted as volume %4 was encrypted by user %3. |
|
24 |
MSG_INVALID_PASSWORD |
Invalid password entered for device "%1" (%2) by user %3. |
|
25 |
MSG_WRITE_GRANTED |
Device Control shadowed file "%1" from a write to device "%2" (%3) by user %4. For the full path and other details |
|
26 |
MSG_READ_GRANTED |
Device Control shadowed file "%1" from a read of device "%2" (%3) by user %4. For the full path and other details |
|
27 |
MSG_DEVICE_DETACHED |
Device "%1" (%2) detached from endpoint by user %3. |
|
28 |
MSG_READ_AUDIT |
Device Control audited a denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
|
29 |
MSG_WRITE_AUDIT |
Device Control audited a denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6". |
Related Information:
- The Log Explorer Window
- Navigation Control Bar
- Column Headers
- Criteria/Properties Panel
- Results Panel/Custom Report Contents
- Log Explorer Templates
- Select and Edit Templates Dialog
- Template Settings Dialog
- Forcing the Upload of Shadow Files from a Client Upon User Log Off