Windows Event Log Entries Created by Device Control

Learn about the entries created in the Windows Event logs by Device Control actions.

Code

Message Name

Description

1

MSG_NO_VALID_KEY

SCC was unable to find a valid public key. It is currently using the default public key.

2

MSG_NO_VALID_KEY_WITH_LIST

SCC was unable to find a valid public key. It is currently using the default public key. For your reference

3

MSG_KEY_FOUND

SCC found a valid key in directory "%1" and is now using it.

4

MSG_WINSOCK_START_FAILURE

The Windows socket library could not be started.

5

MSG_PERMISSION_REMOVE_TIMEOUT

Unable to update permissions. Operation to remove old permissions timed out with error %1 on file "%2".

6

MSG_PERMISSION_REPLACE_TIMEOUT

Unable to update permissions. Operation to replace old permissions timed out with error %1 on file "%2".

7

MSG_ACCESS_DENIED

Application Control denied execution of the file "%1". For the full path and other details

8

MSG_ACCESS_NEARLY_DENIED

Application Control would have denied execution of the file "%1"

9

SWAVE_FSFILTER_ERROR_CANNOT_USE_SHADOW_DIRECTORY

The shadow directory does not exist or cannot be accessed. The floppy and removable drives will be disabled by the shadow driver.

10

SWAVE_UNSUPPORTED_CDBURNING

Unsupported CD/DVD burning mode

11

SWAVE_CDSHADOW_ERROR

Error during the processing CD/DVD shadow images

12

MSG_NO_VALID_PUBLIC_KEY

SK was unable to find a valid public key. It is currently using a default key. You should

13

DWAVE_FSFILTER_ERROR_INTERNAL_ERROR

The shadow driver encountered an internal error that prevents normal operation. The drives will be disabled by the shadow driver.

14

SWAVE_FSFILTER_INFO_MEDIUM_INSERT

Action: Medium inserted%rVolume Name: %1%rSerial Number: %2 Encryption: %3

15

SWAVE_CDSHADOW_OVERRIDE

Unsupported CD/DVD burning mode

16

MSG_DEVICE_ATTACHED

Device "%1" (%2) attached to endpoint by user %3.

17

MSG_QUOTA_EXCEEDED

File copy quota has been reached.

18

MSG_READ_DENIED

Device Control denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6".

19

MSG_WRITE_DENIED

Device Control denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6".

20

MSG_WLAN_BLOCKED

Device Control device wlan blocked for %1. For the full path and other details

21

MSG_KEYLOGGER_DETECTED

Device Control detected a keylogger for device "%1" by user %2.

22

MSG_KEYBOARD_DISABLED

Device Control disabled keyboard "%1".

23

MSG_MEDIUM_ENCRYPTED

Device "%1" (%2) mounted as volume %4 was encrypted by user %3.

24

MSG_INVALID_PASSWORD

Invalid password entered for device "%1" (%2) by user %3.

25

MSG_WRITE_GRANTED

Device Control shadowed file "%1" from a write to device "%2" (%3) by user %4. For the full path and other details

26

MSG_READ_GRANTED

Device Control shadowed file "%1" from a read of device "%2" (%3) by user %4. For the full path and other details

27

MSG_DEVICE_DETACHED

Device "%1" (%2) detached from endpoint by user %3.

28

MSG_READ_AUDIT

Device Control audited a denied read access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6".

29

MSG_WRITE_AUDIT

Device Control audited a denied write access for device "%1" (%2) accessing path "%3" by user %4 for reason %5 by process "%6".

Related Information:

Related Tasks: