C Application Control event list - Product Guide. McAfee Application Control 6.1.0

Application Control specific events with the name, event ID, severity, and the description are described in this table.

Application Control Event ID

Event name Severity Description

19 PROCESS_TERMINATED Major Application Control prevented

an attempt to hijack the process <string> (Process Id:

<string>, User: <string>), by illegally calling the API

'<string>'. The process was terminated.

20 WRITE_DENIED Major Application Control prevented

an attempt to modify file '<string>' by process

<string> (Process Id:

<string>, User: <string>).

21 EXECUTION_DENIED Major Application Control prevented

unauthorized execution of '<string>' by process

<string> (Process Id:

<string>, User: <string>).

29 PROCESS_TERMINATED_UNAUTH_SYSCALL Major Application Control prevented process <string>, being run by <string>, from making unauthorized syscall %d (return address %d). The process was terminated.

30 PROCESS_TERMINATED_UNAUTH_API Major Application Control prevented process <string>, being run

49 REG_VALUE_WRITE_DENIED Major Application Control prevented

an attempt to modify Registry key '<string>' with value '<string>' by process

<string> (Process Id:

<string>, User: <string>).

50 REG_KEY_WRITE_DENIED Major Application Control prevented

an attempt to modify Registry key '<string>' by process

<string> (Process Id:

<string>, User: <string>)

Application Control Event ID

Event name Severity Description

51 REG_KEY_CREATED_UPDATE Info Application Control detected

creation of registry key '<string>' by program

<string> (User: <string>, Workflow Id: <string>).

52 REG_KEY_DELETED_UPDATE Info Application Control detected

deletion of registry key '<string>' by program

<string> (User: <string>, Workflow Id: <string>).

54 REG_VALUE_DELETED_UPDATE Info Application Control detected

deletion of registry value '<string>' under key '<string>' by program

<string> (User: <string>, Workflow Id: <string>).

57 OWNER_MODIFIED_UPDATE Info Application Control detected

modification to OWNER of '<string>' by program

<string> (User: <string>, Workflow Id: <string>).

61 PROCESS_HIJACKED Major Application Control detected

an attempt to exploit process

<string> from address

<string>.

62 INVENTORY_CORRUPT Critical Application Control detected

that its internal inventory for the volume <string> is corrupt. To rectify, delete the inventory and solidify the volume again.

75 FILE_CREATED_UPDATE Info Application Control detected

creation of '<string>' by program <string> (User:

<string>, Original User:

<string>, Workflow Id:

<string>).

76 FILE_DELETED_UPDATE Info Application Control detected

deletion of '<string>' by program <string> (User:

<string>, Original User:

<string>, Workflow Id:

<string>).

77 FILE_MODIFIED_UPDATE Info Application Control detected

modification of '<string>' by program <string> (User:

<string>, Original User:

<string>, Workflow Id:

<string>)

79 FILE_RENAMED_UPDATE Info Application Control detected

renaming of '<string>' to '<string>' by program

<string> (User: <string>, Original User: <string>, Workflow Id: <string>).

Application Control Event ID

Event name Severity Description

80 FILE_SOLIDIFIED Info <string>' was solidified which

was created by program

<string>(User: <string>, Workflow Id: <string>).

82 FILE_UNSOLIDIFIED Info <string>' was unsolidified

which was deleted by program

<string>(User: <string>, Workflow Id: <string>).

89 READ_DENIED Major Application Control prevented

an attempt to read file '<string>' by process

<string> (Process Id:

<string>, User: <string>).

96 PKG_MODIFICATION_PREVENTED Critical Application Control prevented package modification by '<string>' by user: '<string>'.

97 PKG_MODIFICATION_ALLOWED_UPDATE Info Application Control allowed package modification by '<string>' by user: '<string>'.

(Workflow Id: <string>) 98 PKG_MODIFICATION_PREVENTED_2 Critical Application Control prevented

package modification by '<string>' by user: '<string>'.

99 NX_VIOLATION_DETECTED Critical Application Control prevented

an attempt to hijack the process '<string>' (Process Id: '<string>', User:

'<string>'), by executing code from an address outside of code pages region. Faulting address '<string>'. The process was terminated.

101 REG_VALUE_MODIFIED_UPDATE Info Application Control detected modification to registry value

103 FILE_READ_UPDATE Info Application Control detected

read for '<string>' by program <string> (User:

<string>, Original User:

<string>, Workflow Id:

<string>)

124 INITIAL_SCAN_TASK_COMPLETED Info Application Control Initial Scan task is complete and

Application Control is enforced on the system now.

126 ACTX_ALLOW_INSTALL Info Application Control allowed

installation of ActiveX

<string> Workflow Id:

Application Control event list

C

Application Control Event ID

Event name Severity Description

127 ACTX_INSTALL_PREVENTED Major Application Control prevented

installation of ActiveX

<string> Workflow Id:

129 VASR_VIOLATION_DETECTED Critical Application Control prevented an attempt to hijack the process '<string>' (Process Id: '<string>', User:

'<string>'), by executing code from non‑relocatable dll '<string>'. Faulting address '<string>'. Target address '<string>'

Index

about this guide 7

conventions and icons used in this guide 7

documentation

audience for this guide 7 product-specific, finding 8

typographical conventions and icons 7

McAfee ServicePortal, accessing 8

ServicePortal, finding product documentation 8

Technical Support, finding product information 8

In document Product Guide. McAfee Application Control 6.1.0 (Page 107-112)