الملحق رقم 6. أحداث التطبيق
يتم تسجيل معلومات حول تشغيل كل مكون من مكونات Kaspersky Endpoint Security، وحالات تشفير البيانات، وإكمال كل مهمة فحص، ومهمة التحديث، ومهمة التحقق من السلامة، والتشغيل الإجمالي للتطبيق في سجل أحداث Kaspersky Security Center وسجل أحداث Windows.
يُنشئ Kaspersky Endpoint Security أحداثًا من الأنواع التالية: أحداث عامة وأحداث محددة. يتم إنشاء أحداث معينة فقط بواسطة Kaspersky Endpoint Security for Windows. وتحتوي الأحداث المحددة على معرّف بسيط، مثل 000000cb
. تحتوي الأحداث المحددة على المعلمات التالية:
GNRL_EA_DESCRIPTION
هو محتوى الحدث.GNRL_EA_ID
هو معرف خدمة الحدث.GNRL_EA_SEVERITY
هو حالة الحدث.1
– رسالة إعلامية ،2
– تحذير ،3
– خلل وظيفي ،4
– حرج .EVENT_TYPE_DISPLAY_NAME
هو عنوان الحدث.TASK_DISPLAY_NAME
هو اسم مكون التطبيق الذي بدأ الحدث.
يمكن إنشاء الأحداث العامة بواسطة Kaspersky Endpoint Security for Windows بالإضافة إلى تطبيقات Kaspersky الأخرى (على سبيل المثال، Kaspersky Security for Windows Server). وتحتوي الأحداث العامة على معرّف أكثر تعقيدًا، مثل GNRL_EV_VIRUS_FOUND
. وبالإضافة إلى الإعدادات المطلوبة، تحتوي الأحداث العامة على إعدادات متقدمة.
أحداث حرجة
End User License Agreement violated
Databases are missing or corrupted
Databases are extremely out of date
Application autorun is disabled
Active threat detected. Advanced Disinfection should be started
Not enough space in Quarantine storage
Object not restored from Quarantine
Object not deleted from Quarantine
The application established a connection to a website with an untrusted certificate
Failed to verify an encrypted connection. The domain is added to the list of exclusions
Malicious object detected (local bases)
Malicious object detected (KSN)
Previously opened dangerous link detected
Application startup prohibited
Prohibited process was started before Kaspersky Endpoint Security startup
Operation with the device prohibited
Error distributing component updates
Cannot start two tasks at the same time
Error verifying application databases and modules
Error in interaction with Kaspersky Security Center
Not all components were updated
Update completed successfully, update distribution failed
Error applying file encryption / decryption rules
File encryption / decryption error
Error disabling portable mode
Error creating encrypted package
Error encrypting / decrypting device
Could not load encryption module
The task for managing Authentication Agent accounts ended with an error
Kaspersky Anti Targeted Attack Platform server unavailable
Object not quarantined (Kaspersky Sandbox)
Invalid Kaspersky Sandbox server certificate
The Kaspersky Sandbox node is unavailable
An error occurred while processing the object in Kaspersky Sandbox
Maximum load to Kaspersky Sandbox is exceeded
Kaspersky Sandbox license verification failed
Object not quarantined (Endpoint Detection and Response)
Process startup is not blocked
Script execution is not blocked
Error changing application components
There are patterns of a possible brute-force attack in the system
There are patterns of a possible Windows Event Log abuse
Atypical actions detected on behalf of a new service installed
Atypical logon that uses explicit credentials detected
There are patterns of a possible Kerberos forged PAC (MS14-068) attack in the system
Suspicious changes detected in the privileged built-in Administrators group
There is an atypical activity detected during a network logon session
Log Inspection rule triggered
Atypical event occurs too often. Event aggregation started
Report on an atypical event for the aggregation period
خلل وظيفي
Invalid task settings. Settings not applied
تحذير
Application crashed during previous session
Automatic updates are disabled
Protection components are disabled
Computer is running in safe mode
Quit and reopen the application to complete updating
The license allows the use of components that have not been installed
Advanced Disinfection started
Advanced Disinfection completed
Cannot restore object from Backup
Suspicious network activity detected
Encrypted connection terminated
Participation in KSN disabled
Processing of some OS functions is disabled
Quarantine storage is almost out of space
Object will be disinfected on restart
Object will be deleted on restart
Object deleted according to settings
The object scan result has been sent to a third-party application
Task settings applied successfully
Warning about undesirable content (local bases)
Warning about undesirable content (KSN)
Undesirable content was accessed after a warning
Temporary access to the device activated
Operation cancelled by the user
User has opted out of the encryption policy
Interrupted applying file encryption / decryption rules
File encryption / decryption interrupted
Device encryption / decryption interrupted
Failed to install or upgrade Kaspersky Disk Encryption drivers in the WinRE image
Module signature check failed
Application startup was blocked
Process was terminated by the Kaspersky Anti Targeted Attack Platform server administrator
The application was terminated by the Kaspersky Anti Targeted Attack Platform server administrator
File or stream was deleted by the Kaspersky Anti Targeted Attack Platform server administrator
File was quarantined on the Kaspersky Anti Targeted Attack Platform server by administrator
Network activity of all third-party applications is blocked
Network activity of all third-party applications is unblocked
Object will be deleted after restart (Kaspersky Sandbox)
Total size of scan tasks exceeded the limit
Object startup allowed, event logged
Process startup allowed, event logged
Object will be deleted after restart (Endpoint Detection and Response)
Termination of network isolation
Restart required to complete the task
Application startup blockage message to administrator
Device access blockage message to administrator
Web page access blockage message to administrator
Application activity blockage message to administrator
Object changes too often. Event aggregation started
Report on object modification for the aggregation period
Monitoring scope includes incorrect objects
رسائل معلوماتية
Self-Defense restricted access to the protected resource
Subscription settings have changed
Subscription has been renewed
Object restored from Quarantine
Object deleted from Quarantine
A backup copy of the object was created
Overwritten by a copy that was disinfected earlier
Password-protected archive detected
Information about detected object
The object is in the Private KSN allowlist
The link is in the Private KSN allowlist
Application placed in the trusted group
Application placed in restricted group
Host Intrusion Prevention was triggered
Application startup prohibited in test mode
Application startup allowed in test mode
A page that is allowed was opened
Operation with the device allowed
Update distribution completed successfully
File rolled back due to update error
Creating the list of files to download
Started applying file encryption / decryption rules
Finished applying file encryption / decryption rules
Resumed applying file encryption / decryption rules
File encryption / decryption started
File encryption / decryption completed
File has not been encrypted because it is an exclusion
Device encryption / decryption started
Device encryption / decryption completed
Device encryption / decryption resumed
Device encryption / decryption process has been switched to active mode
Device encryption / decryption process has been switched to passive mode
New Authentication Agent account created
Authentication Agent account deleted
Authentication Agent account password changed
Successful Authentication Agent login
Failed Authentication Agent login attempt
Hard drive accessed using the procedure of requesting access to encrypted devices
Account was not added. This account already exists
Account was not modified. This account does not exist
Account was not deleted. This account does not exist
FDE upgrade rollback successful
Failed to uninstall Kaspersky Disk Encryption drivers from the WinRE image
BitLocker recovery key was changed
BitLocker password / PIN was changed
BitLocker recovery key was saved to a removable drive
Processing of tasks from the Kaspersky Anti Targeted Attack Platform server is inactive
Endpoint Sensor connected to server
Connection to the Kaspersky Anti Targeted Attack Platform server restored
Tasks from the Kaspersky Anti Targeted Attack Platform server are being processed
Object quarantined (Kaspersky Sandbox)
Object deleted (Kaspersky Sandbox)
Object quarantined (Endpoint Detection and Response)
Object deleted (Endpoint Detection and Response)
Application components successfully changed