Information about prevention rule triggering

The window showing information about Prevention rule events contains the following details:

• Tree of events.

  Displays the parent events and child events, and the links between them. The root node of the tree of events is the host whose events you are viewing.

  You can select events in the tree of events to view information about these events.

• Prevention rule:
  • Event time—Time when the file startup prevention was triggered.
  • File—Name of the file that was prevented from running.
  • Launch parameters—Parameters that were used for the attempt to run the file.
  • MD5—MD5 hash of the file that was prevented from running.
  • SHA256—SHA256 hash of the file that was prevented from running.
  • Size—Size of the file that was prevented from running.
  • Time created—Creation time of the file that was prevented from running.
  • Time modified—Date of last modification of the file that was prevented from running.
  • Host name—Name of the host on which the file startup prevention was triggered.
  • User name—Name of the user that attempted to run the file.
• Parent process:
  • File—Name of the parent process file.
  • MD5—MD5 hash of the parent process file.
  • SHA256—SHA256 hash of the parent process file.
  • Process ID—Identifier of the parent process.

See also Event information Viewing the table of events Viewing information about an event Information about process startup Information about module loading Information about a remote connection Information about document blocking Information about file creation Information about an event in the Windows log Information about changes in the registry Information about port listening Information about driver loading Information about changing a host name Information about the alert Information about alert processing results

Page top