Event Type |
Scenario |
Activity |
Hover Text |
Deny Exec (Non-network path) |
EXECUTION_DENIED for a binary |
Application Execution |
Execution of an application not in whitelist |
EXECUTION_DENIED for a script |
Script Execution |
Execution of a script not in whitelist |
EXECUTION_DENIED when Self-Approval pop-up could not be shown and the request was auto approved |
Application Execution at Startup |
Boot Time Execution allowed for a binary not in whitelist |
Deny Write |
WRITE_DENIED for a non-critical process |
Binary Modification |
Whitelisted application modified by a non-trusted agent |
WRITE_DENIED for a critical process and the action is Modify |
Modification of a binary in whitelist |
WRITE_DENIED when Self-Approval pop-up could not be shown and the request was auto approved |
Binary Update at Startup |
Boot Time Update allowed for a binary in whitelist |
Deny Exec (network path) |
EXECUTION_DENIED from network path |
Network Path Execution |
Execution from Network Path |
Package Control Denial |
PKG_MODIFICATION_PREVENTED for MSI-based installers |
Software Installation |
Installation of an application not in whitelist |
ActiveX Denial |
ActiveX Installation is prevented |
ActiveX Installation |
Installation of an ActiveX not in whitelist |
Memory Protection NX/Process hijack |
PROCESS_HIJACKED |
Memory Protection Violation |
CASP Memory protection violation for a binary in whitelist |
NX_VIOLATION_DETECTED |
NX Memory protection violation for a binary in whitelist |
VASR_VIOLATION_DETECTED |
VASR Memory protection violation for a binary in whitelist |
Executable extracting MSI files |
EXECUTION_DENIED for installers |
Software Installation |
Installation of an application not in whitelist |
Executable extracting binary files (exe/dll/driver) and script files |
WRITE_DENIED for binary and script files |
Binary Addition |
New binary generated by a non-trusted agent |
Executable removing files |
Executable removing files |
Software Removal |
Uninstall of software in whitelist |