Event ID 8004 — FilePathBuffer was prevented from running.
Description
FilePathBuffer was prevented from running.
Message #
Fields #
| Name | Description |
|---|---|
PolicyNameLength UInt16 | — |
PolicyNameBuffer UnicodeString | — |
RuleId GUID | — |
RuleNameLength UInt16 | — |
RuleNameBuffer UnicodeString | — |
RuleSddlLength UInt16 | — |
RuleSddlBuffer UnicodeString | — |
TargetUser SID | — |
TargetProcessId UInt32 | — |
FilePathLength UInt16 | — |
FilePathBuffer UnicodeString | — |
FileHashLength UInt16 | — |
FileHash Binary | — |
FqbnLength UInt16 | — |
Fqbn UnicodeString | — |
TargetLogonId HexInt64 | — |
FullFilePathLength UInt16 | — |
FullFilePathBuffer UnicodeString | — |