Microsoft-Windows-SoftwareRestrictionPolicies
6 events across 1 channel
Event ID 50 — Access to %1 is monitored by policy rule %2.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
SrpRuleGuid | — |
Event ID 865 — Access to %1 has been restricted by your Administrator by the default software restriction policy level.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
Sigma Rules
- Restricted Software Access By SRP
Detects restricted access to applications by the Software Restriction Policies (SRP) policy
Event ID 866 — Access to %1 has been restricted by your Administrator by location with policy rule %2 placed on path %3.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
SrpRuleGuid | — |
RulePath | — |
Sigma Rules
- Restricted Software Access By SRP
Detects restricted access to applications by the Software Restriction Policies (SRP) policy
Event ID 867 — Access to %1 has been restricted by your Administrator by software publisher policy.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
Sigma Rules
- Restricted Software Access By SRP
Detects restricted access to applications by the Software Restriction Policies (SRP) policy
Event ID 868 — Access to %1 has been restricted by your Administrator by policy rule %2.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
SrpRuleGuid | — |
Sigma Rules
- Restricted Software Access By SRP
Detects restricted access to applications by the Software Restriction Policies (SRP) policy
Event ID 882 — Access to %1 has been restricted by your Administrator by policy rule %2.
Message
Fields
| Name | Description |
|---|---|
AttemptedPath | — |
SrpRuleGuid | — |
Sigma Rules
- Restricted Software Access By SRP
Detects restricted access to applications by the Software Restriction Policies (SRP) policy