detection.wiki

Microsoft-Windows-SoftwareRestrictionPolicies

6 events across 1 channel

Event IDTitleChannel
50Access to AttemptedPath is monitored by policy rule SrpRuleGuid.Application
865Access to AttemptedPath has been restricted by your Administrator by the default …Application
866Access to AttemptedPath has been restricted by your Administrator by location …Application
867Access to AttemptedPath has been restricted by your Administrator by software …Application
868Access to AttemptedPath has been restricted by your Administrator by policy rule …Application
882Access to AttemptedPath has been restricted by your Administrator by policy rule …Application

Event ID 50 — Access to AttemptedPath is monitored by policy rule SrpRuleGuid.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application

Description

Access to AttemptedPath is monitored by policy rule SrpRuleGuid.

Message #

Access to %1 is monitored by policy rule %2.

Fields #

NameDescription
AttemptedPath UnicodeString
SrpRuleGuid GUID

Event ID 865 — Access to AttemptedPath has been restricted by your Administrator by the default software restriction policy level.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application
Collection Priority
Recommended (NSA, others)

Description

Access to AttemptedPath has been restricted by your Administrator by the default software restriction policy level.

Message #

Access to %1 has been restricted by your Administrator by the default software restriction policy level.

Fields #

NameDescription
AttemptedPath UnicodeString

Detection Patterns #

Event ID 866 — Access to AttemptedPath has been restricted by your Administrator by location with policy rule SrpRuleGuid placed on path RulePath.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application
Collection Priority
Recommended (NSA, others)

Description

Access to AttemptedPath has been restricted by your Administrator by location with policy rule SrpRuleGuid placed on path RulePath.

Message #

Access to %1 has been restricted by your Administrator by location with policy rule %2 placed on path %3.

Fields #

NameDescription
AttemptedPath UnicodeString
SrpRuleGuid GUID
RulePath UnicodeString

Detection Patterns #

Event ID 867 — Access to AttemptedPath has been restricted by your Administrator by software publisher policy.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application
Collection Priority
Recommended (NSA, others)

Description

Access to AttemptedPath has been restricted by your Administrator by software publisher policy.

Message #

Access to %1 has been restricted by your Administrator by software publisher policy.

Fields #

NameDescription
AttemptedPath UnicodeString

Detection Patterns #

Event ID 868 — Access to AttemptedPath has been restricted by your Administrator by policy rule SrpRuleGuid.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application
Collection Priority
Recommended (NSA, others)

Description

Access to AttemptedPath has been restricted by your Administrator by policy rule SrpRuleGuid.

Message #

Access to %1 has been restricted by your Administrator by policy rule %2.

Fields #

NameDescription
AttemptedPath UnicodeString
SrpRuleGuid GUID

Detection Patterns #

Event ID 882 — Access to AttemptedPath has been restricted by your Administrator by policy rule SrpRuleGuid.

Provider
Microsoft-Windows-SoftwareRestrictionPolicies
Channel
Application
Collection Priority
Recommended (NSA, others)

Description

Access to AttemptedPath has been restricted by your Administrator by policy rule SrpRuleGuid.

Message #

Access to %1 has been restricted by your Administrator by policy rule %2.

Fields #

NameDescription
AttemptedPath UnicodeString
SrpRuleGuid GUID

Detection Patterns #