Event ID 1131 — ProductName has blocked an operation that your administrator doesn't allow.

Provider: Microsoft-Windows-Windows Defender
Channel: Operational

Description

ProductName has blocked an operation that your administrator doesn't allow.

Message #

%1 has blocked an operation that your administrator doesn't allow.
 For more information please contact your IT administrator.
 	ID: %4
 	State: %5
 	Timestamp: %6
 	Action: %7
 	Process: %8
 	Source: %9
 	Target: %10
 	User: %11
 %Security intelligence Version: %12
 	Engine Version: %13
 	Product Version: %2

Fields #

Name	Description
`ProductName` UnicodeString	—
`ProductVersion` UnicodeString	—
`Unused` UnicodeString	—
`ID` UnicodeString	—
`State` UnicodeString	—
`Timestamp` UnicodeString	—
`Action` UnicodeString	—
`Process` UnicodeString	—
`Source` UnicodeString	—
`Target` UnicodeString	—
`User` UnicodeString	—
`SignatureVersion` UnicodeString	—
`EngineVersion` UnicodeString	—

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/av/Microsoft%20Defender/

Event ID 1131 — ProductName has blocked an operation that your administrator doesn't allow.

Description

Message #

Fields #

Related Events #

References #