Event 1134: ProductName has audited an operation. — Microsoft-Windows-Windows Defender

Description

ProductName has audited an operation.

Message #

%1 has audited an operation.
For more information please contact your IT administrator.
	Policy Version: %4
	Policy Rule ID: %5
	Enforcement Level: %6
	Audit Reason: %7
	Timestamp: %8
	Action Type: %9
	Process: %10
	Source: %11
	Target: %12
	Session ID: %13
	User SID: %14
%Security intelligence Version: %15
	Engine Version: %16
	Product Version: %2

Fields #

Name	Description
`ProductName` UnicodeString	—
`ProductVersion` UnicodeString	—
`Unused` UnicodeString	—
`PolicyVersion` UnicodeString	—
`PolicyRuleId` UnicodeString	—
`EnforcementLevel` UnicodeString	—
`AuditReason` UnicodeString	—
`EventTimestamp` UnicodeString	—
`ActionType` UnicodeString	—
`Process` UnicodeString	—
`Source` UnicodeString	—
`Target` UnicodeString	—
`SessionId` UnicodeString	—
`UserSid` UnicodeString	—
`SignatureVersion` UnicodeString	—
`EngineVersion` UnicodeString	—

Related Events #

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/av/Microsoft%20Defender/

Event ID 1134 — ProductName has audited an operation.

Description

Message #

Fields #

References #

Keyboard Shortcuts