deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Acrolinx score fix

Browse Source
This commit is contained in:
Alekhya Jupudi
2022-06-09 12:50:01 +05:30
parent 426955319f
commit 76f955e6fb
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
View File

@ -20,7 +20,7 @@ ms.technology: windows-sec
# Understanding Application Control event tags
Windows Defender Application Control (WDAC) events include a number of fields which provide helpful troubleshooting information to figure out exactly what an event means. Below, we have documented the values and meanings for a few useful event tags.
Windows Defender Application Control (WDAC) events include many fields, which provide helpful troubleshooting information to figure out exactly what an event means. Below, we've documented the values and meanings for a few useful event tags.
## SignatureType
@ -28,12 +28,12 @@ Represents the type of signature which verified the image.
| SignatureType Value | Explanation |
|---|----------|
| 0 | Unsigned or verification has not been attempted |
| 0 | Unsigned or verification hasn't been attempted |
| 1 | Embedded signature |
| 2 | Cached signature; presence of CI EA shows that file had been previously verified |
| 3 | Cached catalog verified via Catalog Database or searching catalog directly |
| 4 | Un-cached catalog verified via Catalog Database or searching catalog directly |
| 5 | Successfully verified using an EA that informs CI which catalog to try first |
| 4 | Uncached catalog verified via Catalog Database or searching catalog directly |
| 5 | Successfully verified using an EA that informs CI that catalog to try first |
| 6 | AppX / MSIX package catalog verified |
| 7 | File was verified |
@ -43,7 +43,7 @@ Represents the signature level at which the code was verified.
| ValidatedSigningLevel Value | Explanation |
|---|----------|
| 0 | Signing level has not yet been checked |
| 0 | Signing level hasn't yet been checked |
| 1 | File is unsigned |
| 2 | Trusted by Windows Defender Application Control policy |
| 3 | Developer signed code |
@ -65,10 +65,10 @@ Represents why verification failed, or if it succeeded.
| 0 | Successfully verified signature |
| 1 | File has an invalid hash |
| 2 | File contains shared writable sections |
| 3 | File is not signed|
| 3 | File isn't signed|
| 4 | Revoked signature |
| 5 | Expired signature |
| 6 | File is signed using a weak hashing algorithm which does not meet the minimum policy |
| 6 | File is signed using a weak hashing algorithm, which doesn't meet the minimum policy |
| 7 | Invalid root certificate |
| 8 | Signature was unable to be validated; generic error |
| 9 | Signing time not trusted |