deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update monitor-application-usage-with-applocker.md

Browse Source 
Updated markdown. 
Put PowerShell code inside code snippet instead of quote.
This commit is contained in:
Baard Hermansen
2019-09-27 20:27:11 +02:00
committed by GitHub
parent 46f0a0ae4d
commit 852e14ed5b
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
View File

@ -61,18 +61,23 @@ For both event subscriptions and local events, you can use the **Get-AppLockerFi
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
>**Note:**  If the AppLocker logs are not on your local device, you will need permission to view the logs. If the output is saved to a file, you will need permission to read that file. > [!NOTE]
> If the AppLocker logs are not on your local device, you will need permission to view the logs. If the output is saved to a file, you will need permission to read that file.
**To review AppLocker events with Get-AppLockerFileInformation** **To review AppLocker events with Get-AppLockerFileInformation**
1. At the command prompt, type **PowerShell**, and then press ENTER. 1. At the command prompt, type **PowerShell**, and then press ENTER.
2. Run the following command to review how many times a file would have been blocked from running if rules were enforced: 2. Run the following command to review how many times a file would have been blocked from running if rules were enforced:
`Get-AppLockerFileInformation EventLog EventType Audited Statistics` ```powershell
Get-AppLockerFileInformation EventLog EventType Audited Statistics
```
3. Run the following command to review how many times a file has been allowed to run or prevented from running: 3. Run the following command to review how many times a file has been allowed to run or prevented from running:
`Get-AppLockerFileInformation EventLog EventType Allowed Statistics` ```powershell
Get-AppLockerFileInformation EventLog EventType Allowed Statistics
```
### <a href="" id="bkmk-applkr-view-log"></a>View the AppLocker Log in Event Viewer ### <a href="" id="bkmk-applkr-view-log"></a>View the AppLocker Log in Event Viewer