deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5063 from baardhermansen/patch-13

Browse Source 
Update monitor-application-usage-with-applocker.md
This commit is contained in:
Daniel Simpson 2019-09-27 14:18:47 -07:00 committed by GitHub
commit 96f646d5bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
View File

@ -61,18 +61,23 @@ For both event subscriptions and local events, you can use the **Get-AppLockerFi
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure. Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
>**Note:**  If the AppLocker logs are not on your local device, you will need permission to view the logs. If the output is saved to a file, you will need permission to read that file. > [!NOTE]
> If the AppLocker logs are not on your local device, you will need permission to view the logs. If the output is saved to a file, you will need permission to read that file.
**To review AppLocker events with Get-AppLockerFileInformation** **To review AppLocker events with Get-AppLockerFileInformation**
1. At the command prompt, type **PowerShell**, and then press ENTER. 1. At the command prompt, type **PowerShell**, and then press ENTER.
2. Run the following command to review how many times a file would have been blocked from running if rules were enforced: 2. Run the following command to review how many times a file would have been blocked from running if rules were enforced:
`Get-AppLockerFileInformation EventLog EventType Audited Statistics` ```powershell
Get-AppLockerFileInformation EventLog EventType Audited Statistics
```
3. Run the following command to review how many times a file has been allowed to run or prevented from running: 3. Run the following command to review how many times a file has been allowed to run or prevented from running:
`Get-AppLockerFileInformation EventLog EventType Allowed Statistics` ```powershell
Get-AppLockerFileInformation EventLog EventType Allowed Statistics
```
### <a href="" id="bkmk-applkr-view-log"></a>View the AppLocker Log in Event Viewer ### <a href="" id="bkmk-applkr-view-log"></a>View the AppLocker Log in Event Viewer