From a2746f13d101131c1c0931e9d4de55f0a58e7098 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Tue, 31 May 2016 16:01:40 -0700 Subject: [PATCH] Update event-4656.md --- windows/keep-secure/event-4656.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/event-4656.md b/windows/keep-secure/event-4656.md index 8447c8fd0e..7004eab9b3 100644 --- a/windows/keep-secure/event-4656.md +++ b/windows/keep-secure/event-4656.md @@ -15,7 +15,7 @@ author: Mir0sh - Windows Server 2016 -Event 4656 illustration +Event 4656 illustration ***Subcategories:*** [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), and [Audit Removable Storage](audit-removable-storage.md) @@ -172,7 +172,7 @@ This event shows that access was requested, and the results of the request, but | AppendData (or AddSubdirectory or CreatePipeInstance) | 0x4 | **AppendData -** For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without **FILE\_WRITE\_DATA**.) For a directory object, the right to create a subdirectory (**FILE\_ADD\_SUBDIRECTORY**).
**AddSubdirectory -** For a directory, the right to create a subdirectory.
**CreatePipeInstance -** For a named pipe, the right to create a pipe. | | ReadEA
(For registry objects, this is “Enumerate sub-keys.”) | 0x8 | The right to read extended file attributes. | | WriteEA | 0x10 | The right to write extended file attributes. | -| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. | +| Execute/Traverse | 0x20 | **Execute** - For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter.
**Traverse -** For a directory, the right to traverse the directory. By default, users are assigned the **BYPASS\_TRAVERSE\_CHECKING** [privilege](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379306(v=vs.85).aspx), which ignores the **FILE\_TRAVERSE** [access right](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374902(v=vs.85).aspx). See the remarks in [File Security and Access Rights](https://msdn.microsoft.com/en-us/library/windows/desktop/aa364399(v=vs.85).aspx) for more information. | | DeleteChild | 0x40 | For a directory, the right to delete a directory and all the files it contains, including read-only files. | | ReadAttributes | 0x80 | The right to read file attributes. | | WriteAttributes | 0x100 | The right to write file attributes. |