From 5312b88e239c44299d2fc82b8f35cab5cad25e2d Mon Sep 17 00:00:00 2001 From: Maurice Daly Date: Wed, 6 Apr 2022 01:15:00 +0100 Subject: [PATCH 1/2] Missing Event ID's 8028 - 8040 Added event id's and descriptions from XML provider. --- .../applocker/using-event-viewer-with-applocker.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index aa10905181..a2ac228302 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -69,6 +69,20 @@ The following table contains information about the events that you can use to de | 8024 | Information| Packaged app installation audited.| Added in Windows Server 2012 and Windows 8.| | 8025 | Warning| Packaged app installation disabled.| Added in Windows Server 2012 and Windows 8.| | 8027 | Warning| No Packaged app rule configured.| Added in Windows Server 2012 and Windows 8.| +| 8028 | Warning | * was allowed to run but would have been prevented if the Config CI policy were enforced.| Added in Windows Server 2016 and Windows 10.| +| 8029 | Error | * was prevented from running due to Config CI policy.| Added in Windows Server 2016 and Windows 10.| +| 8030 | Information | ManagedInstaller check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.| +| 8031 | Information | SmartlockerFilter detected file * being written by process * | Added in Windows Server 2016 and Windows 10.| +| 8032 | Error | ManagedInstaller check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.| +| 8033 | Warning | ManagedInstaller check FAILED during Appid verification of * . Allowed to run due to Audit Applocker Policy. | Added in Windows Server 2016 and Windows 10.| +| 8034 | Information | ManagedInstaller Script check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.| +| 8035 | Error | ManagedInstaller Script check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.| +| 8036 | Error | * was prevented from running due to Config CI policy | Added in Windows Server 2016 and Windows 10.| +| 8037 | Information | * passed Config CI policy and was allowed to run | Added in Windows Server 2016 and Windows 10.| +| 8038 | Information | Publisher info: Subject: * Issuer: * Signature index * (* total) | Added in Windows Server 2016 and Windows 10.| +| 8039 | Warning | * passed Config CI policy and was allowed to run | Added in Windows Server 2016 and Windows 10.| +| 8040 | Error | Package family name * version * was prevented from installing or updating due to Config CI policy | Added in Windows Server 2016 and Windows 10.| + ## Related topics From 29d81ae1ae80616c8ddc3a2f671c94d9f6611a9c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 22 Apr 2022 17:21:06 -0700 Subject: [PATCH 2/2] Update using-event-viewer-with-applocker.md --- .../applocker/using-event-viewer-with-applocker.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index a2ac228302..0274a768dd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 09/21/2017 ms.technology: windows-sec ---