deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #10523 from michaelAngeloEgypt/patch-7

Browse Source 
implementing #10325
This commit is contained in:
Aaron Czechowski 2022-05-19 16:52:49 -07:00 committed by GitHub
commit c5ef3deddf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
View File

@ -14,12 +14,18 @@ author: jsuther1974
ms.reviewer: jogeurte ms.reviewer: jogeurte
ms.author: dansimp ms.author: dansimp
manager: dansimp manager: dansimp
ms.date: 04/30/2022 ms.date: 05/09/2022
ms.technology: windows-sec ms.technology: windows-sec
--- ---
# Understanding Application Control events # Understanding Application Control events
**Applies to**
- Windows 10
- Windows 11
- Windows Server 2016 and later (limited events)
A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations: A Windows Defender Application Control (WDAC) policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations:
- Events about WDAC policy activation and the control of executables, dlls, and drivers appear in **Applications and Services logs** > **Microsoft** > **Windows** > **CodeIntegrity** > **Operational** - Events about WDAC policy activation and the control of executables, dlls, and drivers appear in **Applications and Services logs** > **Microsoft** > **Windows** > **CodeIntegrity** > **Operational**