|
|
|
|
|
 |
TipSafe Lock event logging can be customized by doing the following:
|
|
Event Id
|
Task Category
|
Level
|
Log Description
|
||
|---|---|---|---|---|---|
|
1000
|
System
|
Information
|
Service started.
|
||
|
1001
|
System
|
Warning
|
Service stopped.
|
||
|
1002
|
System
|
Information
|
Application Lockdown Turned On.
|
||
|
1003
|
System
|
Warning
|
Application Lockdown Turned Off.
|
||
|
1004
|
System
|
Information
|
Disabled.
|
||
|
1005
|
System
|
Information
|
Administrator password changed.
|
||
|
1006
|
System
|
Information
|
Restricted User password changed.
|
||
|
1007
|
System
|
Information
|
Restricted User account enabled.
|
||
|
1008
|
System
|
Information
|
Restricted User account disabled.
|
||
|
1009
|
System
|
Information
|
Product activated.
|
||
|
1010
|
System
|
Information
|
Product deactivated.
|
||
|
1011
|
System
|
Warning
|
License Expired. Grace period enabled.
|
||
|
1012
|
System
|
Warning
|
License Expired. Grace period ended.
|
||
|
1013
|
System
|
Information
|
Product configuration import started: %path%
|
||
|
1014
|
System
|
Information
|
Product configuration import complete: %path%
|
||
|
1015
|
System
|
Information
|
Product configuration exported to: %path%
|
||
|
1016
|
System
|
Information
|
USB Malware Protection set to Allow.
|
||
|
1017
|
System
|
Information
|
USB Malware Protection set to Block.
|
||
|
1018
|
System
|
Information
|
USB Malware Protection enabled.
|
||
|
1019
|
System
|
Warning
|
USB Malware Protection disabled.
|
||
|
1020
|
System
|
Information
|
Network Virus Protection set to Allow.
|
||
|
1021
|
System
|
Information
|
Network Virus Protection set to Block.
|
||
|
1022
|
System
|
Information
|
Network Virus Protection enabled.
|
||
|
1023
|
System
|
Warning
|
Network Virus Protection disabled.
|
||
|
1025
|
System
|
Information
|
Memory Randomization enabled.
|
||
|
1026
|
System
|
Warning
|
Memory Randomization disabled.
|
||
|
1027
|
System
|
Information
|
API Hooking Prevention set to Allow.
|
||
|
1028
|
System
|
Information
|
API Hooking Prevention set to Block.
|
||
|
1029
|
System
|
Information
|
API Hooking Prevention enabled.
|
||
|
1030
|
System
|
Warning
|
API Hooking Prevention disabled.
|
||
|
1031
|
System
|
Information
|
DLL Injection Prevention set to Allow.
|
||
|
1032
|
System
|
Information
|
DLL Injection Prevention set to Block.
|
||
|
1033
|
System
|
Information
|
DLL Injection Prevention enabled.
|
||
|
1034
|
System
|
Warning
|
DLL Injection Prevention disabled.
|
||
|
1035
|
System
|
Information
|
Pre-defined Trusted Update enabled.
|
||
|
1036
|
System
|
Information
|
Pre-defined Trusted Update disabled.
|
||
|
1037
|
System
|
Information
|
DLL/Driver Lockdown enabled.
|
||
|
1038
|
System
|
Warning
|
DLL/Driver Lockdown disabled.
|
||
|
1039
|
System
|
Information
|
Script Lockdown enabled.
|
||
|
1040
|
System
|
Warning
|
Script Lockdown disabled.
|
||
|
1041
|
System
|
Information
|
Script added.
[Details]
File extension: %extension%
Interpreter: %interpreter%
|
||
|
1042
|
System
|
Information
|
Script removed.
[Details]
File extension: %extension%
Interpreter: %interpreter%
|
||
|
1044
|
System
|
Information
|
Exception path enabled.
|
||
|
1045
|
System
|
Information
|
Exception path disabled.
|
||
|
1047
|
System
|
Information
|
Trusted certification enabled.
|
||
|
1048
|
System
|
Information
|
Trusted certification disabled.
|
||
|
1049
|
System
|
Information
|
Write Protection enabled.
|
||
|
1050
|
System
|
Warning
|
Write Protection disabled.
|
||
|
1051
|
System
|
Information
|
Write Protection set to Allow.
|
||
|
1052
|
System
|
Information
|
Write Protection set to Block.
|
||
|
1055
|
System
|
Information
|
Added file to Write Protection List.
Path: %path%
|
||
|
1056
|
System
|
Information
|
Removed file from Write Protection List.
Path: %path%
|
||
|
1057
|
System
|
Information
|
Added file to Write Protection Exception List.
Path: %path%
Process: %process%
|
||
|
1058
|
System
|
Information
|
Removed file from Write Protection Exception List.
Path: %path%
Process: %process%
|
||
|
1059
|
System
|
Information
|
Added folder to Write Protection List.
Path: %path%
Scope: %scope%
|
||
|
1060
|
System
|
Information
|
Removed folder from Write Protection List.
Path: %path%
Scope: %scope%
|
||
|
1061
|
System
|
Information
|
Added folder to Write Protection Exception List.
Path: %path%
Scope: %scope%
Process: %process%
|
||
|
1062
|
System
|
Information
|
Removed folder from Write Protection Exception List.
Path: %path%
Scope: %scope%
Process: %process%
|
||
|
1063
|
System
|
Information
|
Added registry value to Write Protection List.
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
||
|
1064
|
System
|
Information
|
Removed registry value from Write Protection List.
Registry Key: %regkey%
Registry Value Name: %regvalue%
|
||
|
1065
|
System
|
Information
|
Added registry value to Write Protection Exception List.
Registry Key: %regkey%
Registry Value Name: %regvalue%
Process: %process%
|
||
|
1066
|
System
|
Information
|
Removed registry value from Write Protection Exception List.
Registry Key: %regkey%
Registry Value Name: %regvalue%
Process: %process%
|
||
|
1067
|
System
|
Information
|
Added registry key to Write Protection List.
Path: %regkey%
Scope: %scope%
|
||
|
1068
|
System
|
Information
|
Removed registry key from Write Protection List.
Path: %regkey%
Scope: %scope%
|
||
|
1069
|
System
|
Information
|
Added registry key to Write Protection Exception List.
Path: %regkey%
Scope: %scope%
Process: %process%
|
||
|
1070
|
System
|
Information
|
Removed registry key from Write Protection Exception List.
Path: %regkey%
Scope: %scope%
Process: %process%
|
||
|
1071
|
System
|
Information
|
Custom Action set to Ignore.
|
||
|
1072
|
System
|
Information
|
Custom Action set to Quarantine.
|
||
|
1073
|
System
|
Information
|
Custom Action set to Ask Intelligent Manager
|
||
|
1074
|
System
|
Information
|
Quarantined file is restored.
[Details]
Original Location: %path%
Source: %source%
|
||
|
1075
|
System
|
Information
|
Quarantined file is deleted.
[Details]
Original Location: %path%
Source: %source%
|
||
|
1076
|
System
|
Information
|
Integrity Monitoring enabled.
|
||
|
1077
|
System
|
Information
|
Integrity Monitoring disabled.
|
||
|
1078
|
System
|
Information
|
Root cause analysis report unsuccessful.
[Details]
Access Image Path: %path%
|
||
|
1079
|
System
|
Information
|
Server certification imported: %path%
|
||
|
1080
|
System
|
Information
|
Server certification exported to: %path%
|
||
|
1081
|
System
|
Information
|
Managed mode configuration imported: %path%
|
||
|
1082
|
System
|
Information
|
Managed mode configuration exported to: %path%
|
||
|
1083
|
System
|
Information
|
Managed mode enabled.
|
||
|
1084
|
System
|
Information
|
Managed mode disabled.
|
||
|
1085
|
System
|
Information
|
Protection applied to Write Protection List and Approved List while Write Protection
is enabled
|
||
|
1086
|
System
|
Warning
|
Protection applied to Write Protection List while Write Protection is enabled.
|
||
|
1088
|
System
|
Information
|
Windows Update Support enabled.
|
||
|
1089
|
System
|
Information
|
Windows Update Support disabled.
|
||
|
1094
|
System
|
Information
|
Trend Micro Safe Lock updated.
File applied: %file_name%
|
||
|
1096
|
System
|
Information
|
Trusted Hash List enabled.
|
||
|
1097
|
System
|
Information
|
Trusted Hash List disabled.
|
||
|
1099
|
System
|
Information
|
Storage device access set to Allow
|
||
|
1100
|
System
|
Information
|
Storage device access set to Block
|
||
|
1101
|
System
|
Information
|
Storage device control enabled
|
||
|
1102
|
System
|
Warning
|
Storage device control disabled
|
||
|
1103
|
System
|
Information
|
Event Log settings changed.
[Details]
Windows Event Log: %ON|off%
Level:
Warning Log: %ON|off%
Information Log: %ON|off%
System Log: %ON|off%
Exception Path Log: %ON|off%
Write Protection Log: %ON|off%
List Log: %ON|off%
Approved Access Log:
DllDriver Log: %ON|off%
Trusted Updater Log: %ON|off%
Exception Path Log: %ON|off%
Trusted Certification Log: %ON|off%
Trusted Hash Log: %ON|off%
Write Protection Log: %ON|off%
Blocked Access Log: %ON|off%
USB Malware Protection Log: %ON|off%
Execution Prevention Log: %ON|off%
Network Virus Protection Log: %ON|off%
|
||
|
Integrity Monitoring Log
File Created Log: %ON|off%
File Modified Log: %ON|off%
File Deleted Log: %ON|off%
File Renamed Log: %ON|off%
RegValue Modified Log: %ON|off%
RegValue Deleted Log: %ON|off%
RegKey Created Log: %ON|off%
RegKey Deleted Log: %ON|off%
RegKey Renamed Log: %ON|off%
Device Control Log: %ON|off%
Debug Log: %ON|off%
|
|||||
|
1104
|
System
|
Warning
|
Memory Randomization is not available in this version of Windows.
|
||
|
1105
|
System
|
Information
|
Blocked File Notification enabled.
|
||
|
1106
|
System
|
Information
|
Blocked File Notification disabled.
|
||
|
1107
|
System
|
Information
|
Administrator password changed remotely.
|
||
|
1111
|
System
|
Information
|
Fileless Attack Prevention enabled.
|
||
|
1112
|
System
|
Warning
|
Fileless Attack Prevention disabled.
|
||
|
1500
|
List
|
Information
|
Trusted Update started.
|
||
|
1501
|
List
|
Information
|
Trusted Update stopped.
|
||
|
1502
|
List
|
Information
|
Approved List import started: %path%
|
||
|
1503
|
List
|
Information
|
Approved List import complete: %path%
|
||
|
1504
|
List
|
Information
|
Approved List exported to: %path%
|
||
|
1505
|
List
|
Information
|
Added to Approved List: %path%
|
||
|
1506
|
List
|
Information
|
Added to Trusted Updater List: %path%
|
||
|
1507
|
List
|
Information
|
Removed from Approved List: %path%
|
||
|
1508
|
List
|
Information
|
Removed from Trusted Updater List: %path%
|
||
|
1509
|
List
|
Information
|
Approved List updated: %path%
|
||
|
1510
|
List
|
Information
|
Trusted Updater List updated: %path%
|
||
|
1511
|
List
|
Warning
|
Unable to add to or update Approved List: %path%
|
||
|
1512
|
List
|
Warning
|
Unable to add to or update Trusted Updater List: %path%
|
||
|
1513
|
System
|
Information
|
Added to Exception Path List.
[Details]
Type: %exceptionpathtype%
Path: %exceptionpath%
|
||
|
1514
|
System
|
Information
|
Removed from Exception Path List.
[Details]
Type: %exceptionpathtype%
Path: %exceptionpath%
|
||
|
1515
|
System
|
Information
|
Added to Trusted Certification List.
[Details]
Label: %label%
Hash: %hashvalue%
Type: %type%
Subject: %subject%
Issuer: %issuer%
|
||
|
1516
|
System
|
Information
|
Removed from Trusted Certification List.
[Details]
Label: %label%
Hash: %hashvalue%
Type: %type%
Subject: %subject%
Issuer: %issuer%
|
||
|
1517
|
System
|
Information
|
Added to the Trusted Hash List.%n
[Details]
Label : %label%
Hash : %hashvalue%
Type : %type%
Add to Approved List: %yes|no%
Path : %path%
Note: %note%
|
||
|
1518
|
System
|
Information
|
Removed from the Trusted Hash List.%n
[Details]
Label : %label%
Hash : %hashvalue%
Type : %type%
Add to Approved List: %yes|no%
Path : %path%
Note: %note%
|
||
|
1519
|
List
|
Information
|
Removed from Approved List remotely: %path%
|
||
|
1520
|
List
|
Warning
|
Unable to create Approved List because an unexpected
error occurred during enumeration of the files in %1 %n
Error Code: %2 %n
|
||
|
1521
|
System
|
Information
|
Added Fileless Attack Prevention exception.
[Details]
Label : %label%
Target Process: %process_name%
Arguments: %arguments% %regex_flag%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
|
||
|
1522
|
System
|
Information
|
Removed Fileless Attack Prevention exception.
[Details]
Label : %label%
Target Process: %process_name%
Arguments: %arguments% %regex_flag%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
|
||
|
2000
|
Access Approved
|
Information
|
File access allowed: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
List: %list%
|
||
|
2001
|
Access Approved
|
Warning
|
File access allowed: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
File Hash allowed: %hash%
|
||
|
2002
|
Access Approved
|
Warning
|
File access allowed: %path%
Unable to get the file path while checking the Approved List.
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2003
|
Access Approved
|
Warning
|
File access allowed: %path%
Unable to calculate hash while checking the Approved List.
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2004
|
Access Approved
|
Warning
|
File access allowed: %path%
Unable to get notifications to monitor process.
|
||
|
2005
|
Access Approved
|
Warning
|
File access allowed:%path%
Unable to add process to non exception list.
|
||
|
2006
|
Access Approved
|
Information
|
File access allowed: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2007
|
Access Approved
|
Warning
|
File access allowed: %path%
An error occurred while checking the Exception Path List.
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2008
|
Access Approved
|
Warning
|
File access allowed: %path%
An error occurred while checking the Trusted Certification List.
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2011
|
Access Approved
|
Information
|
Registry access allowed.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2012
|
Access Approved
|
Information
|
Registry access allowed.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2013
|
Access Approved
|
Information
|
Change of File/Folder allowed by Exception List: %path%
[Details]
Access Image Path:
Access User: %username%
Mode: %mode%
|
||
|
2015
|
Access Approved
|
Information
|
Change of Registry Value allowed by Exception List.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2016
|
Access Approved
|
Information
|
Change of Registry Key allowed by Exception List.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2017
|
Access Approved
|
Warning
|
Change of File/Folder allowed: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2019
|
Access Approved
|
Warning
|
Change of Registry Value allowed.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2020
|
Access Approved
|
Warning
|
Change of Registry Key allowed.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2021
|
Access Approved
|
Warning
|
File access allowed: %path%
An error occurred while checking the Trusted Hash List.
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2022
|
Access Approved
|
Warning
|
Process allowed by Fileless Attack Prevention: %path% %argument%
[Details]
Access User: %username%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
Mode: Unlocked
Reason: %reason%
|
||
|
2503
|
Access Blocked
|
Warning
|
Change of File/Folder blocked: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2505
|
Access Blocked
|
Warning
|
Change of Registry Value blocked.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2506
|
Access Blocked
|
Warning
|
Change of Registry Key blocked.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2507
|
Access Blocked
|
Information
|
Action completed successfully: %path%
[Details]
Action: %action%
Source: %source%
|
||
|
2508
|
Access Blocked
|
Warning
|
Unable to take specified action: %path%
[Details]
Action: %action%
Source: %source%
|
||
|
2509
|
Access Blocked
|
Warning
|
File access blocked: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
Reason: Not in Approved List
File Hash blocked: %hash%
|
||
|
2510
|
Access Blocked
|
Warning
|
File access blocked: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
Reason: Hash does not match expected value
File Hash blocked: %hash%
|
||
|
2511
|
Access Blocked
|
Information
|
Change of File/Folder blocked: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Mode: %mode%
|
||
|
2512
|
Access Blocked
|
Warning
|
Change of Registry Value blocked.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access User: %username%
|
||
|
2513
|
Access Blocked
|
Warning
|
Process blocked by Fileless Attack Prevention: %path% %argument%
[Details]
Access User: %username%
Parent Process 1 Image Path: %path%
Parent Process 2 Image Path: %path%
Parent Process 3 Image Path: %path%
Parent Process 4 Image Path: %path%
Mode: locked
Reason: %reason%
|
||
|
2514
|
Access Blocked
|
Warning
|
File access blocked : %BLOCKED_FILE_PATH%
[Details]
Access Image Path: %PARENT_PROCESS_PATH%
Access User: %USER_NAME%
Reason: Blocked file is in a folder that has the
case sensitive attribute enabled.
|
||
|
3000
|
USB Malware Protection
|
Warning
|
Device access allowed: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Device Type: %type%
|
||
|
3001
|
USB Malware Protection
|
Warning
|
Device access blocked: %path%
[Details]
Access Image Path: %path%
Access User: %username%
Device Type: %type%
|
||
|
3500
|
Network Virus Protection
|
Warning
|
Network virus allowed: %name%
[Details]
Protocol: TCP
Source IP Address: %ip_address%
Source Port: %port%
Destination IP Address: %ip_address%
Destination Port: 80
|
||
|
3501
|
Network Virus Protection
|
Warning
|
Network virus blocked: %name%
[Details]
Protocol: TCP
Source IP Address: %ip_address%
Source Port: %port%
Destination IP Address: %ip_address%
Destination Port: 80
|
||
|
4000
|
Process Protection Event
|
Warning
|
API Hooking/DLL Injection allowed: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4001
|
Process Protection Event
|
Warning
|
API Hooking/DLL Injection blocked: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4002
|
Process Protection Event
|
Warning
|
API Hooking allowed: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4003
|
Process Protection Event
|
Warning
|
API Hooking blocked: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4004
|
Process Protection Event
|
Warning
|
DLL Injection allowed: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4005
|
Process Protection Event
|
Warning
|
DLL Injection blocked: %path%
[Details]
Threat Image Path: %path%
Threat User: %username%
|
||
|
4500
|
Changes in System
|
Information
|
File/Folder created: %path%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4501
|
Changes in System
|
Information
|
File modified: %path%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4502
|
Changes in System
|
Information
|
File/Folder deleted: %path%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4503
|
Changes in System
|
Information
|
File/Folder renamed: %path%
New Path: %path%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4504
|
Changes in System
|
Information
|
Registry Value modified.
Registry Key: %regkey%
Registry Value Name: %regvalue%
Registry Value Type: %regvaluetype%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4505
|
Changes in System
|
Information
|
Registry Value deleted.
Registry Key: %regkey%
Registry Value Name: %regvalue%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4506
|
Changes in System
|
Information
|
Registry Key created.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4507
|
Changes in System
|
Information
|
Registry Key deleted.
Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
||
|
4508
|
Changes in System
|
Information
|
Registry Key renamed.
Registry Key: %regkey%
New Registry Key: %regkey%
[Details]
Access Image Path: %path%
Access Process Id: %pid%
Access User: %username%
|
