Device Details

Device NameAppLockerApp

Vendor

Microsoft

Device Type


Supported Model Name/Number


Supported Software Version(s)

N/A

Collection Method

MS Windows Event Logging

Configurable Log Output?

No

Log Source Type

MS Windows Event Logging - AppLockerApp

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker

Supported Log Messages

Type

Product Version

Supported Schema Fields

AppLocker EventsN/A<vmid>, <processid>, <tag1>, <sname>, <domain>, <login>, <vendorinfo>, <object>, <objectname>, <tag2>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.598.0MS Windows Event Logging XML - AppLockerAppSub rules added-