SRP Block

Event Source - Microsoft-Windows-SoftwareRestrictionPolicies - Event Log - Application

Configuration

Query

EventID:865 OR EventID:866 OR EventID:867 OR EventID:868 OR EventID:882

Config

Key | Value — | — type | aggregation-v1 query | EventID:865 OR EventID:866 OR EventID:867 OR EventID:868 OR EventID:882 streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000

Windows Application Whitelisting

Application whitelisting events should be collected to look for applications that have been blocked from execution.

Last modified October 12, 2020