This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application control - how to identify specific client with Controlled Application?

We've enabled Application Control in "Detect but allow to run" mode for pretty much everything to get a feel for what is out there - this has created a lot of events. Reporting "Alerts and events by item name" shows some applications that we want to investigate, but how can we drill down to see which client has raised a particular application event?

I had hoped I could create an SQL query but the database doesn't seem to have any Application Control tables...

This thread was automatically locked due to age.

Parents

0 QC over 14 years ago

the database doesn't seem to have any Application Control tables

The events are in the Events table, a quick glance suggests that EventType=3 indicates Application Control. You probably know how to correlate them to the client but just in case, ComputerID refers to ID in ComputersAndDeletedComputers which contains the client's Name.

Christian
:10973
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 14 years ago

the database doesn't seem to have any Application Control tables

The events are in the Events table, a quick glance suggests that EventType=3 indicates Application Control. You probably know how to correlate them to the client but just in case, ComputerID refers to ID in ComputersAndDeletedComputers which contains the client's Name.

Christian
:10973
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data