事件日志的完整列表Endpoint Security

技术文章 ID: KB85494
上次修改时间: 2022-03-31 13:16:11 Etc/GMT

环境

McAfee Endpoint Security (ENS) 自适应威胁防护 (ATP) 10.x
McAfee ENS 防火墙 10.x
McAfee ENS 危险防护 10.x
McAfee ENS Web Control 10.x

摘要

本文对 ENS 事件消息的解释。 ENS 事件消息传递使用自然语言字符串（NLS）。 ENS 在 NLS 中记录威胁数据，包括威胁源和检测前的持续时间。您可以通过管理控制台和事件Endpoint Security 客户端访问此信息。 NLS 提供描述性说明，提供有关威胁事件的描述性说明。有些事件可能需要比事件文本字符串中包含的解释更多。如果下表中缺少特定事件， McAfee Enterprise 会加密事件，则无需进一步说明。根据需要，根据客户通过我们服务团队技术支持请求。

注意：有关详细信息，请参阅文章（KB85494）。

单个事件 ID 可以表现出不同的自然语言字符串。每个事件 ID 都有特定的含义，但是，在事件形成用于表示该事件详细信息的语言类型中，其详细信息。例如，事件 ID 1272 的一个实例可能包含所有预期信息。因此，选择一个最适合说明所有这些信息的 NLS。事件 ID 1272 的另一个实例可能缺少进程名称。我们使用不同的 NLS，而不是使用空白来表示进程名称（为空值）。此 NLS 省略了进程名称，但仍说明其余已知详细信息。

影响 NLS 消息的因素包括：

攻击媒介是本地攻击还是远程攻击
事件是针对事件按访问扫描（OAS）还是按需扫描（ODS）
采取的操作（清理、删除、删除待处理、访问被拒绝、继续、无、已移动、已阻止或通用）
存在或缺少错误（修复失败、DeleteOnReboot、FailedDeleteFile、BackupFailed 或 FailedDeletePending）
对象类型（对象是否为引导扇区）
是否提供进程名称

以下是针对检测进行的传统和 NLS 事件消息传递的比较，这些检测导致未采取操作：

传统消息传递语法：

No Action Taken (Clean failed because the detection isn't cleanable) \ \ ()

NLS 消息传递语法：

" \ 已运行，尝试访问 \ 。已检测到名称，并且对文件的访问被拒绝。"

示例 NLS 检测消息：

"Interweb\jsmith 运行 notepad.exe ，它尝试访问 C：\data\temp\eicar.com。已检测到名为 Eicar 测试文件的测试病毒，并且对文件的访问被拒绝。"

Contents
单击以展开您要查看的部分：

用于进程调查的工具

字符串To identify the process locking the file, see KB85494显示在一些按访问选择器事件消息中，并且将客户参阅此知识库文章获得更多信息。在这种情况下，产品已拒绝访问被感染的文件并试图删除该文件。但是，在检测到威胁时无法这样做。删除失败，因为文件锁定会Windows系统根据我们的请求删除文件。 Windows保留删除待处理状态的文件删除请求。我们继续拒绝访问该文件，这将阻止打开任何新句柄。 Windows关闭检测到文件的所有句柄后，该文件将被删除。如果您要调查当前已打开此文件锁定的进程，请使用以下工具。

Windows任务管理器

打开任务管理器以管理员身份登录时通过单击 Ctrl+Shift+Esc 。
单击性能选项卡。
点击资源监视器.
单击CPU选项卡。
在部分中关联的句柄，则搜索文件名。部分文件名可能足够。
等待搜索结果。

Process Explorer

以管理员身份运行 Process Explorer。
单击找到菜单，然后选择查找句柄或 DLL.
搜索文件名。
等待搜索结果。

确定进程后，执行相应的下一步操作。要评估进程行为，请通过以下方式对其进行评估：

进程必须使用该文件。
此进程是安全的或受信任的。
可以安全地关闭进程。
您必须捕获关于此过程的任何数据，然后提交技术支持调查。

用于访问保护规则违规调查的工具

字符串For information on how to respond to this event, see KB85494显示在一些访问保护违反规则事件消息中，并且将客户介绍给此知识库文章，以了解更多信息。在此场景中，操作根据事件消息本身所介绍规则的定义被阻止。这些违规不为误报。访问保护功能无法返回误报。这是因为与是否发生行为匹配，而非使用病毒定义或特征码。

确定此行为是否预期：

若为预期行为，您必须：
- 接受或忽略数据。
- 为指定规则创建排除项，以排除违反规则的进程。有关详细信息，请参阅Endpoint Security10.7.x 威胁防护产品手册.
如果预期为，则进一步调查此行为，因为有以下任一原因：
- 该行为发生的原因是恶意软件已进入该进程。
- 该行为正常，需要重新分类为预期行为，在这种情况下，您会看到上一项预期行为。

如果事件频率过高，请采取措施，避免数据ePolicy Orchestrator 数据库。如果数据库已满，SQL Server磁盘空间或网络延迟或两者均将用完。

操作可包括：

从数据库中清除事件
释放磁盘空间
将代理配置为过滤出（不再发送）特定事件
从 ePolicy Orchestrator 事件文件夹删除未处理的事件
从尚未发送到 ePolicy Orchestrator 的客户端系统中删除已累积的事件

当前，除了重新配置代理以过滤事件外，中央管理点（ePolicy Orchestrator 服务器）或代理处理程序只能完成很少操作。

自然语言字符串事件消息传递索引

下表列出了事件 ID 及可能随附的 NLS。

注意：该表包含常见事件、操作和相关 NLS。它根据功能提供事件 ID 与可能选择的 NLS（可能用于事件，根据自然字符串选择标准）之间的关联。下表中进一步说明最后一列中显示的 NLS 标记。要跳至下表中的该特定条目，请单击超链接。

以下是指向以下表格的链接：

来自按按组织（OAS）的字符串
来自漏洞利用防护的字符串
Strings from ScriptScan
来自 ODS 的字符串
来自系统（DAC动态应用程序封闭字符串）

特征	采取的操作	事件 ID	可能的 NLS
美洲国家组织	打扫	1025、1060	IDS_NATURAL_LANG_OAS_DETECTION_CLN IDS_NATURAL_LANG_OAS_DETECTION_R_CLN IDS_NATURAL_LANG_OAS_DETECTION_B_CLN
	已删除	1027, 1028, 1054, 1055, 1101, 1104, 1278, 1279, 1280, 1281, 1293, 1303, 1306, 1312, 1313, 1314, 1315, 1316, 1317, 1318, 1319, 1320, 1321, 1322, 1323, 1324, 1325, 1326, 1327, 1328, 1405, 1408, 1410, 1414, 1415, 1416, 1417, 1418, 1419, 1420	IDS_NATURAL_LANG_OAS_DETECTION_DEL IDS_NATURAL_LANG_OAS_DETECTION_R_DEL
	访问被拒绝	1024, 1026, 1037, 1053, 1061, 1100, 1274, 1275, 1276, 1277, 1282, 1283, 1284, 1285, 1289, 1290, 1291, 1292, 1294, 1296, 1298, 1300, 1302, 1304, 1305, 1307, 1308, 1310, 1311、1401、1402、1404、1407、1409、1411、1413	IDS_NATURAL_LANG_OAS_DETECTION_DEN IDS_NATURAL_LANG_OAS_DETECTION_R_DEN IDS_NATURAL_LANG_OAS_DETECTION_B_DEN IDS_NATURAL_LANG_OAS_DETECTION_DEN_NOACTORPROCNAME
	继续	1400	IDS_NATURAL_LANG_OAS_DETECTION_NON IDS_NATURAL_LANG_OAS_DETECTION_R_NON IDS_NATURAL_LANG_OAS_DETECTION_NON_NOACTORPROCNAME
	搬	1056, 1102, 1270, 1271, 1272, 1273, 1297, 1301, 1309, 1403, 1406, 1412	IDS_NATURAL_LANG_OAS_DETECTION_MOV IDS_NATURAL_LANG_OAS_DETECTION_R_MOV
	删除待处理	1421, 1422, 1423, 1424, 1425, 1426, 1427, 1428, 1429, 1430, 1431	IDS_NATURAL_LANG_OAS_DETECTION_DLP IDS_NATURAL_LANG_OAS_DETECTION_R_DLP IDS_NATURAL_LANG_OAS_DETECTION_DLP_NOACTORPROCNAME
ODS	打扫	1025、1060	IDS_NATURAL_LANG_ODS_DETECTION_CLEANED IDS_NATURAL_LANG_ODS_DETECTION_B_CLEANED
	删除待处理	1421, 1422, 1423, 1424, 1425, 1426, 1427, 1428, 1429, 1430, 1431	IDS_NATURAL_LANG_ODS_DETECTION_DLP
	删除	1027, 1028, 1054, 1055, 1101, 1104, 1278, 1279, 1280, 1281, 1293, 1303, 1306, 1312, 1313, 1314, 1315, 1316, 1317, 1318, 1319, 1320, 1321, 1322, 1323, 1324, 1325, 1326, 1327, 1328, 1405, 1408, 1410, 1414, 1415, 1416, 1417, 1418, 1419, 1420	IDS_NATURAL_LANG_ODS_DETECTION_DELETED
	继续	1024, 1026, 1037, 1051, 1053, 1059, 1061, 1095, 1096, 1099, 1100, 1103, 1202, 1203, 1274, 1275, 1276, 1277, 1282, 1283, 1284, 1285, 1289, 1290, 1291, 1292, 1294, 1296, 1298, 1300, 1302, 1304, 1305, 1307, 1308, 1310, 1311, 1400, 1401, 1402, 1404, 1407, 1409, 1411, 1413, 1064, 1065, 1087, 1088, 1118, 1119, 1120, 1121,	IDS_NATURAL_LANG_ODS_DETECTION_GENERIC IDS_ALERT_ACT_TAK_CONT
访问保护/系统保护	阻止	1092	IDS_NATURAL_LANG_DESC_DETECTION_APSP_1 IDS_NATURAL_LANG_DESC_DETECTION_APSP_2 IDS_NATURAL_LANG_DESC_DETECTION_APSP_3
访问保护/系统保护	将阻止	1095	IDS_NATURAL_LANG_DESC_DETECTION_APSP_4 IDS_NATURAL_LANG_DESC_DETECTION_APSP_5 IDS_NATURAL_LANG_DESC_DETECTION_APSP_6

事件 ID	NLS
IDS_NATURAL_LANG_OAS_DETECTION_DEL	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and deleted."
IDS_NATURAL_LANG_OAS_DETECTION_CLN	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_DEN	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and access to the file was denied."

IDS_NATURAL_LANG_OAS_DETECTION_DEN_NOACTORPROCNAME	"Attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected and access to the file was denied."
IDS_NATURAL_LANG_OAS_DETECTION_NON_NOACTORPROCNAME	"Attempted to access \|TargetPath\|\\|TargetName\| and the threat \|\|ThreatType\|\| named \|ThreatName\| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_NON	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\| and the \|\|ThreatType\|\| named \|ThreatName\| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_MOV	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and the file was moved."

IDS_NATURAL_LANG_OAS_DETECTION_BLO	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and blocked."
IDS_NATURAL_LANG_OAS_DETECTION_GENERIC	"\|TargetUserName\| ran \|SourceProcessName\|, which attempted to access \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected. The scanner took the following action: \|\|ThreatActionTaken\|\|."

IDS_NATURAL_LANG_OAS_DETECTION_ENC	"\|AV_DETECTION_USERNAME\| accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner could not scan \|TargetName\| because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_ENC2	"An unknown user accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner could not scan the file because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_TO	"\|TargetUserName\| ran \|SourceProcessName\|, which accessed \|TargetPath\|\\|TargetName\|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_TO2	"An unknown user accessed \|AV_DETECTION_FULL_LOCATION\|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_COR	"\|AV_DETECTION_USERNAME\| accessed \"\|AV_DETECTION_FULL_LOCATION\|\". The file is corrupt and could not be scanned."
IDS_NATURAL_LANG_OAS_DETECTION_COR2	"An unknown user accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner couldn't scan the file because it is corrupted."

IDS_NATURAL_LANG_OAS_DETECTION_DLP	"\|TargetUserName\| ran \"\|SourceProcessName\|\", which attempted to access \"\|TargetPath\|\\|TargetName\|\". The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_OAS_DETECTION_DLP_NOACTORPROCNAME	"Attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."

IDS_NATURAL_LANG_OAS_DETECTION_NRP	"\|TargetUserName\| ran \"\|SourceProcessName\|\", which attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but no clean information is available."
IDS_NATURAL_LANG_OAS_DETECTION_SHV	"\|AV_DETECTION_USERNAME\| accessed \"\|AV_DETECTION_FULL_LOCATION\|\". The scanner could not scan the file due to a sharing violation."
IDS_NATURAL_LANG_OAS_DETECTION_SHV2	"An unknown user accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner could not scan the file due to a sharing violation."
IDS_NATURAL_LANG_OAS_DETECTION_NPM	"\|AV_DETECTION_USERNAME\| accessed \"\|AV_DETECTION_FULL_LOCATION\|\". The scanner could not scan the file because it doesn't have access rights."
IDS_NATURAL_LANG_OAS_DETECTION_NPM2	"An unknown user accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner could not scan the file because it doesn't have access rights."
IDS_NATURAL_LANG_OAS_DETECTION_DLR	"\|TargetUserName\| ran \"\|SourceProcessName\|\", which attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected and will be deleted on reboot."
IDS_NATURAL_LANG_OAS_DETECTION_DLE	"\|TargetUserName\| ran \"\|SourceProcessName\|\", which attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but deletion failed."
IDS_NATURAL_LANG_OAS_DETECTION_BUE	"\|TargetUserName\| ran \"\|SourceProcessName\|\", which attempted to access \|TargetPath\|\\|TargetName\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but quarantine failed."

IDS_NATURAL_LANG_OAS_DETECTION_R_DEL	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and deleted."
IDS_NATURAL_LANG_OAS_DETECTION_R_CLN	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_R_DEN	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and access to the file was denied."
IDS_NATURAL_LANG_OAS_DETECTION_R_NON	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_R_MOV	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and the file was moved."
IDS_NATURAL_LANG_OAS_DETECTION_R_BLO	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and blocked."
IDS_NATURAL_LANG_OAS_DETECTION_R_ENC	"\|AV_DETECTION_USERNAME\| accessed \|AV_DETECTION_FULL_LOCATION\|. The scanner could not scan the file because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_R_TO	"\|TargetPath\|\\|TargetName\| was accessed from the remote system \|SourceIPV4\|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLP	"The file \|TargetPath\|\\|TargetName\| was accessed from remote system \|SourceIPV4\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_OAS_DETECTION_R_NRP	"The file \|TargetPath\|\\|TargetName\| was accessed from remote system \|SourceIPV4\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but no clean information is available."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLR	"The file \|TargetPath\|\\|TargetName\| was accessed from remote system \|SourceIPV4\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected and will be deleted on reboot."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLE	"The file \|TargetPath\|\\|TargetName\| was accessed from remote system \|SourceIPV4\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but deletion failed."
IDS_NATURAL_LANG_OAS_DETECTION_R_BUE	"The file \|TargetPath\|\\|TargetName\| was accessed from remote system \|SourceIPV4\|. The threat \|\|ThreatType\|\| named \|ThreatName\| was detected but quarantine failed."

IDS_NATURAL_LANG_OAS_DETECTION_B_CLN	"\|TargetUserName\| accessed volume \|TargetPath\|:. The \|\|ThreatType\|\| named \|ThreatName\| was detected in the boot sector and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_B_DEN	"\|TargetUserName\| accessed volume \|TargetPath\|:. The \|\|ThreatType\|\| named \|ThreatName\| was detected in the boot sector. Both the primary (\|\|FirstAttemptedAction\|\|) and secondary (\|\|SecondAttemptedAction\|\|) actions failed, so access to the file was denied."
IDS_NATURAL_LANG_OAS_DETECTION_ERROR	"The scanner detected a threat but, due to an error, no additional information is available."
IDS_NATURAL_LANG_OAS_DETECTION_NO_INFO	"The scanner detected a threat while scanning \|TargetName\| but, due to an error, no additional information is available."

返回到顶部

来自漏洞利用防护的字符串

事件 ID

NLS

IDS_NATURAL_LANG_DESC_DETECTION_APSP_1

"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetPath|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."

IDS_NATURAL_LANG_DESC_DETECTION_APSP_2

"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."

IDS_NATURAL_LANG_DESC_DETECTION_APSP_3

"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetProcessName|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."

IDS_NATURAL_LANG_DESC_DETECTION_APSP_4

"|SourceUserName| ran |SourceProcessName|, which accessed |TargetPath|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."

IDS_NATURAL_LANG_DESC_DETECTION_APSP_5

"|SourceUserName| ran |SourceProcessName|, which accessed |TargetPath|\|TargetName|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."

IDS_NATURAL_LANG_DESC_DETECTION_APSP_6

"|SourceUserName| ran |SourceProcessName|, which accessed the process |TargetProcessName|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_1
All but SMEP and TAMPER (no API name or caller module)

"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName| and was ||ThreatActionTaken||."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_2
All but SMEP & TAMPER with API name

"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName|, which targeted the |APIName| API, and was ||ThreatActionTaken||."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_4
All but SMEP & TAMPER with a caller module

"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName| called from module |CallerModule|, which targeted the |APIName| API, and was ||ThreatActionTaken||."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_3
SMEP

"|ThreatName| attempted an exploit at |ThreatTimestamp| and was ||ThreatActionTaken||. For more information, check the Windows Event Viewer for record number |TargetName|."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_5
TAMPER

TAMPER

"Tampering has been detected with Exploit Prevention's monitoring of processes on this computer."

IDS_NATURAL_LANG_DESC_DETECTION_BOP_1N
所有非 SMEP 和 TAMPER （无 API 名称或调用程序模块）

IDS_NATURAL_LANG_DESC_DETECTION_BOP_2N
All but SMEP & TAMPER with API name

IDS_NATURAL_LANG_DESC_DETECTION_BOP_4N
All but SMEP & TAMPER with a caller module

IDS_NATURAL_LANG_DESC_DETECTION_BOP_3N
SMEP

返回到顶部

来自 ScriptScan 的字符串

事件 ID	NLS
IDS_NATURAL_LANG_DETECTION_SS_URL	"\|TargetUserName\| ran \|TargetProcessName\|, which accessed \|TargetURL\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and blocked."
IDS_NATURAL_LANG_DETECTION_SS_FILE	"\|TargetUserName\| ran \|TargetProcessName\|, which accessed \|TargetPath\|\\|TargetName\|. The \|\|ThreatType\|\| named \|ThreatName\| was detected and blocked."

返回到顶部

来自按需扫描的字符串

事件 ID	NLS
IDS_NATURAL_LANG_ODS_DETECTION_NONE	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. Both the primary (\|\|FirstAttemptedAction\|\|) and secondary (\|\|SecondAttemptedAction\|\|) actions failed, so the scanner took no action."
IDS_NATURAL_LANG_ODS_DETECTION_CLEANED	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. The file was cleaned."
IDS_NATURAL_LANG_ODS_DETECTION_DELETED	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. The file was deleted."

IDS_NATURAL_LANG_ODS_DETECTION_GENERIC	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. The scanner took the following action: \|\|ThreatActionTaken\|\|."
IDS_NATURAL_LANG_ODS_DETECTION_NO_INFO	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. Due to an error, no additional information is available."

IDS_NATURAL_LANG_ODS_DETECTION_B_NONE	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning the boot sector of volume \|TargetPath\|:. Both the primary (\|\|FirstAttemptedAction\|\|) and secondary (\|\|SecondAttemptedAction\|\|) actions failed, so the scanner took no action."
IDS_NATURAL_LANG_ODS_DETECTION_B_CLEANED	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning the boot sector of volume \|TargetPath\|:. The boot sector was cleaned."

IDS_NATURAL_LANG_ODS_DETECTION_ENC	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan. The scanner could not scan \|TargetName\| because it was encrypted."
IDS_NATURAL_LANG_ODS_DETECTION_TO	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which was unable to scan \|TargetName\| because the scan timed out."
IDS_NATURAL_LANG_ODS_DETECTION_FS	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which was unable to scan \|TargetName\| because the file size exceeds the configured maximum file size to scan."
IDS_NATURAL_LANG_ODS_DETECTION_COR	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which was unable to scan \|TargetName\| because the file is corrupt."

IDS_NATURAL_LANG_ODS_DETECTION_DLP	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which detected the threat \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\| but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_ODS_DETECTION_NRP	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which detected the threat \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. However, no clean information is available."
IDS_NATURAL_LANG_ODS_DETECTION_SHV	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which was unable to scan \|TargetName\| due to a sharing violation."
IDS_NATURAL_LANG_ODS_DETECTION_NPM	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which was unable to scan \|TargetName\| because the scanner doesn't have access rights to it."

IDS_NATURAL_LANG_ODS_DETECTION_DLR	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which detected the threat \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. The threat will be deleted on reboot."
IDS_NATURAL_LANG_ODS_DETECTION_DLE	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which detected the threat \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. However, deletion of the threat failed."
IDS_NATURAL_LANG_ODS_DETECTION_BUE	"\|TargetUserName\| ran on-demand scan \|\|TaskName\|\|, which detected the threat \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. However, quarantine of the threat failed."
IDS_NATURAL_LANG_ODS_DETECTION_ERROR	"The on-demand scan detected a threat but, due to an error, no additional information is available."
IDS_ALERT_ACT_TAK_CONT	"\|TargetUserName\| ran the \|\|TaskName\|\| on-demand scan, which detected the \|\|ThreatType\|\| named \|ThreatName\| while scanning \|TargetPath\|\\|TargetName\|. The scanner took the following action: \|\|ThreatActionTaken\|\|."

返回到顶部

来自系统（DAC动态应用程序封闭字符串）

事件 ID	NLS
IDS_NATURAL_LANG_DESC_DAC_1	"The application \|SourceFilePath\|\\|SourceProcessName\| was contained at the request of \|RequesterDisplayName\|."
IDS_NATURAL_LANG_DESC_DAC_2	"\|RequesterDisplayName\| requested to contain the application \|SourceFilePath\|\\|SourceProcessName\|, which is already contained."
IDS_NATURAL_LANG_DESC_DAC_3	"The application \|SourceFilePath\|\\|SourceProcessName\| was released from containment at the request of \|RequesterDisplayName\|."
IDS_NATURAL_LANG_DESC_DAC_4	"\|RequesterDisplayName\| requested to release the application \|SourceFilePath\|\\|SourceProcessName\|. However, the application is still contained because other requests remain."
IDS_NATURAL_LANG_DESC_DAC_5	"\|RequesterDisplayName\| request to contain \|SourceFilePath\|\\|SourceProcessName\| was removed due to an exclusion and the application was released from containment."
IDS_NATURAL_LANG_DESC_DAC_6	"\|RequesterDisplayName\| request to contain \|SourceFilePath\|\\|SourceProcessName\| was removed due to an exclusion."
IDS_NATURAL_LANG_DESC_DAC_7	"\|RequesterDisplayName\| request to contain \|SourceFilePath\|\\|SourceProcessName\| was removed and the application was released from containment because Dynamic Application Containment was uninstalled."
IDS_NATURAL_LANG_DESC_DAC_8	"\|RequesterDisplayName\| request to contain \|SourceFilePath\|\\|SourceProcessName\| was removed because Dynamic Application Containment was uninstalled."

返回顶部

事件 IDS 索引

从 ePolicy Orchestrator ，%install dir%\server\extensions\installed\ENDP_AM_1000（例如，您可以从以下事件信息获取 ENS） strings_en.properties.

事件 ID	事件信息	ENS 模块
1024	Infected file found.	Threat Prevention
1025	Infected file successfully Cleaned.	Threat Prevention
1027	Infected file deleted.	Threat Prevention
1037	Infected boot record found	Threat Prevention
1051	Unable to scan password protected	Threat Prevention
1059	Scan Timed Out	Threat Prevention
1064	Service was started.	Threat Prevention
1065	Service ended.	Threat Prevention
1087	On-access Scan started	Threat Prevention
1088	On-access scan stopped.	Threat Prevention
1091	JavaScript or VBScript security violation detected and blocked	Threat Prevention
1092	Access Protection rule violation detected and blocked	Threat Prevention
1095	Access Protection rule violation detected and NOT blocked	Threat Prevention
1096	event_name_1096=检测到违反阻止规则，未阻止 event_desc_1096=检测到违反阻止规则，未阻止	Threat Prevention
1102	event_name_1102=多扩展名启发式检测 - 已移动 event_desc_1102=文件%FILENAME%具有多扩展名启发式检测。该文件已被移至隔离区。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1103	event_name_1103=需要 Prescan event_desc_1103=The file %FILENAME% is infected with the %VIRUSNAME% %VIRUSTYPE%. 需要 Prescan 才能删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1104	event_name_1104=多扩展名启发式检测 - 重新启动时删除 event_desc_1104=文件%FILENAME%具有多扩展名启发式检测。文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1106	event_name_1106=多扩展名启发式检测 - 消息已删除 event_desc_1106=消息%FILENAME%具有多扩展名启发式检测。已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1118	The update was successful	Common
1119	The update failed; see event log	Common
1120	The update is running	Common
1121	The update was cancelled	Common
1202	event_name_1202=按需扫描已启动 event_desc_1202=按需扫描已启动	Threat Prevention
1203	event_name_1203=按需扫描完成 event_desc_1203=按需扫描完成。 Viruses Found %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1278	file infected. No cleaner available, file deleted successfully	Threat Prevention
1280	file infected. Undetermined clean error, deleted successfully	Threat Prevention
1282	file infected. No cleaner available, delete failed	Threat Prevention
1284	file infected. Undetermined clean error, delete failed	Threat Prevention
1290	file infected. No cleaner available, OAS denied access and continued	Threat Prevention
1292	file infected. Undetermined clean error, OAS denied access and continued	Threat Prevention
1300	file infected. Delete failed, denied access and continued (OAS)	Threat Prevention
1301	event_name_1301=多扩展名启发式检测 - 清理出错，成功隔离 event_desc_1301=文件%FILENAME%具有多扩展名启发式检测。该文件已被移至隔离区。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1302	event_name_1302=多扩展名启发式检测 - 移动失败，清理出错 event_desc_1302=文件%FILENAME%具有多扩展名启发式检测。无法将文件移动至隔离区，也无法清理文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1303	event_name_1303=多扩展名启发式检测 - 清理出错，成功删除 event_desc_1303=文件%FILENAME%具有多扩展名启发式检测。已删除此文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1304	event_name_1304=多扩展名启发式检测 - 清理出错，删除失败 event_desc_1304=文件%FILENAME%具有多扩展名启发式检测。无法清理此文件，也无法删除此文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1305	event_name_1305=多扩展名启发式检测 - 清理出错，拒绝访问继续 event_desc_1305=文件%FILENAME%具有多扩展名启发式检测。已拒绝访问文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1306	event_name_1306=多扩展名启发式检测 - 移动失败，成功删除 event_desc_1306=文件%FILENAME%具有多扩展名启发式检测。已删除此文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1307	event_name_1307=多扩展名启发式检测 - 移动失败，删除失败 event_desc_1307=文件%FILENAME%具有多扩展名启发式检测。无法将文件移动至隔离区，也无法删除文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1308	event_name_1308=多扩展名启发式检测 - 移动失败，拒绝访问继续 event_desc_1308=文件%FILENAME%具有多扩展名启发式检测。已拒绝访问文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1309	event_name_1309=多扩展名启发式检测 - 删除失败，成功隔离 event_desc_1309=文件%FILENAME%具有多扩展名启发式检测。该文件已被移至隔离区。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1310	event_name_1310=多扩展名启发式检测 - 删除失败，隔离失败 event_desc_1310=文件%FILENAME%具有多扩展名启发式检测。无法删除此文件，也无法将文件移动至隔离区。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1311	event_name_1311=多扩展名启发式检测 - 删除失败，拒绝访问继续 event_desc_1311=文件%FILENAME%具有多扩展名启发式检测。已拒绝访问文件。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1312	event_name_1312=移动失败，删除失败，系统将在重新启动时删除文件 event_desc_1312=The file %FILENAME% is infected with %VIRUSNAME% %VIRUSTYPE%. 文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1313	event_name_1313=多扩展名启发式检测 - 移动失败，删除失败，文件将在重新启动时删除 event_desc_1313=文件%FILENAME%具有多扩展名启发式检测。文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1314	event_name_1314=加密文件 - 清理出错，重新启动时删除 event_desc_1314=加密文件%FILENAME%将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1315	event_name_1315=启发式检测项 - 清理出错，重新启动时删除 event_desc_1315=文件%FILENAME%具有启发式检测。文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1316	event_name_1316=多扩展名启发式检测 - 清理出错，重新启动时删除 event_desc_1316=文件%FILENAME%具有多扩展名启发式检测。文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1317	event_name_1317=没有可用的清理工具 - 清理出错，重新启动时删除 event_desc_1317=The file %FILENAME% is infected with %VIRUSNAME% %VIRUSTYPE%. 文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1318	event_name_1318=未确定 - 清理出错，重新启动时删除 event_desc_1318=文件%FILENAME%受到不确定的感染。文件将在重新启动时删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1319	event_name_1319=未确定 - 清理出错，消息已删除 event_desc_1319=消息%FILENAME%包含%VIRUSNAME% %VIRUSTYPE%. 已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1320	event_name_1320=加密 - 清理出错，消息已删除 event_desc_1320=加密的消息%FILENAME%已删除。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1321	event_name_1321=启发式检测项 - 清理出错，消息已删除 event_desc_1321=消息%FILENAME%具有启发式检测。已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1322	event_name_1322=多扩展名启发式检测 - 清理出错，消息已删除 event_desc_1322=消息%FILENAME%具有多扩展名启发式检测。已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1323	event_name_1323=清理出错，消息已删除 event_desc_1323=消息%FILENAME%包含%VIRUSNAME% %VIRUSTYPE%. 已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1324	event_name_1324=移动失败，消息已删除 event_desc_1324=消息%FILENAME%包含%VIRUSNAME% %VIRUSTYPE%. 已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1325	event_name_1325=多扩展名启发式检测 - 移动失败，消息已删除 event_desc_1325=消息%FILENAME%具有多扩展名启发式检测。已删除该消息。 Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.	Threat Prevention
1326	event_name_1326=清理出错，消息已删除 event_desc_1326=清理出错，消息已删除	Threat Prevention
1327	event_name_1327=移动失败，消息已删除 event_desc_1327=移动失败，消息已删除	Threat Prevention
1328	event_name_1328=移动失败，消息已删除（多扩展名） event_desc_1328=移动失败，消息已删除（多扩展名）	Threat Prevention
1400	event_name_1400=检测到用户定义的对象，未采取操作 event_desc_1400=检测到用户定义的对象，未采取操作	Threat Prevention
1401	event_name_1401=清理失败（用户定义的检测项），未采取操作 event_desc_1401=清理失败（用户定义的检测项），未采取操作	Threat Prevention
1402	event_name_1402=清理失败（用户定义的检测项），移动失败 event_desc_1402=清理失败（用户定义的检测项），移动失败	Threat Prevention
1403	event_name_1403=已移动（用户定义的检测项），清理失败 event_desc_1403=已移动（用户定义的检测项），清理失败	Threat Prevention
1404	event_name_1404=清理失败（用户定义的检测项），删除失败 event_desc_1404=清理失败（用户定义的检测项），删除失败	Threat Prevention
1405	event_name_1405=已删除（用户定义的检测项），清理失败 event_desc_1405=已删除（用户定义的检测项），清理失败	Threat Prevention
1406	event_name_1406=已移动（用户定义的检测） event_desc_1406=已移动（用户定义的检测）	Threat Prevention
1407	event_name_1407=移动失败（用户定义的检测项），删除失败 event_desc_1407=移动失败（用户定义的检测项），删除失败	Threat Prevention
1408	event_name_1408=已删除（用户定义的检测项），移动失败 event_desc_1408=已删除（用户定义的检测项），移动失败	Threat Prevention
1409	event_name_1409=移动失败（用户定义的检测项），未采取操作 event_desc_1409=移动失败（用户定义的检测项），未采取操作	Threat Prevention
1410	event_name_1410=已删除（用户定义的检测项） event_desc_1410=已删除（用户定义的检测项）	Threat Prevention
1411	event_name_1411=删除失败（用户定义的检测项），移动失败 event_desc_1411=删除失败（用户定义的检测项），移动失败	Threat Prevention
1412	event_name_1412=已移动（用户定义的检测项），删除失败 event_desc_1412=已移动（用户定义的检测项），删除失败	Threat Prevention
1413	event_name_1413=删除失败（用户定义的检测项），未采取操作 event_desc_1413=删除失败（用户定义的检测项），未采取操作	Threat Prevention
1414	event_name_1414=清理失败，删除失败，系统将在重新启动时删除文件（用户定义的检测项） event_desc_1414=清理失败，删除失败，系统将在重新启动时删除文件（用户定义的检测项）	Threat Prevention
1415	event_name_1415=删除失败，系统将在重新启动时删除文件（用户定义的检测项） event_desc_1415=删除失败，系统将在重新启动时删除文件（用户定义的检测项）	Threat Prevention
1416	event_name_1416=移动失败，删除失败，系统将在重新启动时删除文件（用户定义的检测项） event_desc_1416=移动失败，删除失败，系统将在重新启动时删除文件（用户定义的检测项）	Threat Prevention
1417	event_name_1417=电子邮件已删除（用户定义的检测项） event_desc_1417=电子邮件已删除（用户定义的检测项）	Threat Prevention
1418	event_name_1418=电子邮件已删除（用户定义的检测项），清理失败 event_desc_1418=电子邮件已删除（用户定义的检测项），清理失败	Threat Prevention
1419	event_name_1419=电子邮件已删除（用户定义的检测项），移动失败 event_desc_1419=电子邮件已删除（用户定义的检测项），移动失败	Threat Prevention
1420	event_name_1420=电子邮件已删除（用户定义的检测项），删除失败 event_desc_1420=电子邮件已删除（用户定义的检测项），删除失败	Threat Prevention
1421	event_name_1421=清理出错，因为无可用清理工具，删除待处理 event_desc_1421=清理出错，因为无可用清理工具，删除待处理	Threat Prevention
1422	event_name_1422=清理失败（对于启发式检测，删除待处理 event_desc_1422=清理失败（对于启发式检测，删除待处理	Threat Prevention
1423	event_name_1423=清理出错（未确定错误），删除待处理 event_desc_1423=清理出错（未确定错误），删除待处理	Threat Prevention
1424	event_name_1424=加密文件清理失败，删除待处理 event_desc_1424=加密文件清理失败，删除待处理	Threat Prevention
1425	event_name_1425=清理出错（多扩展名启发式检测），删除待处理 event_desc_1425=清理出错（多扩展名启发式检测），删除待处理	Threat Prevention
1426	event_name_1426=移动失败，删除待处理 event_desc_1426=移动失败，删除待处理	Threat Prevention
1427	event_name_1427=移动失败（多扩展名启发式检测），删除待处理 event_desc_1427=移动失败（多扩展名启发式检测），删除待处理	Threat Prevention
1428	event_name_1428=删除待处理，文件仍存在 event_desc_1428=删除待处理，文件仍存在	Threat Prevention
1429	event_name_1429=删除待处理（多扩展名启发式检测） event_desc_1429=删除待处理（多扩展名启发式检测）	Threat Prevention
1430	event_name_1430=用户定义的检测项，删除待处理 event_desc_1430=用户定义的检测项，删除待处理	Threat Prevention
1431	event_name_1431=用户定义的检测项，移动失败，删除待处理 event_desc_1431=用户定义的检测项，移动失败，删除待处理	Threat Prevention
18051	event_name_18051=尝试了未经授权的权限升级，已阻止（SMEP） event_desc_18051=尝试了未经授权的权限升级，已阻止（SMEP）	Threat Prevention
18052	event_name_18052=检测到缓冲区溢出，已阻止（GBOP） event_desc_18052=检测到缓冲区溢出，已阻止（GBOP）	Threat Prevention
18053	event_name_18053=尝试了未经授权的权限升级，已阻止（GPEP） event_desc_18053=尝试了未经授权的权限升级，已阻止（GPEP）	Threat Prevention
18054	event_name_18054=尝试了漏洞利用，已阻止 event_desc_18054=尝试了漏洞利用，已阻止	Threat Prevention
18055	event_name_18055=检测到可疑调用，已阻止 event_desc_18055=检测到可疑调用，已阻止	Threat Prevention
18056	event_name_18056=检测到缓冲区溢出，已阻止（DEP） event_desc_18056=检测到缓冲区溢出，已阻止（DEP）	Threat Prevention
18057	event_name_18057=检测到对漏洞利用防护的篡改。 event_desc_18057=检测到对漏洞利用防护的篡改。	Threat Prevention
18058	event_name_18058=检测到违反规则保护 event_desc_18058=检测到违反规则保护	Threat Prevention
18059	event_name_18059=检测到网络入侵行为且已处理 event_desc_18059=Network intrusion detected and handled	Threat Prevention
18060	event_name_18060=Exploit Prevention Files/Process/Registry violation detected event_desc_18060=Exploit Prevention Files/Process/Registry violation detected	Threat Prevention
18600	event_name_18600=浏览器导航 event_desc_18600=浏览器导航	Web Protection
18601	event_name_18601=浏览器文件下载 event_desc_18601=浏览器文件下载	Web Protection
34852	event_name_34852=按需扫描已暂停 event_desc_34852=按需扫描已暂停	Threat Prevention
34853	event_name_34853=按需扫描已自动暂停 event_desc_34853=按需扫描已自动暂停	Threat Prevention
34854	event_name_34854=按需扫描已恢复 event_desc_34854=按需扫描已恢复	Threat Prevention
34855	event_name_34855=按需扫描已取消或已停止 event_desc_34855=按需扫描已取消或已停止	Threat Prevention
34857	event_name_34857=客户端界面登录审核 event_desc_34857=客户端界面登录审核	Common
34865	event_name_34865=DLL 注入事件 event_desc_34865=DLL 注入事件	Common
34900	event_name_34900=按需扫描已推迟 event_desc_34900=按需扫描已推迟	Threat Prevention
34910	event_name_34910=隔离的项目已还原 event_desc_34910=隔离的项目已还原	Threat Prevention
34920	event_name_34920=回滚成功 event_desc_34920=回滚成功	Threat Prevention
34921	event_name_34921=回滚失败 event_desc_34921=回滚失败	Threat Prevention
34922	event_name_34922=未发生回滚 event_desc_34922=未发生回滚	Threat Prevention
34923	event_name_34923=项目已损坏 event_desc_34923=项目已损坏	Threat Prevention
34924	event_name_34924=因扫描错误未扫描共享冲突 event_desc_34924=因扫描错误未扫描共享冲突	Threat Prevention
34925	event_name_34925=因为扫描程序没有足够权限可读取对象，所以未扫描该对象 event_desc_34925=因为扫描程序没有足够权限可读取对象，所以未扫描该对象	Threat Prevention
34926	event_name_34926=未扫描对象，因为文件大小超出了所配置的可扫描最大大小。 event_desc_34926=未扫描对象，因为文件大小超出了所配置的可扫描最大大小。	Threat Prevention
34928	event_name_34928=威胁防护误报缓解 event_desc_34928=威胁防护误报缓解	Threat Prevention
34935	event_name_34935=AMSI 检测到并阻止了脚本安全违规 event_desc_34935=AMSI 检测到并阻止了脚本安全违规	Threat Prevention
34936	event_name_34936=AMSI 检测到并删除了脚本安全违规 event_desc_34936=AMSI 检测到并删除了脚本安全违规	Threat Prevention
34937	event_name_34937=检测到脚本安全违规，AMSI 将阻止 event_desc_34937=检测到脚本安全违规，AMSI 将阻止	Threat Prevention
34938	event_name_34938=检测到脚本安全违规，AMSI 将删除 event_desc_34938=检测到脚本安全违规，AMSI 将删除	Threat Prevention
35000	event_name_35000=防火墙允许的流量 event_desc_35000=防火墙允许的流量	Firewall
35001	event_name_35001=检测到防火墙入侵行为且已处理 event_desc_35001=检测到防火墙入侵行为且已处理	Firewall
35002	event_name_35002=防火墙阻止的流量 event_desc_35002=防火墙阻止的流量	Firewall
35003	event_name_35003=Firewall 添加的适应性规则 event_desc_35003=Firewall 添加的适应性规则	Firewall
35009	event_name_35009=从 Mctray 禁用防火墙 event_desc_35009=从 Mctray 禁用防火墙	Firewall
35010	event_name_35010=从 McTray 启用防火墙时区组 event_desc_35010=从 McTray 启用防火墙时区组	Firewall
35011	event_name_35011=防火墙策略受损且已修复 event_desc_35011=防火墙策略受损且已修复	Firewall
35012	event_name_35012=防火墙策略已被新副本替换 event_desc_35012=防火墙策略已被新副本替换	Firewall
35100	event_name_35100=自适应威胁防护访问保护违规 event_desc_35100=自适应威胁防护访问保护违规	Threat Intelligence Exchange / ATP
35101	event_name_35101=自适应威胁防护误报缓解 event_desc_35100=自适应威胁防护目前Endpoint Security已撤销VirusScan定罪。	Threat Intelligence Exchange / ATP
35102	event_name_35102=自适应威胁防护将阻止 event_desc_35102=自适应威胁防护将阻止	Threat Intelligence Exchange / ATP
35103	event_name_35103=自适应威胁防护将允许 event_desc_35103=自适应威胁防护将允许	Threat Intelligence Exchange / ATP
35104	event_name_35104=自适应威胁防护阻止 event_desc_35104=自适应威胁防护阻止	Threat Intelligence Exchange / ATP
35105	event_name_35105=自适应威胁防护允许 event_desc_35105=自适应威胁防护允许	Threat Intelligence Exchange / ATP
35106	event_name_35106=自适应威胁防护将清理 event_desc_35106=自适应威胁防护将清理	Threat Intelligence Exchange / ATP
35107	event_name_35107=自适应威胁防护清理 event_desc_35107=自适应威胁防护清理	Threat Intelligence Exchange / ATP
35111	event_name_35111=Threat Intelligence Would Contain event_desc_35111=If Threat Intelligence module for Endpoint Security were enabled it would have contained this object.	Threat Intelligence Exchange / ATP
35112	event_name_35112=Threat Intelligence Contain event_desc_35112=Threat Intelligence module for Endpoint Security contained this object either by reputation.	Threat Intelligence Exchange / ATP
35113	event_name_35113=Threat Intelligence Would Release event_desc_35113=If Threat Intelligence module for Endpoint Security were enabled it would have released this object from containment.	Threat Intelligence Exchange / ATP
35114	event_name_35114=Threat Intelligence Release event_desc_35114=Threat Intelligence module for Endpoint Security released this object from containment.	Threat Intelligence Exchange / ATP
35116	event_name_35116=Adaptive Threat Protection Block Source event_desc_35116=Endpoint Security Adaptive Threat Protection blocked the execution of this object either by reputation or user prompt.	Threat Intelligence Exchange / ATP
35117	event_name_35117=Adaptive Threat Protection Would Block Source event_desc_35117=If Endpoint Security Adaptive Threat Protection was enabled, it would have blocked this object.	Threat Intelligence Exchange / ATP
37275	event_name_37275=Application contained event_desc_37275=Application contained	Threat Intelligence Exchange / ATP
37276	event_name_37276=Application released from containment event_desc_37276=Application released from containment	Threat Intelligence Exchange / ATP
37277	event_name_37277=Requester added to contained application event_desc_37277=Requester added to contained application	Threat Intelligence Exchange / ATP
37278	event_name_37278=Requester removed from contained application event_desc_37278=Requester removed from contained application	Threat Intelligence Exchange / ATP
37279	event_name_37279=Dynamic Application Containment violation blocked event_desc_37279=Dynamic Application Containment violation blocked	Threat Intelligence Exchange / ATP
37280	event_name_37280=Dynamic Application Containment violation allowed event_desc_37280=Dynamic Application Containment violation allowed	Threat Intelligence Exchange / ATP

返回顶部

免责声明

本文内容源于英文。如果英文内容与其翻译内容之间存在差异，应始终以英文内容为准。本文部分内容是使用 Microsoft 的机器翻译技术进行翻译的。

受影响的产品

语言:

此文章有以下语言版本：

Knowledge Center

事件日志的完整列表Endpoint Security

环境

摘要

免责声明

受影响的产品

语言:

Title

Title

Knowledge Center

事件日志的完整列表Endpoint Security

环境

摘要

免责声明

受影响的产品

语言:

选择您的区域

Title

Title