Application Control event list Application Control specific events with the name, event ID, severity, and the description are described in this table. Event names with a suffix (_UPDATE) indicate that events are generated in Update mode. Event ID (on systems) Threat event ID (on McAfee ePO) Event name Severity Description 19 20718 PROCESS_TERMINATED Major McAfee Solidifier prevented an attempt to hijack the process <string> (Process Id: <string>, User: <string>), by illegally calling the API '<string>'. The process was terminated. 20 20719 WRITE_DENIED Major McAfee Solidifier prevented an attempt to change file <string> by process/script <string> (sha1: <string> , md5: <string>, sha256: <string> ) (Process Id: <string>, User: <string>). 21 20720 EXECUTION_DENIED Major McAfee Solidifier prevented unauthorized execution of '<string>' (sha1: <string>, md5: <string>, sha256: <string>, File Type: <string>) by process <string> (Process Id:<string> , User: <string>) whose parent is process <string> , deny_reason : <string> (deny reason code: <string>) reputation score: <string>. 29 20728 PROCESS_TERMINATED_UNAUTH_SYSCALL Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized syscall %d (return address %d). The process was terminated. 30 20729 PROCESS_TERMINATED_UNAUTH_API Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized access to API <string> (return address <string>). The process was terminated 49 20748 REG_VALUE_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' with value '<string>' by process <string> (Process Id: <string>, User: <string>). 50 20749 REG_KEY_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' by process <string> (Process Id: <string>, User: <string>) 51 20750 REG_KEY_CREATED_UPDATE Info McAfee Solidifier detected creation of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 52 20751 REG_KEY_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 54 20753 REG_VALUE_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry value '<string>' under key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 57 20756 OWNER_MODIFIED_UPDATE Info McAfee Solidifier detected modification to OWNER of '<string>' by program <string> (User: <string>, Workflow Id: <string>). 61 20760 PROCESS_HIJACKED Major McAfee Solidifier detected an attempt to exploit process <string> (sha1: <string>, md5: <string>, sha256: <string>) from address <string>. 62 20761 INVENTORY_CORRUPT Critical McAfee Solidifier detected that its internal inventory for the volume <string> is corrupt. 75 20774 FILE_CREATED_UPDATE Info McAfee Solidifier detected creation of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 76 20775 FILE_DELETED_UPDATE Info McAfee Solidifier detected deletion of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 77 20776 FILE_MODIFIED_UPDATE Info McAfee Solidifier detected modification of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>) 79 20778 FILE_RENAMED_UPDATE Info McAfee Solidifier detected renaming of '<string>' to '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 80 20779 FILE_SOLIDIFIED Info <string>' was solidified which was created by program <string>(User: <string>, Workflow Id: <string>). 82 20781 FILE_UNSOLIDIFIED Info <string>' was unsolidified which was deleted by program <string>(User: <string>, Workflow Id: <string>). 89 20788 READ_DENIED Major McAfee Solidifier prevented an attempt to read file '<string>' by process <string> (Process Id: <string>, User: <string>). 96 20795 PKG_MODIFICATION_PREVENTED Critical McAfee Solidifier prevented package modification by '<string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'. 97 20796 PKG_MODIFICATION_ALLOWED_UPDATE Info McAfee Solidifier allowed package modification by <string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'. (Workflow Id: <string>). 98 20797 PKG_MODIFICATION_PREVENTED_2 Critical McAfee Solidifier prevented package modification by '<string>' by user: '<string>'. 99 20798 NX_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', SHA1: <string>, MD5: <string>, SHA256: <string>, User: '<string>'), by executing code from an address outside of code pages region. Faulting address '<string>'. The process was terminated. 101 20800 REG_VALUE_MODIFIED_UPDATE Info McAfeeSolidifier detected modification to registry value '<string>' of type '<string>' under key '<string>' by program '<string>' (User: <string>, Workflow Id: <string>), with data: <string> 103 20802 FILE_READ_UPDATE Info McAfee Solidifier detected read for '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>) 124 20823 INITIAL_SCAN_TASK_COMPLETED Info McAfee Solidifier Initial Scan task is complete and Application Control is enforced on the system now. 126 20825 ACTX_ALLOW_INSTALL Info McAfee Solidifier allowed installation of ActiveX <string> Workflow Id: <string> by user <string> 127 20826 ACTX_INSTALL_PREVENTED Major McAfee Solidifier prevented installation of ActiveX <string> Workflow Id: <string> by user <string> 129 20828 VASR_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', sha1: <string>, md5: <string>, sha256: <string>, User: <string>'), by executing code from non-relocatable dll '<string>'. Faulting address <string>. Target address '<string>'. 133 20832 LOCAL_CLI_ACCESS_DISABLED Major Local CLI has been disabled due to wrong password attempts and it can be recovered after <string> minutes. 134 20833 LOCAL_CLI_RECOVER_SUCCESS Info Local CLI successfully recovered. 135 20834 LOCAL_CLI_RECOVER_FAILED Info Failed to recover Local CLI. 136 20835 OBSERVED_FILE_EXECUTION Info McAfee Solidifier observed start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, Workflow Id: <mode>: AUTO_2, original_procname: <string> , parent_name = <string>) with command-line: '<string>'. 137 20836 PREVENTED_FILE_EXECUTION Major McAfee Solidifier blocked start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>) with command-line: '<string>'. 138 20837 INVENTORY_RECOVERED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup dated <string> is loaded. 139 20838 INVENTORY_RECOVER_FAILED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup could not be loaded. Review the system and perform solidification to create whitelist. 140 20839 BLOCKED_PROCESS_INTERACTIVE_MODE Critical McAfee Solidifier blocked process <string> in interactive mode. (Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>).
Application Control event list Application Control specific events with the name, event ID, severity, and the description are described in this table. Event names with a suffix (_UPDATE) indicate that events are generated in Update mode. Event ID (on systems) Threat event ID (on McAfee ePO) Event name Severity Description 19 20718 PROCESS_TERMINATED Major McAfee Solidifier prevented an attempt to hijack the process <string> (Process Id: <string>, User: <string>), by illegally calling the API '<string>'. The process was terminated. 20 20719 WRITE_DENIED Major McAfee Solidifier prevented an attempt to change file <string> by process/script <string> (sha1: <string> , md5: <string>, sha256: <string> ) (Process Id: <string>, User: <string>). 21 20720 EXECUTION_DENIED Major McAfee Solidifier prevented unauthorized execution of '<string>' (sha1: <string>, md5: <string>, sha256: <string>, File Type: <string>) by process <string> (Process Id:<string> , User: <string>) whose parent is process <string> , deny_reason : <string> (deny reason code: <string>) reputation score: <string>. 29 20728 PROCESS_TERMINATED_UNAUTH_SYSCALL Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized syscall %d (return address %d). The process was terminated. 30 20729 PROCESS_TERMINATED_UNAUTH_API Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized access to API <string> (return address <string>). The process was terminated 49 20748 REG_VALUE_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' with value '<string>' by process <string> (Process Id: <string>, User: <string>). 50 20749 REG_KEY_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' by process <string> (Process Id: <string>, User: <string>) 51 20750 REG_KEY_CREATED_UPDATE Info McAfee Solidifier detected creation of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 52 20751 REG_KEY_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 54 20753 REG_VALUE_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry value '<string>' under key '<string>' by program <string> (User: <string>, Workflow Id: <string>). 57 20756 OWNER_MODIFIED_UPDATE Info McAfee Solidifier detected modification to OWNER of '<string>' by program <string> (User: <string>, Workflow Id: <string>). 61 20760 PROCESS_HIJACKED Major McAfee Solidifier detected an attempt to exploit process <string> (sha1: <string>, md5: <string>, sha256: <string>) from address <string>. 62 20761 INVENTORY_CORRUPT Critical McAfee Solidifier detected that its internal inventory for the volume <string> is corrupt. 75 20774 FILE_CREATED_UPDATE Info McAfee Solidifier detected creation of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 76 20775 FILE_DELETED_UPDATE Info McAfee Solidifier detected deletion of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 77 20776 FILE_MODIFIED_UPDATE Info McAfee Solidifier detected modification of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>) 79 20778 FILE_RENAMED_UPDATE Info McAfee Solidifier detected renaming of '<string>' to '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>). 80 20779 FILE_SOLIDIFIED Info <string>' was solidified which was created by program <string>(User: <string>, Workflow Id: <string>). 82 20781 FILE_UNSOLIDIFIED Info <string>' was unsolidified which was deleted by program <string>(User: <string>, Workflow Id: <string>). 89 20788 READ_DENIED Major McAfee Solidifier prevented an attempt to read file '<string>' by process <string> (Process Id: <string>, User: <string>). 96 20795 PKG_MODIFICATION_PREVENTED Critical McAfee Solidifier prevented package modification by '<string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'. 97 20796 PKG_MODIFICATION_ALLOWED_UPDATE Info McAfee Solidifier allowed package modification by <string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'. (Workflow Id: <string>). 98 20797 PKG_MODIFICATION_PREVENTED_2 Critical McAfee Solidifier prevented package modification by '<string>' by user: '<string>'. 99 20798 NX_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', SHA1: <string>, MD5: <string>, SHA256: <string>, User: '<string>'), by executing code from an address outside of code pages region. Faulting address '<string>'. The process was terminated. 101 20800 REG_VALUE_MODIFIED_UPDATE Info McAfeeSolidifier detected modification to registry value '<string>' of type '<string>' under key '<string>' by program '<string>' (User: <string>, Workflow Id: <string>), with data: <string> 103 20802 FILE_READ_UPDATE Info McAfee Solidifier detected read for '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>) 124 20823 INITIAL_SCAN_TASK_COMPLETED Info McAfee Solidifier Initial Scan task is complete and Application Control is enforced on the system now. 126 20825 ACTX_ALLOW_INSTALL Info McAfee Solidifier allowed installation of ActiveX <string> Workflow Id: <string> by user <string> 127 20826 ACTX_INSTALL_PREVENTED Major McAfee Solidifier prevented installation of ActiveX <string> Workflow Id: <string> by user <string> 129 20828 VASR_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', sha1: <string>, md5: <string>, sha256: <string>, User: <string>'), by executing code from non-relocatable dll '<string>'. Faulting address <string>. Target address '<string>'. 133 20832 LOCAL_CLI_ACCESS_DISABLED Major Local CLI has been disabled due to wrong password attempts and it can be recovered after <string> minutes. 134 20833 LOCAL_CLI_RECOVER_SUCCESS Info Local CLI successfully recovered. 135 20834 LOCAL_CLI_RECOVER_FAILED Info Failed to recover Local CLI. 136 20835 OBSERVED_FILE_EXECUTION Info McAfee Solidifier observed start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, Workflow Id: <mode>: AUTO_2, original_procname: <string> , parent_name = <string>) with command-line: '<string>'. 137 20836 PREVENTED_FILE_EXECUTION Major McAfee Solidifier blocked start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>) with command-line: '<string>'. 138 20837 INVENTORY_RECOVERED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup dated <string> is loaded. 139 20838 INVENTORY_RECOVER_FAILED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup could not be loaded. Review the system and perform solidification to create whitelist. 140 20839 BLOCKED_PROCESS_INTERACTIVE_MODE Critical McAfee Solidifier blocked process <string> in interactive mode. (Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>).