Application Control event list

Application Control specific events with the name, event ID, severity, and the description are described in this table.

Event names with a suffix (_UPDATE) indicate that events are generated in Update mode.

Event ID (on systems) Threat event ID (on McAfee ePO) Event name Severity Description
19 20718 PROCESS_TERMINATED Major McAfee Solidifier prevented an attempt to hijack the process <string> (Process Id: <string>, User: <string>), by illegally calling the API '<string>'. The process was terminated.
20 20719 WRITE_DENIED Major McAfee Solidifier prevented an attempt to change file <string> by process/script <string> (sha1: <string> , md5: <string>, sha256: <string> ) (Process Id: <string>, User: <string>).
21 20720 EXECUTION_DENIED Major McAfee Solidifier prevented unauthorized execution of '<string>' (sha1: <string>, md5: <string>, sha256: <string>, File Type: <string>) by process <string> (Process Id:<string> , User: <string>) whose parent is process <string> , deny_reason : <string> (deny reason code: <string>) reputation score: <string>.
29 20728 PROCESS_TERMINATED_UNAUTH_SYSCALL Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized syscall %d (return address %d). The process was terminated.
30 20729 PROCESS_TERMINATED_UNAUTH_API Major McAfee Solidifier prevented process <string>, run by <string>, from making unauthorized access to API <string> (return address <string>). The process was terminated
49 20748 REG_VALUE_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' with value '<string>' by process <string> (Process Id: <string>, User: <string>).
50 20749 REG_KEY_WRITE_DENIED Major McAfee Solidifier prevented an attempt to change Registry key '<string>' by process <string> (Process Id: <string>, User: <string>)
51 20750 REG_KEY_CREATED_UPDATE Info McAfee Solidifier detected creation of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>).
52 20751 REG_KEY_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry key '<string>' by program <string> (User: <string>, Workflow Id: <string>).
54 20753 REG_VALUE_DELETED_UPDATE Info McAfee Solidifier detected deletion of registry value '<string>' under key '<string>' by program <string> (User: <string>, Workflow Id: <string>).
57 20756 OWNER_MODIFIED_UPDATE Info McAfee Solidifier detected modification to OWNER of '<string>' by program <string> (User: <string>, Workflow Id: <string>).
61 20760 PROCESS_HIJACKED Major McAfee Solidifier detected an attempt to exploit process <string> (sha1: <string>, md5: <string>, sha256: <string>) from address <string>.
62 20761 INVENTORY_CORRUPT Critical McAfee Solidifier detected that its internal inventory for the volume <string> is corrupt.
75 20774 FILE_CREATED_UPDATE Info McAfee Solidifier detected creation of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>).
76 20775 FILE_DELETED_UPDATE Info McAfee Solidifier detected deletion of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>).
77 20776 FILE_MODIFIED_UPDATE Info McAfee Solidifier detected modification of '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>)
79 20778 FILE_RENAMED_UPDATE Info McAfee Solidifier detected renaming of '<string>' to '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>).
80 20779 FILE_SOLIDIFIED Info <string>' was solidified which was created by program <string>(User: <string>, Workflow Id: <string>).
82 20781 FILE_UNSOLIDIFIED Info <string>' was unsolidified which was deleted by program <string>(User: <string>, Workflow Id: <string>).
89 20788 READ_DENIED Major McAfee Solidifier prevented an attempt to read file '<string>' by process <string> (Process Id: <string>, User: <string>).
96 20795 PKG_MODIFICATION_PREVENTED Critical McAfee Solidifier prevented package modification by '<string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'.
97 20796 PKG_MODIFICATION_ALLOWED_UPDATE Info McAfee Solidifier allowed package modification by <string>'(sha1: <string>, md5: <string>, sha256: <string>) by user: '<string>'. (Workflow Id: <string>).
98 20797 PKG_MODIFICATION_PREVENTED_2 Critical McAfee Solidifier prevented package modification by '<string>' by user: '<string>'.
99 20798 NX_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', SHA1: <string>, MD5: <string>, SHA256: <string>, User: '<string>'), by executing code from an address outside of code pages region. Faulting address '<string>'. The process was terminated.
101 20800 REG_VALUE_MODIFIED_UPDATE Info McAfeeSolidifier detected modification to registry value '<string>' of type '<string>' under key '<string>' by program '<string>' (User: <string>, Workflow Id: <string>), with data: <string>
103 20802 FILE_READ_UPDATE Info McAfee Solidifier detected read for '<string>' by program <string> (User: <string>, Original User: <string>, Workflow Id: <string>)
124 20823 INITIAL_SCAN_TASK_COMPLETED Info McAfee Solidifier Initial Scan task is complete and Application Control is enforced on the system now.
126 20825 ACTX_ALLOW_INSTALL Info McAfee Solidifier allowed installation of ActiveX <string> Workflow Id: <string> by user <string>
127 20826 ACTX_INSTALL_PREVENTED Major McAfee Solidifier prevented installation of ActiveX <string> Workflow Id: <string> by user <string>
129 20828 VASR_VIOLATION_DETECTED Critical McAfee Solidifier prevented an attempt to hijack the process '<string>' (Process Id: '<string>', sha1: <string>, md5: <string>, sha256: <string>, User: <string>'), by executing code from non-relocatable dll '<string>'. Faulting address <string>. Target address '<string>'.
133 20832 LOCAL_CLI_ACCESS_DISABLED Major Local CLI has been disabled due to wrong password attempts and it can be recovered after <string> minutes.
134 20833 LOCAL_CLI_RECOVER_SUCCESS Info Local CLI successfully recovered.
135 20834 LOCAL_CLI_RECOVER_FAILED Info Failed to recover Local CLI.
136 20835 OBSERVED_FILE_EXECUTION Info McAfee Solidifier observed start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, Workflow Id: <mode>: AUTO_2, original_procname: <string> , parent_name = <string>) with command-line: '<string>'.
137 20836 PREVENTED_FILE_EXECUTION Major McAfee Solidifier blocked start of '<string>'(Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>) with command-line: '<string>'.
138 20837 INVENTORY_RECOVERED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup dated <string> is loaded.
139 20838 INVENTORY_RECOVER_FAILED Critical McAfee Solidifier has detected that the inventory for volume <string> is corrupt. The backup could not be loaded. Review the system and perform solidification to create whitelist.
140 20839 BLOCKED_PROCESS_INTERACTIVE_MODE Critical McAfee Solidifier blocked process <string> in interactive mode. (Process Id: <string>, sha1: <string>, md5: <string>, sha256: <string>, User: <string>, original_procname: <string>, parent_name = <string>).