Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 15743 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application control - how to identify specific client with Controlled Application?

NTSys

We've enabled Application Control in "Detect but allow to run" mode for pretty much everything to get a feel for what is out there - this has created a lot of events. Reporting "Alerts and events by item name" shows some applications that we want to investigate, but how can we drill down to see which client has raised a particular application event?

I had hoped I could create an SQL query but the database doesn't seem to have any Application Control tables...

:10965


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    You should be able to use the Application Event Viewer to filter on this data to some degree but it is only "application type".  
    It is worth noting that you can use the * wild card in the "User" and "Computer" fields.
    Otherwise the Reporting Interface might be worth a look:
    /search?q= 8285
    to get at this sort of info from the database directly.  E.g the view: "vEventsApplicationControlData" joined on the "vComputerHostData" view.  I included a basic HTA in the above post which might be useful once you've installed the Reporting Interface into the database.

    Regards,
    Jak
    :11001
Reply
  • 0

    Hi,

    You should be able to use the Application Event Viewer to filter on this data to some degree but it is only "application type".  
    It is worth noting that you can use the * wild card in the "User" and "Computer" fields.
    Otherwise the Reporting Interface might be worth a look:
    /search?q= 8285
    to get at this sort of info from the database directly.  E.g the view: "vEventsApplicationControlData" joined on the "vComputerHostData" view.  I included a basic HTA in the above post which might be useful once you've installed the Reporting Interface into the database.

    Regards,
    Jak
    :11001
Children
No Data
Unfiltered HTML