When WSA detects a malicious file, does a record show up in the windows event log?
I would like to setup a scheduled task that occurs when a malicious file is detected. Any idea how this could be performed?
Page 1 / 1
Hi nxte
Welcome to the Community Forums.
I do not think that WSA logs such activity in the Windows Event Log and I do not see a reason as to why it should as it is not a WIndows Event. It does log this in it in the WSA Threat Log but I suspect that this is of no use to you unless you are able to produce a program that can read the Log file and then action something when such an event is noted as recorded.
Regards, Baldrick
Welcome to the Community Forums.
I do not think that WSA logs such activity in the Windows Event Log and I do not see a reason as to why it should as it is not a WIndows Event. It does log this in it in the WSA Threat Log but I suspect that this is of no use to you unless you are able to produce a program that can read the Log file and then action something when such an event is noted as recorded.
Regards, Baldrick
I understand WSA is not a native windows application, but windows does allow you to register an application as a security event source.
'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "
This would then make it easier to setup scheduled tasks or dump information into a SEIM.
'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "
This would then make it easier to setup scheduled tasks or dump information into a SEIM.
Hi nxte
Well, that is interesting but if you would like to see if you can get this into the product than the best bet is to wander over the to the Feature Request forum (or from the top of any Community page) and open a new Feature Request, so that users can review, comment and if they would like to support your idea with kudos. The Development Team regulalrly review the requests and this by far the best way to get attention on your requirement.
Regards, Baldrick
Well, that is interesting but if you would like to see if you can get this into the product than the best bet is to wander over the to the Feature Request forum (or from the top of any Community page) and open a new Feature Request, so that users can review, comment and if they would like to support your idea with kudos. The Development Team regulalrly review the requests and this by far the best way to get attention on your requirement.
Regards, Baldrick
Thanks for the tip!
You are most welcome...good luck with the feature request. ;)
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.