Skip Navigation

CylancePROTECT Desktop
application control

This option is only visible to users who have the application control feature enabled. Application control events represent actions occurring when the device is in application control mode. Selecting this option will send a message to the syslog server whenever an attempt is made to modify or copy an executable file, or when an attempt is made to execute a file from an external device or network location.
Field
Value
Description
Action
Allow
The event was allowed.
Deny
The event was denied.
Action Type
Execution
An attempt to execute a file from the local drive was detected.
ExecutionFromExternalDrive
An attempt to execute from an external drive or USB drive was detected.
PEFileChange
An attempt to change a portable executable file on the file system was detected. This includes copying files onto the file system.
Unknown
The action type could not be determined.
Device Name
[varies]
This is the name of the device.
Event Name
Execution
An attempt to execute a file from a local drive was detected.
ExecutionFromExternalDrive
An attempt to execute from an external drive or USB drive was detected.
PEFileChange
An attempt to change a portable executable file on the file system was detected. This includes copying files onto the file system.
Unknown
The event name could not be determined.
Event Type
AppControl
This is an application control event.
File Path
[varies]
This is the path to the file.
IP Address
[varies]
This is the IP address for the device. Multiple IP addresses are comma separated values.
SHA256
[varies]
This is the SHA256 hash for the file.
Zone Names
[varies]
These are the zones that the device belongs to.
Denying portable executable file changes
BlackBerry Protect Desktop: Event Type: AppControl, Event Name: pechange, Device Name: WIN-7entSh64, IP Address: (192.168.119.128), Action: PEFileChange, Action Type: Deny, File Path: C:\Users\admin\AppData\Local\Temp\MyInstaller.exe, SHA256: 04D4DC02D96673ECA9050FE7201044FDB380E3CFE0D727E93DB35A709B45EDAA), Zone Names: (Script Test,Server Test)
Denying executions from an internal device
BlackBerry Protect Desktop: Event Type: AppControl, Event Name: executionfromexternaldrives, Device Name: WIN-7entSh64, IP Address: (192.168.119.128), Action: PEFileChange, Action Type: Allow, File Path: \\shared1\psexec.exe, SHA256: F8DBABDFA03068130C277CE49C60E35C029FF29D9E3C74C362521F3FB02670D5), Zone Names: (Script Test,Server Test)