File Events

File Events pane captures and summarizes Anti-Executable events in the context of a file. Files that need to be reviewed by the administrator are in bold.

Actions: Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Reported Policy Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

The table has the following fields:

• Event Type – The following Event types are shown:

  • Unknown File Allowed – a file that is not defined in Policy Control List or Local Control List, but is allowed to execute in Audit mode or Unknown File is set to Allow in Policy Settings.

  • Unknown File Blocked – a file that is not defined in Policy Control List or Local Control List, or Unknown File is set to Block in Policy Settings.

  • Block Override – a file that is defined as Blocked in Policy Control List but is allowed to run since Anti-Executable is running in Audit mode with Policy Control List settings not enforced.

  • Control List Blocked – this event is logged when a file that is specified as Blocked in Policy Control List or Local Control List tries to execute and is blocked by Anti-Executable.

  • Add – Maintenance Mode – this event is logged when a new file is added on a computer and it is not defined or present in Local Control List or Policy Control List.

• Add – AE Admin – An unknown file that gets blocked but an AE Admin chooses to add it to local client side file exceptions.

• Name

• Details

• Product Name

• Count

• On Computers

• In Policy

• Groups

• Actions

• Action Taken