You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

18: List of PolicyPak Event Categories and IDs

Remote Work Delivery Manager

Feature Manager

Least Privilege Manager

Least Privilege Manager MacOS

Java Rules Manager

Browser Router

Device Manager

Network Security Manager

PolicyPak Cloud Client

Global Event Ranges

Event IDs

Description

100-199

Events related to policy processing, and specifically Group Policy processing.

200-299

General events, such as errors that don't belong to any other category.

300-599

Product-specific events, such as errors that don't belong to any other category.

600-9999

Events related to operational activities, such as allowing, blocking or elevating a process

Policy Processing (100-199)

100. Policies refreshed successfully

Description: Processed Group Policy successfully.
Message: Policies for %1 have been refreshed successfully. Flags: %2. Elapsed: %3. Message ID: %4
Severity: Informational

102. Policy refresh failed

Description: Failed to process Group Policy.
Message: Couldn't refresh policies for %1. Cause: %2. Flags: %2. Elapsed: %4. Message ID: %5
Severity: Error

104. Product is not supported on this OS.

Description: One of the products is not supported on this OS build and can’t be loaded.
Message: Product is not supported on this OS. Minimum version: %1.%2, SP: %3, Build: %4.

Severity: Informational

105. Product is not supported on this OS.

Description: One of the products is not supported on this OS build and can’t be loaded.
Message: Product is not supported on this OS. Maximum version: %1.%2, SP: %3, Build: %4..

Severity: Informational

General (200-299)

200. Couldn't send a message to the service

Description: Some component failed to communicate with PPExtensionService. This usually indicates a bug (e.g., the service has crashed).
Message: Couldn't send a message to the service. Cause: %1
Severity: Error

201. The service has been disabled by Administrator

Description: Some component failed to communicate with PPExtensionService because the service is disabled.
Message: The service has been disabled by Administrator!
Severity: Warning

202. Couldn't start the service

Description: Some component failed to communicate with PPExtensionService because it wasn't running (has probably crashed). When the component tried to start the service, it failed.
Message: Couldn't start the service. Error code: %1
Severity: Error

203. Starting the service

Description: Some component failed to communicate with PPExtensionService because it wasn't running (has probably crashed). When the component tried to start the service, it succeeded.
Message: Starting the service...
Severity: Informational

230. Licenses found on the machine are all valid.

Description: All of the licenses on the machine are valid.
Message: The following licenses have been found on this machine.

%1%0

Severity: Informational

231. Licenses found on the machine are not all valid.

Description: Some of the licenses on the machine are invalid.
Message: The following licenses have been found on this machine, and there is a problem with one or more of them.

%1%0

Severity: Warning

232. Licenses were not found on the machine.

Description: No license was found on the machine.
Message:There is no PolicyPak license found on this machine.

%1%0

Severity: Warning

233. Licenses were not found on the machine.

Description: No license was found on the machine.
Message:The computers license for PolicyPak has become unavailable or this computer has become unlicensed.  

%1%0

Severity: Warning

801. Join status report.

Description: Join status report for this computer.
Message:This machine join status is shown below

%1%0

Severity: Informational

Operational Events

                                                                                                                                                                                                                                                                   

Event ID

Description

PolicyPak Remote Work Delivery Manager

300

The system will reboot to complete installation of Windows Features.

301

The system reboot is pending.

500

Bits became unavailable.

501

The Background Intelligent Transfer Service is stopped.

505

The Background Intelligent Transfer Service has been disabled by Administrator.

510

Bits became available.

600

SMB job is created.

601

SMB job gets a temp error.

602

SMB job temp error details.

603

SMB job fails with error.

604

SMB job error details.

605

SMB job is completed.

606

SMB revert job is created.

607

SMB revert job gets a temp error.

608

SMB revert job temp error details.

609

SMB revert job fails with error.

610

SMB revert job error details.

611

SMB revert job fails with error.

700

HTTP job is created.

701

HTTP job gets a temp error.

702

HTTP job temp error details.

703

HTTP job fails with error.

704

HTTP job error details.

705

HTTP job is completed.

706

HTTP revert job is created.

707

HTTP revert job gets a temp error.

708

HTTP revert job temp error details.

709

HTTP revert job fails with error.

710

HTTP revert job error details.

711

HTTP revert job is completed.

PolicyPak Feature Manager for Windows

600

Windows Feature is being installed.

601

Installing Windows Feature was canceled.

602

Windows Feature was installed.

603

Installing Windows Feature progress.

604

Installing Windows Feature failed.

650

Windows Feature is being removed.

651

Removing Windows Feature was canceled.

652

Windows Feature was removed.

653

Removing Windows Feature progress.

654

Removing Windows Feature failed.

700

Optional Feature is being installed.

701

Installing Optional Feature was canceled.

702

Installing Optional Feature was completed.

703

Installing Optional Feature progress

704

Installing Optional Feature failed.

750

Optional Feature is being removed.

751

Removing Optional Feature was canceled.

752

Removing Optional Feature was completed.

753

Removing Optional Feature progress

754

Removing Optional Feature failed.

PolicyPak Least Privilege Manager

1000

A process has been allowed to run by a rule.

1001

A process has been allowed to run by a rule inherited from parent process.

1002

An AppX package (UWP app) has been allowed to run by a rule.

1003

A DLL has been allowed by a rule

1010

Access to a resource has been granted

1020

A process has been allowed to run by an on-demand rule.

1021

A process has been allowed to run by an on-demand rule inherited from parent process.

1022

A COM object has been allowed by a rule

1023

An ActiveX installer has been allowed by a rule

1100

A process has been forced to run with a limited token by a rule.

1101

A process has been forced to run with a limited token by a rule inherited from parent process.

1120

A process has been forced to run with a limited token by an on-demand rule.

1121

A process has been forced to run with a limited token by an on-demand rule inherited from parent process.

1200

A process has been elevated by a rule.

1201

A process has been elevated by a rule inherited from parent process.

1202

A  COM object has been elevated by a rule

1203

An  ActiveX installer has been elevated by a rule

1220

A process has been elevated by an on-demand rule.

1221

A process has been elevated by an on-demand rule inherited from parent process.

1300

A process has been allowed to run with custom security settings.

1301

A process has been allowed to run with custom security settings inherited from parent process.

1320

A process has been allowed to run with custom security settings by an on-demand rule.

1321

A process has been allowed to run with custom security settings by an on-demand rule inherited from parent process.

2000

A process has been blocked by a rule.

2002

An AppX package (UWP app) has been blocked by a rule.

2003

A DLL has been blocked by a rule

2010

A process has been blocked by SecureRun.

2011

A process has been blocked repeatedly

6200

AUDIT: Process runs elevated.

6205

AUDIT: Process requires elevation.

6206

A COM object requires elevation

6207

An ActiveX installer requires elevation

6210

AUDIT: Process is untrusted and would have been blocked by SecureRun.

6215

Executable is unsigned and would have been blocked by SecureRun

6300

AA prompt is displayed because a process requires admin privileges.

6301

AA prompt is displayed because a process is blocked by SecureRun.

6302

AA prompt is displayed because user right-clicked on a file and selected Run with PolicyPak.

6303

A COM object requires administrator privileges

6304

An ActiveX installer requires administrator privileges

6310

Correct Response Code provided in AA prompt.

6311

Response code verified for COM Object

6312

Response code verified for an ActiveX installer

6315

Alternate Admin Credentials provided in AA prompt.

6316

COM object elevation approved with Admin credentials

6317

An ActiveX installer elevation was approved with admin credentials

6320

AA prompt has been cancelled.

6321

COM object AA  prompt has been cancelled.

6322

ActiveX installer AA prompt has been cancelled.

6330

Incorrect Response Code provided in AA prompt.

6331

Incorrect Response Code provided in COM object AA prompt.

6332

Incorrect Response Code provided in ActiveX installer AA prompt.

6400

Process elevated with self elevation

6401

Process elevated with self elevation (with justification text)

6402

Self Elevate mode ALLOWED vs NOT ALLOWED list

6403

A COM object elevated with self elevation

6404

A COM object elevated with self elevation (with justification text)

6500

Process has been elevated as SecureCopy

6501

Process has been elevated by a SecureCopy rule inherited from parent process

6500

A process has been elevated as SecureCopy.

6501

A process has been elevated by a SecureCopy rule inherited from parent process.

12300

Process is configured to start with Netwrix Privilege Secure credentials (matching rule was found)

12310

NPS actvity session is started. Process has been restarted with user credentials provided by Netwrix Privilege Secure server

12312

NPS activity session is extended

12313

NPS activity session is stopped

12320

NPS client dialog canceled

12330

User successfully signed in with NPS

Least Privilege Manager MacOS

1000

The application is allowed to run by policy

supported

1001

Package installation is allowed by policy

supported

1002

SUDO command is allowed by policy

supported

1003

Preferences allowed by policy

supported

1101

Package installation has been elevated by policy

supported

1102

SUDO command has been elevated by policy

supported

1103

Preferences has been elevated by policy

supported

1200

A application has been blocked by a policy

supported

1201

Package install has been blocked by a policy

supported

1202

SUDO command has been blocked by a policy

supported

1203

Preferences has been blocked by a policy

supported

2000

Administrator approval is required to run the application

supported

2100

Administrator approval is required to allow application to run by response code

supported

2104

Administrator approval is required to allowing the parent process to run the application using the response code.

supported

2200

Administrator approval to run the application has been revoked

supported

2300

The administrator approval response code for launching the application with administrator approval has been verified

supported

2400

Incorrect administrator approval response code for application launch

supported

PolicyPak Java Rules Manager

8021

PPJER policy has been changed

8022

PPJER policy has been removed

PolicyPak Browser Router

9001

Couldn't send message to PolicyPak Helper Service. Cause: PolicyPak Helper Service was not in a started state.

9002

An exception occurred while processing a request from a PolicyPak Browser Router extension.

PolicyPak Device Manager

10000

Access to the device has been blocked due to PolicyPak Device Manager Rule

10001

Access to the device was granted by policies

PolicyPak Network Security Manager

10300

Access to the network connection was granted by policies

10301

Access to the network connection was granted by policies

PolicyPak Cloud Client

11001

Netwrix PolicyPak Cloud Client is starting/stopping

11002

Netwrix PolicyPak Cloud Client has been started/stopped or failed to start/stop

11003

Netwrix PolicyPak product ( PPC Client or CSE) is being installed/updated

11004

Netwrix PolicyPak product ( PPC Client or CSE) installation/update has been completed or failed

11005

Customer certificate backup/restore activity

11006

Netwrix PolicyPak Cloud Client registration in progress

11007

Netwrix PolicyPak Cloud Client registration has been completed or failed

11008

Netwrix PolicyPak Cloud Client unregistration in progress

11009

Netwrix PolicyPak Cloud Client unregistration has been completed or failed

11010

Netwrix PolicyPak Cloud Client sync in progress

11011

Netwrix PolicyPak Cloud Client sync has been completed or failed

11012

Netwrix PolicyPak Product (PPC Client or CSE) is being uninstalled

11013

Netwrix PolicyPak product (PPC Client or CSE) uninstallation has been completed or failed

11014

Event Collector activity

  • 1145
  • 30-Apr-2024
  • 3076 Views