Process Detail

This report gives details about a specific process control event. Only processes that match rules in Workstyles are displayed.

There is an Advanced view available with this report, which is available from the Filters dropdown. The Advanced view shows you the full set of columns available in the database.

  • Start Time: The start time of the event
  • Platform: The platform that the events came from
  • Description: The description of a specific application
  • Publisher: The publisher of a specific application
  • Application Type: The type of application
  • File Name: The name of the file, where applicable
  • Command Line: The command line path of the file, if applicable
  • Product Name: The product name, where applicable
  • Trusted Application Name: The name of the trusted application
  • Trusted Application Version: The version of the trusted application
  • Product Version: The version of the product of applicable
  • Group Policy Object: The Group Policy object, if applicable
  • Workstyle: The Workstyle containing the rule that triggered the event
  • Message: Any message associated with the event
  • Action: Any action associated with the event
  • Application Group: The Application Group that the application that triggered the event belongs to
  • PID: The operating system process identifier
  • Parent PID: The operating system process identifier of the parent process
  • Parent Process File Name: The name of the parent process
  • Shell/Auto: Whether the process was launched using the shell Run with Endpoint Privilege Management option or by normal means (opening an application)
  • UAC Triggered: Whether or not Windows UAC was triggered
  • Admin Rights Detected: Whether or not admin rights was detected
  • User Name: The user name that triggered the event
  • Host Name: The host name where the event was triggered
  • Rule Script File Name: The name of the Rule Script (Power Rule) that ran
  • Rule Script Affected Rule: True when the Rule Script (Power Rule) changed one or more of the default Endpoint Privilege Management for Windows rules
  • User Reason: The reason given by the user, if applicable
  • COM Display Name: The display name of the COM, if applicable
  • Source URL: The source URL, if applicable
  • Auth Methods: The type of authentication method selected in the Policy Editor. Multiple values can be present and will be comma separated. Possible values: Identity Provider, Password, Challenge Response, Smart Card, and User Request.
  • Idp Authentication User Name: The credential provided when adding an Identity Provider authorization message in the Policy Editor.

Export Events to CSV File

The number of items that can be displayed at one time might be limited by the browser display. Use Export to CSV to save the items to a CSV file.

Enter number of rows to save to the CSV file in EPM.

On a report page where Export to CSV is available, you must select the filter Row Count for Export (Max 5M), and then enter the number of rows to include in the CSV file.

All filters are saved to the file.