Custom Script Auditing

When an application is allowed, elevated, or blocked, Endpoint Privilege Management for Windows logs an event to the Application Eventlog to record details of the action. If you want to record the action in a bespoke or third-party tracking system that supports PowerShell, VBScript, or JScript based submissions, you can use the Run a Script setting within an Application Rule.

To add an existing auditing script to an Application Rule:

1. Create a new or edit an existing Application Rule within a Workstyle.
2. In Run a Script, click on the dropdown menu, and select your custom script. If you can't change this value you need to create a custom script first.
3. Click OK to save the Application Rule.

If you have any existing scripts, you can select them in the dropdown menu.

The auditing script supports the use of parameters within the script. Parameters are expanded using the COM interface PGScript.

strUserName = PGScript.GetParameter("[PG_USER_NAME]")
strCommandLine = PGScript.GetParameter("[PG_PROG_CMD_LINE]")
strAgentVersion = PGScript.GetParameter("[PG_AGENT_VERSION]")

Scripts created in the script editor can be reused in multiple Application Rules and On-Demand Application Rules. Any modification to an existing script affects all Workstyle rules that have been configured to execute that script.