Can someone give me a quick refresher on Object Name vs Program Name? Is it Object called the Program Name, or Program calls up the Object Name? Example output from my query:
Program Name | Object Name | Event Name |
C:\Windows\System32\services.exe | C:\Windows\System32\dns.exe | EXECUTION_DENIED |
I reached out to my McAfee Solidcore expert and this is what he told me. Just an FYI for anyone else out there...
In your example the program is what called the object. It’s the object that is related to the event name. In this case, dns.exe was denied from running.
This can change depending on the type of event. In the case you posted here were an executable is denied permissions to run the log file will show the process that tried to launch the exe and the path to the exe.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA