question

Nowtside-5323 avatar image
0 Votes"
Nowtside-5323 asked HannahXiong-MSFT commented

Event for stopping the Application Identity service?

When i stop this service i get no events in event viewer. Im looking for a way to log when this service stops so i can attach a task to the event. Is there any way to do this?

windows-10-general
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Nowtside-5323,

Good day!


I would like to know how things are going on your end. If you have any other questions or concerns, please don't hesitate to let me know.


It's my pleasure to be of assistance. Thanks.


Best regards,
Hannah Xiong

0 Votes 0 ·

I havent found any solutions yet but it seems like they dont exist. From what i have read and heard from others there is no event for the Applocker service and this is somewhat of a known issue.

0 Votes 0 ·

Hello @Nowtside-5323,

Thank you so much for your feedback.

So sorry that I could not provide more professional suggestion about our issue. Thanks a lot for all your efforts on trying to figure out this issue.

If there is any other question or concern, welcome to post here again. I appreciate your understanding and support.

Best regards,
Hannah Xiong

0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered Nowtside-5323 commented

Hello @Nowtside-5323,

Thanks for posting here.

We could kindly check whether the below information could be of some help.

https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

https://www.pcwdld.com/monitor-windows-services-via-powershell

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

For any question or concern, welcome to post here.

Best regards,
Hannah Xiong

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Nowtside-5323,

Hope you are doing well.

May I know if the provided information is helpful. I am checking how the issue is going. If you still have any question, please feel free to let us know.

Thanks and have a wonderful day.

Best regards,
Hannah Xiong

0 Votes 0 ·

Unfortunately the issue remains unsolved. I just need a event when i stop the Application Identity service but it doesn't seem to exist

0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered Nowtside-5323 commented

Hello @Nowtside-5323,

Thank you so much for your kindly reply.

I did the tests. When I start the Application Identity service, there will be event 7036 recorded in the SYSTEM event. While when I stop this service, there will also be event 7036 recorded.

109204-image.png

Is this the event we need? For any question, please feel free to let me know.


Best regards,
Hannah Xiong



image.png (69.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the help. This is the event im looking for if it is specific for applocker but i cant find it in my windows 10 1809 after stopping and starting the service. Is this event perhaps only for Windows servers?

0 Votes 0 ·
HannahXiong-MSFT avatar image
0 Votes"
HannahXiong-MSFT answered

Hello @Nowtside-5323,

You are welcome. Thanks for your kindly reply.

So sorry that I am not professional with applocker. Besides, sorry that I am not clearly understand our requirement. To view the AppLocker log in event viewer, we could refer to this documentation.

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker

Thanks you for your understanding and support.


Best regards,
Hannah Xiong

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.