Information on running applications which meet corresponding rules in the Behavior Blocking / Applications section is stored in the Behavior log. The Log to Behavior log option must be enabled for a particular rule to enable the log.
The Behavior log provides the following information:
Line — log line number
Count — number of identical records
Date — date and time when the event was logged
Operation — operation type:
starting — the application is starting
starting modified — executable file of the application has been changed
launching other — the application is launching another application
Application — application name (with respect to the Displayed application name parameter)
Subject — this item represents name of an application started by the original application (with respect to the Displayed application name parameter)
Action — action which was taken:
permitted — running the application has been permitted
denied — running the application has been denied
asked → permitted — user was asked through the Starting/Replacing application dialog and start of the application has been permitted
asked → denied — user was asked through the Starting/Replacing/Launching other application dialog and start of the application has been denied