Learn what to do when events being monitored are triggered by non-malicious applications.
Event Monitoring provides a more generic approach to protecting against unauthorized software and malware attacks. It monitors system areas for certain events, allowing administrators to regulate programs that trigger such events.
These are the events that can be monitored:
- Duplicated System File
- Hosts File Modification
- Suspicious Behavior
- New Internet Explorer Plugin
- Internet Explorer Setting Modification
- Security Policy Modification
- Program Library Injection
- Shell Modification
- New Service
- System File Modification
- Firewall Policy Modification
- System Process Modification
- New Startup Program
For more information regarding the events and the actions, please visit our Online Help article on Event Monitoring.
Events being triggered by non-malicious applications are perfectly normal. For example, if a user installs an application that creates a startup entry, it will trigger the event New Startup Program provided that the application is not yet on our whitelist.
When this happens, you can add the application to Behavior Monitoring Exception List or submit it to us for whitelisting. Please refer to KB 1115668 for the steps.