Windows 8 will not log AppLocker activities in Windows logs (Application / Security / Setup / System), it is located in event viewer under - Applications and Services Logs \ Microsoft \ Windows \ AppLocker.
To make it works, the Application Identity service need to start. This service, by default, defined with startup type as Manual (Trigger Start), and it will not start in my scenario. by turning on this service, change the startup type to automatic and restart the machine, AppLocker activities will start logging into AppLocker logs.
No comments:
Post a Comment