Friday, February 5, 2021

AppLocker Block vs Sysmon Process Create

 This folder is applocker blocked


  




  
So I copied notepad.exe into it, renamed it, then tried to execute and as you can see applocker blocked me





But Sysmon and Windows both generated an Event ID 1 and 4688