This is the log when an application with a window is started in the client (CT). Application startup logs cannot be collected in the case of an application without a window.
Application startup logs without a window displayed (but with an invisible window) will be collected.
How to apply
When collecting application startup logs, the user who starts the application and the application that is started can be known. An unnecessary application for business that has been started and the person who starts the application that might cause information disclosure can be found. Whether the system is being used according to the rules can be judged.
Set policy for collection
Set policy in the Terminal Initial Settings window, the User Policy Settings window or the window after the Management Console is started (CT policy settings window).
In Windows > Log collection operation, set Application Startup Log to Yes.
Displayed content
The following log content can be viewed:
Name: name of the client (CT)
Occurrence Date and Time: time for collecting logs at client (CT)
User ID: logon user name of the client (CT)
Domain Name: it is the domain name of the client (CT) when logging on to domain while it is the computer name of the client (CT) when logging on to local computer
Type: Application Startup (fixed value)
Classification: normal
Attachment: (not displayed)
Content: the following content is displayed.
Name of the started application (*1)
Example of Content:
Started [iexplore].
*1: When performing keyword search in Log Viewer, it can be specified as keyword.
Note: The content below is displayed.
Process ID (*1)
Parent process ID (*1)
Argument (*1)
Example of Note:
Process ID:[3182],Parent Process ID[5032],Parameter:[C:\Windows\notepad.exe D:\Individual information.txt]
*1: Can be specified as a keyword when performing a keyword search in the Log Viewer.