Confused with Defense + Event Column ( Action ??? )

Hi all
I hope some1 can shed some light on this. In my Computer Security Policy, i created a Application System Security Control for c:\windows\explorer.exe where in the Protected Com Interfaces under Default Action coluumn i selected [ Allow ] and under Exception , i add an item in the [ Blocked Com Interfaces ] and the problem of my confusion is that when i view [ Defense + Events ] there was 1 such entry BUT it is showing as [ Access Com Interface ] in the [ Action ] column ( Should it not say something like BLOCK instead??? ). Can some1 tell me whether it it allowing or blocking PLS. ??? 88) :cry:

Thank you all in advance

I believe that it is recording BLOCK actions or actions which required a user input.

Ewen :slight_smile:

All actions logged by Defense+ are the ones that are blocked. The “action” column shows what an application was trying to do that was not allowed by D+.

TQ for your reply. However, i still got 1 question. If the action column is for showing what an application was trying to do that was not allowed by D+ then i m now more worried. Coz there is a lot of entries where it is saying “Block Hook” well, so does this mean that D+ is blocking the application from trying to block the hook from installing…Your prompt reply is very much appreciated. TQ