{"id":250535,"date":"2021-03-07T00:25:00","date_gmt":"2021-03-06T23:25:00","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=250535"},"modified":"2021-03-05T19:25:53","modified_gmt":"2021-03-05T18:25:53","slug":"windows-10-eingebautes-prozess-dll-logging-aktivieren","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2021\/03\/07\/windows-10-eingebautes-prozess-dll-logging-aktivieren\/","title":{"rendered":"Windows 10: Eingebautes Prozess\/DLL-Logging aktivieren"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\" width=\"58\" height=\"58\" align=\"left\" \/>[English]Kleiner Shortie zum Wochenende. In Windows 10 gibt es die M\u00f6glichkeit, Prozesse oder das Laden von DLLs und Treibern zu protokollieren. Die Option kann \u00fcber die Code Integrity-Policy eingeschaltet werden.<\/p>\n<p><!--more--><\/p>\n<p>M\u00f6glich ist dies per PowerShell \u00fcber die <a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/module\/configci\/new-cipolicy?view=win10-ps\" target=\"_blank\" rel=\"noopener\">Code Integrity Policy<\/a> und das <a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/module\/configci\/convertfrom-cipolicy?view=win10-ps\" target=\"_blank\" rel=\"noopener\">ConvertFrom-CIPolicy<\/a> cmdlet. Ich bin die Tage \u00fcber nachfolgenden <a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435525272481799\" target=\"_blank\" rel=\"noopener\">Tweet<\/a> auf die betreffenden Informationen von Matt Graber gesto\u00dfen.<\/p>\n<p><a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435525272481799\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Code Integrity Policy \" src=\"https:\/\/i.imgur.com\/wcCfyN6.png\" alt=\"Code Integrity Policy \" \/><\/a><\/p>\n<p>Greaber hat in einer Folge von Tweets (<a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435881041723392\" target=\"_blank\" rel=\"noopener\">hier<\/a> geht es um User-Mode-Logging) diesen Ansatz vorgestellt. M\u00f6glicherweise ist das aber ein alter Hut f\u00fcr Administratoren, die mit diesen Policies arbeiten.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Kleiner Shortie zum Wochenende. In Windows 10 gibt es die M\u00f6glichkeit, Prozesse oder das Laden von DLLs und Treibern zu protokollieren. Die Option kann \u00fcber die Code Integrity-Policy eingeschaltet werden.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3694],"tags":[4378],"class_list":["post-250535","post","type-post","status-publish","format-standard","hentry","category-windows-10","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/250535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=250535"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/250535\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=250535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=250535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=250535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}