{"id":19163,"date":"2021-03-07T00:25:00","date_gmt":"2021-03-06T23:25:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19163"},"modified":"2021-03-05T19:26:07","modified_gmt":"2021-03-05T18:26:07","slug":"windows-10-eingebautes-prozess-dll-logging-aktivieren","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/03\/07\/windows-10-eingebautes-prozess-dll-logging-aktivieren\/","title":{"rendered":"Windows 10: Enable built-in process\/DLL logging"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\" width=\"58\" height=\"58\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/?p=250535\" target=\"_blank\" rel=\"noopener\">German<\/a>]A little shortie for the weekend. In Windows 10 there is the option to log processes or the loading of DLLs and drivers. The option can be turned on via the Code Integrity policy.<\/p>\n<p><!--more--><\/p>\n<p>This is possible via PowerShell using the<a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/module\/configci\/new-cipolicy?view=win10-ps\" target=\"_blank\" rel=\"noopener\">Code Integrity Policy<\/a> and the <a href=\"https:\/\/docs.microsoft.com\/en-us\/powershell\/module\/configci\/convertfrom-cipolicy?view=win10-ps\" target=\"_blank\" rel=\"noopener\">ConvertFrom-CIPolicy<\/a> cmdlet. I came across the relevant information from Matt Graber the other day via the following <a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435525272481799\" target=\"_blank\" rel=\"noopener\">tweet<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435525272481799\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Code Integrity Policy \" src=\"https:\/\/i.imgur.com\/wcCfyN6.png\" alt=\"Code Integrity Policy \" \/><\/a><\/p>\n<p>Greaber introduced this approach in a sequence of tweets (<a href=\"https:\/\/twitter.com\/mattifestation\/status\/1366435881041723392\" target=\"_blank\" rel=\"noopener\">this<\/a> one is about user-mode logging). However, this may be old hat for administrators working with these policies.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A little shortie for the weekend. In Windows 10 there is the option to log processes or the loading of DLLs and drivers. The option can be turned on via the Code Integrity policy.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[76],"class_list":["post-19163","post","type-post","status-publish","format-standard","hentry","category-windows","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19163"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19163\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}