Can anyone point me to a resource to research the Alerts that come up in the Event log so that I know if it should be allowed or denied? For instance. How would I know if this process not supposed to be able to insert code into another process?
TESTMODE: The process 'C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\cda0537e8e2624c74cdaea2d34c7c7df\update\update.exe' (as user NT AUTHORITY\SYSTEM) attempted to insert code ('Windows Message code 1030') into another process. The process 'unknown process' was targeted. The operation would have been denied. Details Rule 1009 Wizard