Verify a program or Windows-service control action#
When to use this procedure#
Use for Start Program and Control Windows Service actions.
Applies to#
This procedure applies to EventReporter.
Prerequisites#
Use an account that can read the product configuration and Windows diagnostic state.
Replace angle-bracket placeholders with values from the affected system.
Safety#
Run diagnostic checks before changing configuration.
Remove passwords, private keys, license data, and other secrets from evidence.
Configuration path#
Configuration Client > RuleSets > affected ruleset > rule > affected action.
Procedure#
Record the full executable path or internal Windows service name, arguments, and service account.
Expected result: The affected object and its effective settings are identified.
If it fails: Return to the complete Event Log detail and configuration export before changing settings.
Run the native Windows checks below from the affected product host.
Test-Path -LiteralPath '<EXECUTABLE_PATH>' Get-Acl -LiteralPath '<EXECUTABLE_PATH>' | Format-List AccessToString Get-Service -Name '<TARGET_SERVICE_NAME>' | Format-List Name,Status,StartType
Expected result: The target exists and succeeds in the service-account context without an interactive desktop.
If it fails: Correct full path, arguments, working directory, environment, ACLs, logon rights, or dependencies.
Perform one uniquely identifiable product test through the same service, rule, or action.
Expected result: The intended destination records the test exactly once.
If it fails: Collect the first new product event and bounded debug output; do not change unrelated settings.
Verify the result#
Repeat the affected operation, confirm its positive output, and verify that queues, collection positions, or remote delivery continue normally.
Evidence to collect#
The complete Event Log entry and neighboring product events with timestamps.
The command output, relevant configuration export, and bounded debug log from the same interval.