Mtail.exe is a freeware tool to open a .log file and monitor it at realtime. I use it every now and than for troubleshooting, but never installed it on my laptop.
This was the body of the email:
Event: execution_denied
File (Full Path): \\server\c$\users\erik\desktop\mtail.exe
Program (Full Path): C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
Registry Key:
System Name: LAPTOP
User: DOMAIN\Erik
So basically Application Control on my laptop blocked outlook.exe from executing mtail.exe somewhere on a server?!?!? Looks scary!
I remember I have attached something from my desktop which was stored on that server, so that I have opened that particular location from outlook is true, but i certainly did not run mtail.exe at that point. That is: not deliberately :)
I just tried to reproduce the execution and it does not occur when I try to add mtail.exe as an attachment to an email (neither by drag&dropping nor by inserting it through outlook toolbar). It really only gets blocked this way when I click to attach a file in outlook, than browse to that directory and than richt-click mtail.exe and choose to open instead of select. That obviously is not something I think I could have done accidently, so this behaviour still is pretty peculiar: still don't have an explanation to it... If you do: please reply :)
If any such events reoccurs i'll let you know!
