private async Task EventLogPollingTaskAsync(int waitMillis) { try { LogHelper.Info($"Start security event log polling ..."); DateTime lastLogEntryTimeStamp = DateTime.Now; CancellationToken cancellationToken = _eventLogPollingTaskCancellationTokenSource.Token; while (true) { try { using (EventLog securityLog = new EventLog("security")) { List <EventLogEntry> newEntryList = new List <EventLogEntry>(); int entryIndex = securityLog.Entries.Count - 1; DateTime newestEntryTimeWritten = securityLog.Entries[entryIndex].TimeWritten; for (int i = entryIndex; i >= 0; i--) { CheckCancelTaskRequestedAndThrow(cancellationToken); EventLogEntry entry = securityLog.Entries[i]; bool isNewEntry = entry.TimeWritten > lastLogEntryTimeStamp; if (isNewEntry) { if (IsEventInstanceIdAccepted(entry.InstanceId)) { WPFUtils.DispatchUI(() => App.GetActivityWindow().ShowActivity(ActivityWindow.ActivityEnum.Blocked)); newEntryList.Insert(0, entry); } else { WPFUtils.DispatchUI(() => App.GetActivityWindow().ShowActivity(ActivityWindow.ActivityEnum.Allowed)); } } else { break; } } lastLogEntryTimeStamp = newestEntryTimeWritten; foreach (EventLogEntry entry in newEntryList) { CheckCancelTaskRequestedAndThrow(cancellationToken); Application.Current.Dispatcher.Invoke(() => { // dispatch to ui thread _application.HandleEventLogNotification(entry); }); } } } catch (ArgumentException e) { LogHelper.Warning($"Security log entry does not exist anymore:" + e.Message); } CheckCancelTaskRequestedAndThrow(cancellationToken); await Task.Delay(waitMillis, cancellationToken).ConfigureAwait(false); } } catch (SecurityException se) { LogHelper.Error($"Notifier cannot access security event log: { se.Message}. Notifier needs to be started with admin rights and will exit now", se); MessageBox.Show($"Notifier cannot access security event log:\n{se.Message}\nNotifier needs to be started with admin rights.\nNotifier will exit.", "Error", MessageBoxButton.OK, MessageBoxImage.Error); this._application.Shutdown(); } catch (Exception e) { LogHelper.Error("EventLogPollingTaskAsync exception: " + e.Message, e); MessageBox.Show($"Security event log polling exception:\n{e.Message}\nNotifier will exit", "Error", MessageBoxButton.OK, MessageBoxImage.Warning); this._application.Shutdown(); } }