Hi,
Application and device control mights be able to avoid some unknown threats infection by simply adding more details about what/who did the actions, and more details about the actions themselves.
For exemple, the "caller process name" is only reporting the exe file called to execute. In case of vbs script, only "wscript.exe" will be show in the log...: We need the full command line to know if the wscript.exe call is coming from a know vbs script or not...!
In other exemple, "write registry" only report registry path...But we didn't see the key name, and the key value...Which would be very useful to know if this a threat or not.