Microsoft-Antimalware-AMFilter

11 events across 1 channel

Event ID	Title	Channel
1		Application
2		Application
3		Application
4		Application
5		Application
6		Application
7		Application
8		Application
9		Application
10		Application
11		Application

Event ID 1 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_CacheFlush

Event ID 2 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_CacheRemove

Fields #

Name	Description
`File_ID` UInt64	—

Event ID 3 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_CacheHit

Fields #

Name	Description
`File_ID` UInt64	—

Event ID 4 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_CacheMiss

Fields #

Name	Description
`File_ID` UInt64	—

Event ID 5 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_CacheAdd

Fields #

Name	Description
`File_ID` UInt64	—

Event ID 6 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_SeqReadFlag

Event ID 7 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_TrustedProcess

Fields #

Name	Description
`Pid` UInt32	—
`Reason` UnicodeString	—
`Trusted` UInt32	—
`TotalTrusted` UInt32	—
`TotalUntrusted` UInt32	—
`Path` UnicodeString	—

Event ID 8 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_ProcessContext

Fields #

Name	Description
`Pid` UInt32	—
`Reason` UnicodeString	—
`Flags` UInt32	—
`ProcessFilterFlags` UInt32	—
`ProcessName` UnicodeString	—
`VmHardenType` UInt64	—
`ExemptVmHardenedTypes` UInt64	—

Event ID 9 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_FileScan

Fields #

Name	Description
`FileName` UnicodeString	—
`Reason` UnicodeString	—
`IoStatusBlockForNewFile` UInt64	—

Event ID 10 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_DeleteStreamContext

Fields #

Name	Description
`File_ID` UInt64	—

Event ID 11 —

Provider: Microsoft-Antimalware-AMFilter
Channel: Application
Task: AMFilter_FileScanResult

Fields #

Name	Description
`FileName` UnicodeString	—
`Reason` UInt32	—
`ScanStatus` UInt32	—
`State` UInt32	—
`ScanAttributes` UInt32	—
`FileId` UInt64	—
`USN` UInt64	—