Microsoft-Antimalware-Engine
109 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1 | Start of engine scan request | Application |
| 2 | End of engine scan request | Application |
| 3 | Application | |
| 4 | Application | |
| 5 | Start of stream scan request | Application |
| 6 | End of stream scan request | Application |
| 7 | Skipped file | Application |
| 8 | Application | |
| 9 | Application | |
| 10 | Application | |
| 11 | Application | |
| 12 | Application | |
| 13 | Application | |
| 14 | Application | |
| 15 | Application | |
| 16 | Application | |
| 17 | Application | |
| 18 | Application | |
| 19 | Application | |
| 20 | Application | |
| 21 | Application | |
| 22 | Application | |
| 23 | Application | |
| 24 | Application | |
| 25 | Application | |
| 26 | Application | |
| 27 | Application | |
| 28 | Application | |
| 29 | Application | |
| 30 | Application | |
| 31 | Application | |
| 32 | Application | |
| 33 | Application | |
| 35 | Application | |
| 36 | Application | |
| 37 | Application | |
| 38 | Application | |
| 39 | Application | |
| 40 | Application | |
| 41 | Application | |
| 42 | Application | |
| 43 | Application | |
| 44 | Application | |
| 45 | Application | |
| 46 | Application | |
| 47 | Application | |
| 48 | Application | |
| 49 | Application | |
| 50 | Application | |
| 51 | Application | |
| 52 | Application | |
| 53 | Application | |
| 58 | Application | |
| 59 | Application | |
| 60 | Application | |
| 61 | Application | |
| 62 | Application | |
| 63 | Application | |
| 64 | Application | |
| 65 | Application | |
| 66 | Application | |
| 67 | Application | |
| 68 | Application | |
| 69 | Application | |
| 70 | Application | |
| 71 | Application | |
| 72 | Application | |
| 73 | Application | |
| 74 | Application | |
| 75 | Application | |
| 76 | Application | |
| 77 | Application | |
| 78 | Application | |
| 79 | Application | |
| 80 | Application | |
| 81 | Application | |
| 82 | Application | |
| 83 | Application | |
| 84 | Application | |
| 85 | Application | |
| 86 | Application | |
| 87 | Application | |
| 88 | Application | |
| 89 | Application | |
| 90 | Application | |
| 91 | Application | |
| 92 | Application | |
| 93 | Application | |
| 94 | Application | |
| 95 | Application | |
| 96 | Application | |
| 97 | Application | |
| 98 | Application | |
| 99 | Application | |
| 100 | Application | |
| 101 | Application | |
| 102 | Application | |
| 103 | Application | |
| 104 | Application | |
| 105 | Application | |
| 106 | Application | |
| 107 | Application | |
| 108 | Application | |
| 109 | Application | |
| 110 | Application | |
| 111 | Application | |
| 112 | Application | |
| 113 | Application | |
| 114 | Application |
Event ID 1 — Start of engine scan request
Message
Fields
| Name | Description |
|---|---|
EngineId | — |
Id | — |
Type | — |
Flags | — |
ScanSource | — |
ResourceCount | — |
FirstResourceType | — |
FirstResourcePath | — |
ThreadTime | — |
Event ID 2 — End of engine scan request
Message
Fields
| Name | Description |
|---|---|
EngineId | — |
Id | — |
Type | — |
Flags | — |
ScanSource | — |
ResourceCount | — |
FirstResourceType | — |
FirstResourcePath | — |
ThreadTime | — |
StartQPC | — |
Event ID 3 —
Fields
| Name | Description |
|---|---|
Message | — |
Event ID 4 —
Fields
| Name | Description |
|---|---|
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 5 — Start of stream scan request
Message
Fields
| Name | Description |
|---|---|
Id | — |
Path | — |
Process | — |
Reason | — |
ThreadTime | — |
PID | — |
Event ID 6 — End of stream scan request
Message
Fields
| Name | Description |
|---|---|
Id | — |
Path | — |
Process | — |
Reason | — |
ThreadTime | — |
PID | — |
Event ID 7 — Skipped file
Message
Fields
| Name | Description |
|---|---|
Path | — |
Reason | — |
Event ID 8 —
Fields
| Name | Description |
|---|---|
PID | — |
GUID | — |
Type | — |
Name | — |
SignatureId | — |
ImagePath | — |
Event ID 9 —
Fields
| Name | Description |
|---|---|
PID | — |
PPID | — |
ImagePath | — |
Flags | — |
Event ID 10 —
Fields
| Name | Description |
|---|---|
PID | — |
ImagePath | — |
Event ID 11 —
Fields
| Name | Description |
|---|---|
PID | — |
ImagePath | — |
Event ID 12 —
Fields
| Name | Description |
|---|---|
PID | — |
ImageName | — |
FileName | — |
Event ID 13 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 14 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 15 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 16 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
OldFileName | — |
Event ID 17 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 18 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 19 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 20 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
ValueName | — |
Event ID 21 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
ValueName | — |
Event ID 22 —
Fields
| Name | Description |
|---|---|
PID | — |
Event ID 23 —
Fields
| Name | Description |
|---|---|
PID | — |
Event ID 24 —
Fields
| Name | Description |
|---|---|
PID | — |
Event ID 25 —
Fields
| Name | Description |
|---|---|
PID | — |
Event ID 26 —
Fields
| Name | Description |
|---|---|
PID | — |
Event ID 27 —
Fields
| Name | Description |
|---|---|
PID | — |
DetectionId | — |
Event ID 28 —
Fields
| Name | Description |
|---|---|
PID | — |
RecordType | — |
ImagePath | — |
Path | — |
Event ID 29 —
Fields
| Name | Description |
|---|---|
PID | — |
TPID | — |
TTID | — |
ImageName | — |
Event ID 30 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
ThreadTime | — |
Event ID 31 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
ThreadTime | — |
StartQPC | — |
Event ID 32 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
PID | — |
ThreadTime | — |
Event ID 33 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
PID | — |
ThreadTime | — |
StartQPC | — |
Event ID 35 —
Fields
| Name | Description |
|---|---|
ScanSource | — |
EventType | — |
Classification | — |
Info | — |
FileName | — |
FileID | — |
FileUSN | — |
Result | — |
Event ID 36 —
Fields
| Name | Description |
|---|---|
ScanSource | — |
EventType | — |
Classification | — |
Info | — |
FileName | — |
FileID | — |
FileUSN | — |
Result | — |
Event ID 37 —
Fields
| Name | Description |
|---|---|
ScanSource | — |
EventType | — |
Classification | — |
Info | — |
FileName | — |
FileID | — |
FileUSN | — |
Result | — |
Event ID 38 —
Fields
| Name | Description |
|---|---|
FileName | — |
CacheName | — |
Result | — |
Event ID 39 —
Fields
| Name | Description |
|---|---|
FileName | — |
CacheName | — |
Result | — |
Event ID 40 —
Fields
| Name | Description |
|---|---|
action | — |
key | — |
filename | — |
result | — |
Event ID 41 —
Fields
| Name | Description |
|---|---|
utilization | — |
result | — |
Event ID 42 —
Fields
| Name | Description |
|---|---|
key | — |
filename | — |
parentKey | — |
result | — |
Event ID 43 —
Fields
| Name | Description |
|---|---|
Message | — |
Name | — |
Data | — |
StartStop | — |
ThreadTime | — |
Event ID 44 —
Fields
| Name | Description |
|---|---|
action | — |
vault | — |
key | — |
result | — |
Event ID 45 —
Fields
| Name | Description |
|---|---|
vault | — |
records | — |
result | — |
Event ID 46 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 47 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 48 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 49 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 50 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 51 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 52 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 53 —
Fields
| Name | Description |
|---|---|
PID | — |
TargetPID | — |
AccessMask | — |
WasHardened | — |
Event ID 58 —
Fields
| Name | Description |
|---|---|
PID | — |
KeyPath | — |
Event ID 59 —
Fields
| Name | Description |
|---|---|
VName | — |
SigSeq | — |
SigSha | — |
Result | — |
Event ID 60 —
Fields
| Name | Description |
|---|---|
PID | — |
Channel | — |
EventId | — |
Event ID 61 —
Fields
| Name | Description |
|---|---|
PID | — |
FolderName | — |
Event ID 62 —
Fields
| Name | Description |
|---|---|
Count | — |
Event ID 63 —
Fields
| Name | Description |
|---|---|
TaintReason | — |
ReasonImagePath | — |
ProcessImagePath | — |
Event ID 64 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
OldFileName | — |
Event ID 65 —
Fields
| Name | Description |
|---|---|
PID | — |
FolderName | — |
Event ID 66 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
FileHardLinkName | — |
Event ID 67 —
Fields
| Name | Description |
|---|---|
Message | — |
Name | — |
Data | — |
StartStop | — |
ThreadTime | — |
DeltaCPU | — |
DeltaWall | — |
Event ID 68 —
Fields
| Name | Description |
|---|---|
SigName | — |
SigSeq | — |
SigSha | — |
SigTypeName | — |
Dimension | — |
Value | — |
Limit | — |
FileName | — |
VPath | — |
FileSha1 | — |
PartialCRC1 | — |
PartialCRC2 | — |
PartialCRC3 | — |
FileSize | — |
Event ID 69 —
Fields
| Name | Description |
|---|---|
Guid | — |
VolumeSize | — |
Attributes | — |
FilesCount | — |
FileGuidsArray | — |
FileSizeArray | — |
CompressedFileSizeArray | — |
FileNameArray | — |
FileAttributesArray | — |
EfiFileTypeArray | — |
FileSha1Array | — |
SmbiosAttributes | — |
FileCRCsArray | — |
Event ID 70 —
Fields
| Name | Description |
|---|---|
BasePath | — |
CommandLine | — |
PID | — |
ParentPID | — |
Flags | — |
IntegrityLevel | — |
Event ID 71 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 72 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 73 —
Fields
| Name | Description |
|---|---|
EngineId | — |
CreationTime | — |
PID | — |
filepath | — |
flags | — |
flags2low | — |
flags2high | — |
oldFlags | — |
oldFlags2low | — |
oldFlags2high | — |
Source | — |
Event ID 74 —
Fields
| Name | Description |
|---|---|
Sha1 | — |
Sha256 | — |
SigSeq | — |
SigSha | — |
AllSigSeqs | — |
AllSigShas | — |
RealPath | — |
VPath | — |
EtwDataReportType | — |
ReportType | — |
EngineReportGuid | — |
ResourceData | — |
ResourceSchema | — |
Determination | — |
ActionStatus | — |
ProcessID | — |
ProcessCreationTime | — |
ProcessPath | — |
ThreatName | — |
Classification | — |
IsLatent | — |
IsPassiveMode | — |
ScanSource | — |
ScanType | — |
RtpProcessID | — |
RtpProcessCreationTime | — |
ProcessCommandLine | — |
ExtraDataJson | — |
Event ID 75 —
Fields
| Name | Description |
|---|---|
DeviceInfo | — |
TCGEventsArray | — |
PCRsArray | — |
Event ID 76 —
Fields
| Name | Description |
|---|---|
JsonData | — |
Event ID 77 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
Level | — |
EffectiveLevel | — |
TriggerSigSeq | — |
Origin | — |
Event ID 78 —
Fields
| Name | Description |
|---|---|
ImageFilePath | — |
Level | — |
EffectiveLevel | — |
TriggerSigSeq | — |
Origin | — |
Event ID 79 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
Level | — |
TriggerSigSeq | — |
Event ID 80 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
Level | — |
TriggerSigSeq | — |
StopReason | — |
Event ID 81 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
ScanReason | — |
Event ID 82 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
ScanReason | — |
ScanResult | — |
Event ID 83 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Event ID 84 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Event ID 85 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Event ID 86 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Event ID 87 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 88 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 89 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 90 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 91 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
ThreadId | — |
StartQPC | — |
Event ID 92 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
ThreadId | — |
StartQPC | — |
Event ID 93 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
PID | — |
ThreadId | — |
StartQPC | — |
Event ID 94 —
Fields
| Name | Description |
|---|---|
EngineId | — |
FilePath | — |
PID | — |
ThreadId | — |
StartQPC | — |
Event ID 95 —
Fields
| Name | Description |
|---|---|
ProcessId | — |
CreationTime | — |
FileName | — |
FirstOffsetWritten | — |
LastOffsetWritten | — |
SmallestOffsetWritten | — |
BiggestOffsetWritten | — |
TotalSizeOfWrites | — |
TotalSizeOfAppends | — |
NumberOfWrites | — |
Event ID 96 —
Fields
| Name | Description |
|---|---|
OnboardedInfo | — |
Event ID 97 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Id | — |
Type | — |
Flags | — |
ScanSource | — |
ResourceCount | — |
FirstResourceType | — |
FirstResourcePath | — |
ThreadId | — |
StartQPC | — |
Event ID 98 —
Fields
| Name | Description |
|---|---|
EngineId | — |
Id | — |
Type | — |
Flags | — |
ScanSource | — |
ResourceCount | — |
FirstResourceType | — |
FirstResourcePath | — |
ThreadId | — |
StartQPC | — |
Event ID 99 —
Fields
| Name | Description |
|---|---|
EngineId | — |
CreationTime | — |
PID | — |
flags | — |
flags2low | — |
flags2high | — |
Event ID 100 —
Fields
| Name | Description |
|---|---|
EngineId | — |
CreationTime | — |
PID | — |
flags | — |
flags2low | — |
flags2high | — |
Event ID 101 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 102 —
Fields
| Name | Description |
|---|---|
EngineId | — |
EngineVersion | — |
AVVersion | — |
ASVersion | — |
Event ID 103 —
Fields
| Name | Description |
|---|---|
PID | — |
FileName | — |
Event ID 104 —
Fields
| Name | Description |
|---|---|
PID | — |
FeatureId | — |
FirstParam | — |
SecondParam | — |
Event ID 105 —
Fields
| Name | Description |
|---|---|
PID | — |
EventId | — |
KeyPath | — |
ValueName | — |
OldValue | — |
NewValue | — |
UserMode | — |
FeatureType | — |
Event ID 106 —
Fields
| Name | Description |
|---|---|
EngineId | — |
LiveContextCount | — |
TotalContextCount | — |
Event ID 107 —
Fields
| Name | Description |
|---|---|
EngineId | — |
LiveContextCount | — |
TotalContextCount | — |
Event ID 108 —
Fields
| Name | Description |
|---|---|
Type | — |
Scope | — |
ResourceType | — |
TargetResource | — |
ParentResource | — |
DetectionName | — |
UserName | — |
Event ID 109 —
Fields
| Name | Description |
|---|---|
PID | — |
ProcessContextId | — |
ImagePath | — |
Event ID 110 —
Fields
| Name | Description |
|---|---|
PID | — |
ProcessContextId | — |
TerminationTime | — |
Event ID 111 —
Fields
| Name | Description |
|---|---|
PID | — |
AttrId | — |
AttrSeq | — |
AttrSubset | — |
Event ID 112 —
Fields
| Name | Description |
|---|---|
PID | — |
AttrId | — |
AttrSeq | — |
AttrSubset | — |
MatchedThreatsNumber | — |
IsMultiProcMatch | — |
IsMultiProcDetection | — |
Event ID 113 —
Fields
| Name | Description |
|---|---|
PID | — |
DetectionName | — |
SigSeq | — |
Event ID 114 —
Fields
| Name | Description |
|---|---|
PID | — |
DetectionName | — |
SigSeq | — |
CloudResponse | — |