Description

PCA was requested to refresh the program cache.

Message #

PCA was requested to refresh the program cache.

Description

PCA was informed that the program cache was refreshed.

Message #

PCA was informed that the program cache was refreshed.

Description

PCA dialog button response ChainId.

Message #

PCA dialog button response %2.

Fields #

Description

PCA triggered SIUF question was asked.

Message #

PCA triggered SIUF question was asked.

Fields #

Description

PCA triggered SIUF question was answered.

Message #

PCA triggered SIUF question was answered.

Fields #

Description

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Message #

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
User action ID: %6
Compatibility layer: %7
FileID: %8
ProgramID: %9

Fields #

Message #

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.Application name: {ApplicationName}Application version: {ApplicationVersion}Executable path: {ExecutablePath}Scenario ID: {ScenarioId}User action: {UserAction}User action ID: {UserActionID}Compatibility layer: {CompatibilityLayer}Deprecated component: {DeprecatedComponent}FileID: {FileID}ProgramID: {ApplicationName}0

Fields #

Message #

The Program Compatibility Assistant was invoked due to an unsigned driver install. This version of Windows requires all drivers to have a valid digital signature. Information about the driver is below.Driver: {DriverName}Service: {ServiceName}Publisher: {PublisherName}Location: {DriverPath}Version: {DriverVersion}This driver is unavailable and the program that uses this driver might not work correctly.

Fields #

Description

The Program Compatibility Assistant was not invoked because the application has been already handled previously. Information about the application is below.

Message #

The Program Compatibility Assistant was not invoked because the application has been already handled previously. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6

Fields #

Description

The Program Compatibility Assistant was not invoked as the application executed correctly. Information about the application is below.

Message #

The Program Compatibility Assistant was not invoked as the application executed correctly. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6

Fields #

Description

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Message #

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenarios code: %4
Deprecated Components: %5
User action ID: %6
Compatibility layers recommended: %7
FileID: %8
ProgramID: %9

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Application-Experience",
    "guid": "EEF54E71-0661-422D-9A98-82FD4940B820",
    "event_source_name": "",
    "event_id": 201,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2013-10-23T16:24:25.239375Z",
    "event_record_id": 380,
    "correlation": {},
    "execution": {
      "process_id": 892,
      "thread_id": 3532
    },
    "channel": "System",
    "computer": "IE8Win7",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {}
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Application-Experience",
    "guid": "EEF54E71-0661-422D-9A98-82FD4940B820",
    "event_source_name": "",
    "event_id": 206,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2013-10-23T22:03:32.528125Z",
    "event_record_id": 2787,
    "correlation": {},
    "execution": {
      "process_id": 808,
      "thread_id": 2792
    },
    "channel": "System",
    "computer": "IE8Win7",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {}
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application is excluded in the registry.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application is excluded in the registry.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because of the extension of the executable.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because of the extension of the executable.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the executable has a UAC manifest.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the executable has a UAC manifest.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application has a compatibility fix applied to it.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application has a compatibility fix applied to it.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application depends on the Windows Installer service (MSI).

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application depends on the Windows Installer service (MSI).

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the executable has a current SwitchBack context.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the executable has a current SwitchBack context.

Fields #

Description

The Program Compatibility Assistant has added ExecutablePath to quarantine.

Message #

The Program Compatibility Assistant has added %1 to quarantine.

Fields #

Description

The Program Compatibility Assistant has removed ExecutablePath from quarantine.

Message #

The Program Compatibility Assistant has removed %1 from quarantine.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the executable has a UAC manifest.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the executable has a UAC manifest.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the PCA is disabled by group policy.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the PCA is disabled by group policy.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application already exists within a job object.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application already exists within a job object.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application is a 64-bit application.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application is a 64-bit application.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application is on a network path.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application is on a network path.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application compatibility infrastructure is disabled.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application compatibility infrastructure is disabled.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application is protected by Windows Resource Protection.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application is protected by Windows Resource Protection.

Fields #

Description

The Program Compatibility Assistant was requested to monitor ExecutablePath, but ignored the request because the application has been excluded from the PCA by Microsoft.

Message #

The Program Compatibility Assistant was requested to monitor %1, but ignored the request because the application has been excluded from the PCA by Microsoft.

Fields #

Description

The Program Compatibility Assistant attempted to connect an event for process ID ProcessId, but the Program Compatibility Assistant service was unable to locate the process.

Message #

The Program Compatibility Assistant attempted to connect an event for process ID %1, but the Program Compatibility Assistant service was unable to locate the process.

Fields #

Description

Compatibility fix applied to CompatibilityFixEvent.ExePath.

Message #

Compatibility fix applied to %5.
Fix information: %6, %3, %4.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Application-Experience",
    "guid": "EEF54E71-0661-422D-9A98-82FD4940B820",
    "event_source_name": "",
    "event_id": 500,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 576460752303423488,
    "time_created": "2023-11-06T02:01:06.316061+00:00",
    "event_record_id": 268,
    "correlation": {},
    "execution": {
      "process_id": 10532,
      "thread_id": 16892
    },
    "channel": "Microsoft-Windows-Application-Experience/Program-Telemetry",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "user_data": {
    "CompatibilityFixEvent": {
      "ProcessId": 10532,
      "StartTime": 1699236066.0862,
      "FixID": "AD24F32A-1C4D-4D71-AF4E-1D9031C04F14",
      "Flags": 65793,
      "ExePath": "C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.bin",
      "FixName": "Apache OpenOffice"
    }
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Compatibility fix applied to Flags.

Message #

Compatibility fix applied to %5.
Fix information: %6, %3, %4.

Fields #

Description

Compatibility fix applied to PackageCode.

Message #

Compatibility fix applied to %7.
Fix information: %8, %3, %4.

Fields #

Description

Compatibility fix applied to PackageCode.

Message #

Compatibility fix applied to %7.
Fix information: %8, %3, %4.

Fields #

Description

PCA was informed about fix FixName applied to process.

Message #

PCA was informed about fix %2 applied to process.

Fields #

Description

Compatibility fix applied to CompatibilityFixEvent.ExePath.

Message #

Compatibility fix applied to %5.
Fix information: %6, %3, %4.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Application-Experience",
    "guid": "EEF54E71-0661-422D-9A98-82FD4940B820",
    "event_source_name": "",
    "event_id": 505,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 576460752303423488,
    "time_created": "2023-11-06T01:51:42.489178+00:00",
    "event_record_id": 265,
    "correlation": {},
    "execution": {
      "process_id": 21364,
      "thread_id": 8156
    },
    "channel": "Microsoft-Windows-Application-Experience/Program-Telemetry",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-21-1992711665-1655669231-58201500-1000"
    }
  },
  "user_data": {
    "CompatibilityFixEvent": {
      "ProcessId": 21364,
      "StartTime": 1699235502.3153903,
      "FixID": "6F36AB95-595F-497D-9001-86DAD299B6FA",
      "Flags": 2147549701,
      "ExePath": "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
      "FixName": "AppDefaults"
    }
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

An instance of the Steps Recorder ran with the following information.

Message #

An instance of the Steps Recorder ran with the following information:

StartTime: %1
StopTime: %2
Action Count: %3
Missed Action Count: %4
Output file location: %5

Fields #

Description

An instance of the Steps Recorder terminated with the following error code: ErrorCode.

Message #

An instance of the Steps Recorder terminated with the following error code: %1

Fields #

Description

The Application Impact Telemetry (AIT) Agent terminated with the following error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent terminated with the following error code: %1

Fields #

Description

The Application Impact Telemetry (AIT) Agent is not running because AIT is disabled.

Message #

The Application Impact Telemetry (AIT) Agent is not running because AIT is disabled.

Description

The Application Impact Telemetry (AIT) Agent is stopping because another instance is already running.

Message #

The Application Impact Telemetry (AIT) Agent is stopping because another instance is already running.

Description

The Application Impact Telemetry (AIT) Agent was unable to parse the command-line options with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to parse the command-line options with error code: %1.

Fields #

Description

The Application Impact Telemetry (AIT) Agent was unable to process the logs files with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to process the logs files with error code: %1.

Fields #

Description

The Application Impact Telemetry (AIT) Agent was unable to start application impact SQM with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to start application impact SQM with error code: %1.

Fields #

Description

The Application Impact Telemetry (AIT) Agent was unable to log application impact data to SQM with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to log application impact data to SQM with error code: %1.

Fields #

Description

The Application Impact Telemetry (AIT) Agent was unable to start system telemetry with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to start system telemetry with error code: %1.

Fields #

Description

The Application Impact Telemetry (AIT) Agent was unable to log system telemetry data to SQM with error code: FailureCode.

Message #

The Application Impact Telemetry (AIT) Agent was unable to log system telemetry data to SQM with error code: %1.

Fields #

Message #

An instance of Program Data Updater (PDU) ran with the following information: StartTime: {StartTime}; StopTime: {StopTime}; ExitCode: {ExitCode}; Number of new programs: {NumNewPrograms}; Number of removed programs: {NumRemovedPrograms}; Number of updated programs: {NumUpdatedPrograms}; Number of installed programs: {NumInstalledPrograms}; Number of new orphan files: {NumNewOrphans}; Number of new add-ons: {NumNewAddOns}; Number of removed add-ons: {StartTime}0; Number of updated add-ons: {StartTime}1; Number of installed add-ons: {StartTime}2; Number of new installations: {StartTime}3

Fields #

Description

An Internet Explorer add-on was installed on the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}.

Message #

An Internet Explorer add-on was installed on the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}

Fields #

Description

An Internet Explorer add-on was updated on the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}.

Message #

An Internet Explorer add-on was updated on the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}

Fields #

Description

An Internet Explorer add-on was removed from the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}.

Message #

An Internet Explorer add-on was removed from the system. For details; please examine the event data.Name: {Name}Type: {Type}Publisher: {Publisher}CLSID: {CLSID}

Fields #

Description

A program was installed on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was installed on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

A program was installed on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was installed on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

A program was updated on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was updated on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

A program was updated on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was updated on the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

A program was removed from the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was removed from the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

A program was removed from the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}.

Message #

A program was removed from the system. For details; please examine the event data.Name: {Name}Version: {Version}Publisher: {Publisher}

Fields #

Description

AMI cache update failure.File path: {FilePath}File ID: {FileID}Program ID: {ProgramID}Error Code: {ErrorCode}.

Message #

AMI cache update failure.File path: {FilePath}File ID: {FileID}Program ID: {ProgramID}Error Code: {ErrorCode}

Fields #

Fields #

Fields #

Description

Installer cancel click detected.

Message #

Installer cancel click detected.

Fields #

Description

InstallerShield detected.

Message #

InstallerShield detected.

Fields #

Description

File installed.

Message #

File installed.

Fields #

Description

New arp key.

Message #

New arp key.

Fields #

Description

DirectX detection: HighDPIAware.

Message #

DirectX detection: HighDPIAware.

Fields #

Description

DirectX detection: MaximizedWindowedMode.

Message #

DirectX detection: MaximizedWindowedMode.

Fields #

Description

DirectX detection: AdaptWindowToDisplayMode.

Message #

DirectX detection: AdaptWindowToDisplayMode.

Fields #

Description

The Application Impact Telemetry (AIT) Static Analysis tool ran with the following results.

Message #

The Application Impact Telemetry (AIT) Static Analysis tool ran with the following results:

Start time: %7
Stop time: %8
Runtime: %9
Exit code: %3
Type of analysis: %4
Number of files analyzed: %5
Number of files failed: %6
Analysis command: %10
Program ID: %11

Fields #

Message #

%1

Fields #

Description

The Application Impact Telemetry (AIT) Static Analysis tool ran with the following results.

Message #

The Application Impact Telemetry (AIT) Static Analysis tool ran with the following results:

Start time: %7
Stop time: %8
Runtime: %9
Exit code: %3
Type of analysis: %4
Number of files analyzed: %5
Number of files failed: %6
Analysis command: %10
Program ID: %11

Fields #

Message #

%3

Fields #

Description

The Program Compatibility Troubleshooter was invoked to correct a compatibility problem. Information about the application is below.

Message #

The Program Compatibility Troubleshooter was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
Result: %5
Result ID: %6
Compatibility layer: %7
FileID: %8
ProgramID: %9

Fields #

Description

The Program Compatibility Troubleshooter queried the Compatibility Online Service for information about an application. Results are below.

Message #

The Program Compatibility Troubleshooter queried the Compatibility Online Service for information about an application. Results are below.

Application name: %1
Application version: %2
Executable path: %3
Recommended layer: %4
URL: %5
Compatibility status: %6
FileID: %7
ProgramID: %8

Fields #

Description

The Program Compatibility Troubleshooter queried the application genome for information about an application. Results are below.

Message #

The Program Compatibility Troubleshooter queried the application genome for information about an application. Results are below.

Application name: %1
Application version: %2
Executable path: %3
Recommended layer: %4
Vista+: %5
FileID: %6
ProgramID: %7

Fields #

Description

Program Compatibility Troubleshooter debug event.

Message #

Program Compatibility Troubleshooter debug event:
%1
%2

Fields #

Description

Detector shim: SHORT_RUN_TIME.

Message #

Detector shim: SHORT_RUN_TIME.

Fields #

Description

Detector shim: ACCESS_DENIED.

Message #

Detector shim: ACCESS_DENIED.

Fields #

Description

Detector shim: BLACK_SCREEN.

Message #

Detector shim: BLACK_SCREEN.

Fields #

Description

Detector shim: WIN32_EXCEPTION: ExtraDataSize.

Message #

Detector shim: WIN32_EXCEPTION: %3.

Fields #

Description

Detector shim: GLOBAL_OBJECT.

Message #

Detector shim: GLOBAL_OBJECT.

Fields #

Description

Detector shim: PRIVILEGE_CHECK.

Message #

Detector shim: PRIVILEGE_CHECK.

Fields #

Description

Detector shim: MESSAGE_BOX_VERSION.

Message #

Detector shim: MESSAGE_BOX_VERSION.

Fields #

Description

Detector shim: MESSAGE_BOX_PRIVILEGE.

Message #

Detector shim: MESSAGE_BOX_PRIVILEGE.

Fields #

Description

Detector shim: MESSAGE_BOX_ERROR_ICON.

Message #

Detector shim: MESSAGE_BOX_ERROR_ICON.

Fields #

Description

Detector shim: REG_EXPAND_SZ.

Message #

Detector shim: REG_EXPAND_SZ.

Fields #

Description

Detector shim: DWM_8AND16_MODE.

Message #

Detector shim: DWM_8AND16_MODE.

Fields #

Description

Detector shim: KERNEL_DRIVER.

Message #

Detector shim: KERNEL_DRIVER.

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Message #

Message: %1

Fields #

Description

Chain: Chain, Process: Process, Type: Type.

Message #

Chain: %1, Process: %2, Type: %3
Component: %4
Message: %5

Fields #

Message #

Message: %1

Fields #

Message #

Message: %1

Fields #