Event ID 3099 — Refreshed and activated Code Integrity policy PolicyGUID PolicyNameBuffer.

Provider: Microsoft-Windows-CodeIntegrity
Channel: Operational
Level: Informational
Collection Priority: Recommended (Yamato Security)
Task: RefreshPolicyTask
Opcode: RefreshPolicyOp

Description

Refreshed and activated Code Integrity policy PolicyGUID PolicyNameBuffer. id PolicyIdBuffer. Status Status.

Message #

Refreshed and activated Code Integrity policy %5 %2. id %4. Status %6

Fields #

Name	Description
`PolicyNameLength` UInt16	—
`PolicyNameBuffer` UnicodeString	—
`PolicyIdLength` UInt16	—
`PolicyIdBuffer` UnicodeString	—
`PolicyGUID` GUID	—
`Status` HexInt32	— NTSTATUS reference
`Options` HexInt32	—
`PolicyHashSize` UInt32	—
`PolicyHash` Binary	—
`OptionsV2` HexInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-CodeIntegrity",
    "guid": "4EE76BD8-3CF4-44A0-A0AC-3937643E37A3",
    "event_source_name": "",
    "event_id": 3099,
    "version": 1,
    "level": 4,
    "task": 21,
    "opcode": 131,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-11T06:27:10.407531+00:00",
    "event_record_id": 876,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 8
    },
    "channel": "Microsoft-Windows-CodeIntegrity/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "PolicyNameLength": 31,
    "PolicyNameBuffer": "Microsoft Windows Driver Policy",
    "PolicyIdLength": 12,
    "PolicyIdBuffer": "10.0.25090.0",
    "PolicyGUID": "D2BDA982-CCF6-4344-AC5B-0B44427B6816",
    "Status": "0x0",
    "Options": "0x80881200",
    "PolicyHashSize": 32,
    "PolicyHash": "2419C1A60EE8761B72CD311792BC04751726C459639F4AAB4AD8FDF78C9DABBD"
  },
  "message": ""
}

References #

Microsoft Learn https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/operations/event-id-explanations