Microsoft-Windows-Containers-BindFlt

4 events across 1 channel

Event ID	Title	Channel
1	BINDFLT filter registratiion failed with error message.	Operational
2	BINDFLT filter registration succeeded	Operational
3	BINDFLT filter failed to attach to volume '.	Operational
4	BINDFLT filter unload succeeded	Operational

Event ID 1 — BINDFLT filter registratiion failed with error message.

Provider: Microsoft-Windows-Containers-BindFlt
Channel: Operational

Message

BINDFLT filter registratiion failed with error message: %1

Fields

Name	Description
`NTStatus`	—

Event ID 2 — BINDFLT filter registration succeeded

Provider: Microsoft-Windows-Containers-BindFlt
Channel: Operational
Level: 4
Samples: 1

Message

BINDFLT filter registration succeeded

Example Event

system:
  provider: Microsoft-Windows-Containers-BindFlt
  guid: FC4E8F51-7A04-4BAB-8B91-6321416F72AB
  event_source_name: ''
  event_id: 2
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-06T06:25:40.432099+00:00'
  event_record_id: 10
  correlation: {}
  execution:
    process_id: 4
    thread_id: 52
  channel: Microsoft-Windows-Containers-BindFlt/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3 — BINDFLT filter failed to attach to volume '.

Provider: Microsoft-Windows-Containers-BindFlt
Channel: Operational

Message

BINDFLT filter failed to attach to volume '%3' with error message: %1

Fields

Name	Description
`NTStatus`	—
`VolumeNameLength`	—
`VolumeName`	—

Event ID 4 — BINDFLT filter unload succeeded

Provider: Microsoft-Windows-Containers-BindFlt
Channel: Operational

Message

BINDFLT filter unload succeeded