Microsoft-Windows-Containers-Wcifs

4 events across 1 channel

Event ID	Title	Channel
1	WCIFS filter registratiion failed with error message.	Operational
2	WCIFS filter registration succeeded	Operational
3	WCIFS filter failed to attach to volume '.	Operational
4	WCIFS filter unload succeeded	Operational

Event ID 1 — WCIFS filter registratiion failed with error message.

Provider: Microsoft-Windows-Containers-Wcifs
Channel: Operational

Message

WCIFS filter registratiion failed with error message: %1

Fields

Name	Description
`NTStatus`	—

Event ID 2 — WCIFS filter registration succeeded

Provider: Microsoft-Windows-Containers-Wcifs
Channel: Operational
Level: 4
Samples: 1

Message

WCIFS filter registration succeeded

Example Event

system:
  provider: Microsoft-Windows-Containers-Wcifs
  guid: AEC5C129-7C10-407D-BE97-91A042C61AAA
  event_source_name: ''
  event_id: 2
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-11-06T06:25:40.165323+00:00'
  event_record_id: 10
  correlation: {}
  execution:
    process_id: 4
    thread_id: 224
  channel: Microsoft-Windows-Containers-Wcifs/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3 — WCIFS filter failed to attach to volume '.

Provider: Microsoft-Windows-Containers-Wcifs
Channel: Operational

Message

WCIFS filter failed to attach to volume '%3' with error message: %1

Fields

Name	Description
`NTStatus`	—
`VolumeNameLength`	—
`VolumeName`	—

Event ID 4 — WCIFS filter unload succeeded

Provider: Microsoft-Windows-Containers-Wcifs
Channel: Operational

Message

WCIFS filter unload succeeded