Microsoft-Windows-Defrag

3 events across 1 channel

Event ID	Title	Channel
258	The storage optimizer successfully completed shrink on (C:)	Application
262	The storage optimizer skipped slab consolidation on OS (C:) because: Slab size …	Application
264		Application

Event ID 258 — The storage optimizer successfully completed shrink on (C:)

Provider: Microsoft-Windows-Defrag
Channel: Application
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-Defrag
  guid: ''
  event_source_name: ''
  event_id: 258
  version: 0
  level: 0
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T16:45:03.649359+00:00'
  event_record_id: 5
  correlation: {}
  execution:
    process_id: 0
    thread_id: 0
  channel: Application
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: ''
event_data:
  Data:
  - shrink
  - (C:)
  Binary: AAAAAC4CAAASAgAAAAAAACI2eWJTO7YXZ+MAAAAAAAAAAAAA
message: The storage optimizer successfully completed shrink on (C:)

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 262 — The storage optimizer skipped slab consolidation on OS (C:) because: Slab size is too small.

Provider: Microsoft-Windows-Defrag
Channel: Application
Level: 4
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-Defrag
  guid: ''
  event_source_name: ''
  event_id: 262
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2026-01-28T03:03:30.594963+00:00'
  event_record_id: 260
  correlation: {}
  execution:
    process_id: 5876
    thread_id: 0
  channel: Application
  computer: JD-commando
  security:
    user_id: ''
event_data:
  Data:
  - slab consolidation
  - OS (C:)
  - Slab size is too small. (0x8900002D)
  Binary: LQAAiX8EAAARAgAAFAIAACI2uULZsb04GwcAAAAAAAAAAAAA
message: 'The storage optimizer skipped slab consolidation on OS (C:) because: Slab
  size is too small. (0x8900002D)'

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 264 —

Provider: Microsoft-Windows-Defrag
Channel: Application
Level: 4
Samples: 1

Fields

Name	Description
`Data_0`	—
`Data_1`	—
`Data_2`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-Defrag
  guid: ''
  event_source_name: ''
  event_id: 264
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-06T01:13:25.597872+00:00'
  event_record_id: 1984
  correlation: {}
  execution:
    process_id: 12888
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  Data_0: boot optimization
  Data_1: Windows (C:)
  Data_2: The user cancelled the operation. (0x89000006)
  Binary: 0600008926040000310300003403000022B630DF6479C7F6E26C1C000000000000000000
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline