Microsoft-Windows-DeviceGuard

11 events across 1 channel

Event ID	Title	Channel
6000	CodeIntegrity attempted to load the policy located at PolicyFilePath, but failed …	Operational
6001	CodeIntegrity attempted to load token TokenID but failed with status Status.	Operational
6002	CodeIntegrity successfully loaded token Token.	Operational
6003	This event contains additional information for token Token.	Operational
7000	Device Guard successfully processed the Group Policy: Virtualization Based …	Operational
7001	Device Guard failed to process the Group Policy to enable Virtualization Based …	Operational
7002	Device Guard failed to process the Group Policy to disable Virtualization Based …	Operational
7010	Device Guard successfully processed the Group Policy: Configurable Code …	Operational
7011	Device Guard failed to process the Group Policy to enable Configurable Code …	Operational
7012	Device Guard failed to process the Group Policy to disable Configurable Code …	Operational
7013	Device Guard is not available in this edition of Windows	Operational

Event ID 6000 — CodeIntegrity attempted to load the policy located at PolicyFilePath, but failed with status code ErrorCode.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Level: Error
Opcode: ManageCI

Description

CodeIntegrity attempted to load the policy located at PolicyFilePath, but failed with status code ErrorCode.

Message #

CodeIntegrity attempted to load the policy located at %1, but failed with status code %2

Fields #

Name	Description
`PolicyFilePath` UnicodeString	—
`ErrorCode` HexInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceGuard",
    "guid": "F717D024-F5B4-4F03-9AB9-331B2DC38FFB",
    "event_source_name": "",
    "event_id": 6000,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 200,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-09T01:38:04.902778+00:00",
    "event_record_id": 32,
    "correlation": {},
    "execution": {
      "process_id": 1872,
      "thread_id": 9840
    },
    "channel": "Microsoft-Windows-DeviceGuard/Operational",
    "computer": "LAB-WIN11",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "PolicyFilePath": "\\SystemRoot\\Boot\\EFI\\WinSiPolicy.p7b",
    "ErrorCode": "0x80070006"
  },
  "message": ""
}

Event ID 6001 — CodeIntegrity attempted to load token TokenID but failed with status Status.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: ManageCI

Description

CodeIntegrity attempted to load token TokenID but failed with status Status.

Message #

CodeIntegrity attempted to load token %1 but failed with status %2

Fields #

Name	Description
`TokenID` UnicodeString	—
`Status` UInt32	— NTSTATUS reference

Event ID 6002 — CodeIntegrity successfully loaded token Token.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: ManageCI

Description

CodeIntegrity successfully loaded token Token.

Message #

CodeIntegrity successfully loaded token %1

Fields #

Name	Description
`Token` UnicodeString	—
`TenantID` GUID	—
`Type` UInt32	—
`TBS256Count` UInt32	—
`TBS384Count` UInt32	—
`TBS512Count` UInt32	—

Event ID 6003 — This event contains additional information for token Token.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: ManageCI

Description

This event contains additional information for token Token.

Message #

This event contains additional information for token %1

Fields #

Name	Description
`Token` UnicodeString	—
`HashAlgo` UnicodeString	—
`TbsHashLen` UInt32	—
`TbsHash` Binary	—

Event ID 7000 — Device Guard successfully processed the Group Policy: Virtualization Based Security = VirtualizationBasedSecurity, Secure Boot = SecureBoot, DMA Protection = DmaProtection, Virtualization Bas...

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Message #

Device Guard successfully processed the Group Policy: Virtualization Based Security  = %1,  Secure Boot = %2, DMA Protection = %3,  Virtualization Based Code Integrity = %4, Credential Guard = %5, Reboot required = %6, Status = %7.

Fields #

Name	Description
`VirtualizationBasedSecurity` UInt32	—
`SecureBoot` UnicodeString	—
`DmaProtection` UnicodeString	—
`HVCI` UnicodeString	—
`LSA` UnicodeString	—
`MachineIdentityIsolation` UnicodeString	—
`KernelShadowStacks` UInt32	—
`Reboot` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Event ID 7001 — Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = Status): ErrorMessage.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = Status): ErrorMessage.

Message #

Device Guard failed to process the Group Policy to enable Virtualization Based Security (Status = %1): %2

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference
`ErrorMessage` UnicodeString	—

Event ID 7002 — Device Guard failed to process the Group Policy to disable Virtualization Based Security (Status = Status): ErrorMessage.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard failed to process the Group Policy to disable Virtualization Based Security (Status = Status): ErrorMessage.

Message #

Device Guard failed to process the Group Policy to disable Virtualization Based Security (Status = %1): %2

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference
`ErrorMessage` UnicodeString	—

Event ID 7010 — Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = SiPolicy, Policy file path = PolicyFilePath, Reboot required = Reboot, Status ...

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = SiPolicy, Policy file path = PolicyFilePath, Reboot required = Reboot, Status = Status.

Message #

Device Guard successfully processed the Group Policy: Configurable Code Integrity Policy = %1,  Policy file path = %2, Reboot required = %3, Status = %4.

Fields #

Name	Description
`SiPolicy` UnicodeString	—
`PolicyFilePath` UnicodeString	—
`Reboot` UnicodeString	—
`Status` HexInt32	— NTSTATUS reference

Event ID 7011 — Device Guard failed to process the Group Policy to enable Configurable Code Integrity Policy (Status = Status): ErrorMessage.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard failed to process the Group Policy to enable Configurable Code Integrity Policy (Status = Status): ErrorMessage.

Message #

Device Guard failed to process the Group Policy to enable Configurable Code Integrity Policy (Status = %1): %2

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference
`ErrorMessage` UnicodeString	—

Event ID 7012 — Device Guard failed to process the Group Policy to disable Configurable Code Integrity Policy (Status = Status): ErrorMessage.

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard failed to process the Group Policy to disable Configurable Code Integrity Policy (Status = Status): ErrorMessage.

Message #

Device Guard failed to process the Group Policy to disable Configurable Code Integrity Policy (Status = %1): %2

Fields #

Name	Description
`Status` HexInt32	— NTSTATUS reference
`ErrorMessage` UnicodeString	—

Event ID 7013 — Device Guard is not available in this edition of Windows

Provider: Microsoft-Windows-DeviceGuard
Channel: Operational
Opcode: DeviceGuard

Description

Device Guard is not available in this edition of Windows.

Message #

Device Guard is not available in this edition of Windows