Description

DSM service feature Prop_FeatureId is Prop_FeatureEnablement.

Message #

DSM service feature %1 is %2.

Fields #

Description

DSM service is idle and waiting for Prop_IdleWait.

Message #

DSM service is idle and waiting for %1.

Fields #

Description

DSM service is running in special OOBE based on OS product policy.

Message #

DSM service is running in special OOBE based on OS product policy.

Description

Auto download settings have been committed in OOBE: Store App Updates Prop_AppUpdatesEnablement, Windows Updates Prop_WindowsUpdatesEnablement.

Message #

Auto download settings have been committed in OOBE: Store App Updates %1, Windows Updates %2.

Fields #

Description

Device container Prop_ContainerId is queued for setup.

Message #

Device container %1 is queued for setup.

Fields #

Description

Prop_ServerSelection search started.

Message #

%1 search started.

Fields #

Description

Prop_ServerSelection search completed.

Message #

%1 search completed.

Fields #

Description

Prop_ServerSelection search failed with error HRESULT.

Message #

%1 search failed with error %2.

Fields #

Description

Driver update search is being cancelled.

Message #

Driver update search is being cancelled.

Description

Prop_ServerSelection search was cancelled.

Message #

%1 search was cancelled.

Fields #

Description

Driver recovery on reboot task is Prop_TaskEnablement.

Message #

Driver recovery on reboot task is %1.

Fields #

Description

Driver recovery on reboot task is .

Fields #

Description

Driver recovery action is requested since it was queued for the next reboot.

Message #

Driver recovery action is requested since it was queued for the next reboot.

Description

Driver recovery action is requested since it was queued for the next reboot.

Description

Driver recovery request is received. Last trigger: Prop_DriverRecoveryRequest.

Message #

Driver recovery request is received. Last trigger: %1.

Fields #

Description

Driver recovery request is received. Last trigger: .

Fields #

Description

DSM service started, mode is Prop_CoreServiceMode, last session (or boot) was Prop_Event_Window_Seconds seconds ago.

Message #

DSM service started, mode is %1, last session (or boot) was %2 seconds ago.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 100,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T06:25:40.195484+00:00",
    "event_record_id": 71,
    "correlation": {},
    "execution": {
      "process_id": 1856,
      "thread_id": 2020
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_CoreServiceMode": 3,
    "Prop_Event_Window_Seconds": 0
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

DSM Service is shutting down. Service uptime was Prop_UpTime_Seconds seconds, active worktime was Prop_WorkTime_MilliSeconds ms.

Message #

DSM Service is shutting down. Service uptime was %1 seconds, active worktime was %2 ms.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 101,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:31:27.668358+00:00",
    "event_record_id": 80,
    "correlation": {
      "ActivityID": "59A0D65F-1037-0002-780C-A1593710DA01"
    },
    "execution": {
      "process_id": 3256,
      "thread_id": 5088
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_UpTime_Seconds": 45,
    "Prop_WorkTime_MilliSeconds": 943
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

DSM Service dll has loaded.

Message #

DSM Service dll has loaded.

Description

DSM Service dll is unloading.

Message #

DSM Service dll is unloading.

Description

DSM Service failed to start, result=HRESULT.

Message #

DSM Service failed to start, result=%1.

Fields #

Description

DSM Service is entering a retry sequence because soft (retryable) errors were encountered.

Message #

DSM Service is entering a retry sequence because soft (retryable) errors were encountered.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 105,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T22:48:32.040193+00:00",
    "event_record_id": 61,
    "correlation": {},
    "execution": {
      "process_id": 1028,
      "thread_id": 2344
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

DSM Service is leaving the retry state, there have been Prop_RetryCycleCount retry cycles in this session.

Message #

DSM Service is leaving the retry state, there have been %1 retry cycles in this session.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 106,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T22:49:06.917617+00:00",
    "event_record_id": 63,
    "correlation": {},
    "execution": {
      "process_id": 1028,
      "thread_id": 2344
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_RetryCycleCount": 1
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

DSM service has shut down.

Message #

DSM service has shut down.

Description

DSM service has entered service state 'Prop_CoreServiceState'.

Message #

DSM service has entered service state '%1'.

Fields #

Description

DSM service has entered service mode 'Prop_CoreServiceMode'.

Message #

DSM service has entered service mode '%1'.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 109,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T06:25:39.185383+00:00",
    "event_record_id": 70,
    "correlation": {},
    "execution": {
      "process_id": 1856,
      "thread_id": 2020
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_CoreServiceMode": 3
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Job (Prop_JobId) has started for device container 'Prop_ContainerId', type=Prop_JobType.

Message #

Job (%2) has started for device container '%1', type=%3.

Fields #

Description

Job (Prop_JobId) has completed for device container 'Prop_ContainerId', status=Prop_JobStatus.

Message #

Job (%2) has completed for device container '%1', status=%3.

Fields #

Description

Device container 'Prop_DeviceName' (Prop_ContainerId) has been serviced, processed Prop_TaskCount tasks, and wrote Prop_PropertyCount properties in Prop_WorkTime_MilliSeconds ms.

Message #

Device container '%1' (%2) has been serviced, processed %3 tasks, and wrote %4 properties in %5 ms.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 112,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-05T22:30:42.670052+00:00",
    "event_record_id": 79,
    "correlation": {},
    "execution": {
      "process_id": 3256,
      "thread_id": 4616
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_DeviceName": "Generic Monitor",
    "Prop_ContainerId": "1074B24D-B986-5A01-B420-B3D39C2F9286",
    "Prop_TaskCount": 4,
    "Prop_PropertyCount": 34,
    "Prop_WorkTime_MilliSeconds": 928
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Driver update(s) was downloaded for device 'Prop_PackageId' in Prop_MilliSeconds ms.

Message #

Driver update(s) was downloaded for device '%1' in %2 ms.

Fields #

Description

Driver update(s) install on device 'Prop_DevnodeId' failed with error HRESULT.

Message #

Driver update(s) install on device '%1' failed with error %2.

Fields #

Description

Access to drivers on Windows Update was blocked by policy.

Message #

Access to drivers on Windows Update was blocked by policy.

Fields #

Description

DSM service was delayed by Prop_Seconds seconds for a driver query/download/install on device 'Prop_DeviceId'.

Message #

DSM service was delayed by %1 seconds for a driver query/download/install on device '%2'.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 123,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T21:25:33.223885+00:00",
    "event_record_id": 10,
    "correlation": {},
    "execution": {
      "process_id": 2076,
      "thread_id": 3168
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_Seconds": 36,
    "Prop_DeviceId": "PCI\\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\\3&61AAA01&0&3F"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Driver Prop_PackageId was installed on device 'Prop_DeviceInstanceId' in Prop_MilliSeconds ms.

Message #

Driver %1 was installed on device '%2' in %3 ms.

Fields #

Description

Driver install on device 'Prop_DevnodeId' was blocked by PnP restriction policy.

Message #

Driver install on device '%1' was blocked by PnP restriction policy.

Fields #

Description

Device 'Prop_DeviceInstanceId' matched driver update Prop_PackageId.

Message #

Device '%1' matched driver update %2.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 126,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T21:25:25.745333+00:00",
    "event_record_id": 8,
    "correlation": {},
    "execution": {
      "process_id": 2076,
      "thread_id": 3168
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_DeviceInstanceId": "PCI\\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\\3&61AAA01&0&3F",
    "Prop_PackageId": "b5857a80-fd07-4a9d-9adf-2a3a6db94b7e"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Device 'Prop_DevnodeId' does not match any driver updates that are not optional.

Message #

Device '%1' does not match any driver updates that are not optional.

Fields #

Description

Metadata package Prop_MetadataPackageId was staged for device container Prop_ContainerId in Prop_StageTimeMilliSeconds ms.

Message #

Metadata package %1 was staged for device container %2 in %3 ms.

Fields #

Description

Metadata package staging for device container Prop_ContainerId failed with error HRESULT.

Message #

Metadata package staging for device container %1 failed with error %2.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 131,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T21:34:20.832199+00:00",
    "event_record_id": 21,
    "correlation": {},
    "execution": {
      "process_id": 6296,
      "thread_id": 5380
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_ContainerId": "{00000000-0000-0000-FFFF-FFFFFFFFFFFF}",
    "HRESULT": 2147943623
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Metadata package search for device container Prop_ContainerId on Windows Metadata and Internet Services (WMIS) failed with error HRESULT, HTTP status code: HTTPCode.

Message #

Metadata package search for device container %1 on Windows Metadata and Internet Services (WMIS) failed with error %2, HTTP status code: %3.

Fields #

Description

Metadata package Prop_PackageId download for device container Prop_ContainerId failed with error HRESULT.

Message #

Metadata package %1 download for device container %2 failed with error %3.

Fields #

Description

Metadata package search for device container Prop_ContainerId completed. Found package Prop_PackageId.

Message #

Metadata package search for device container %1 completed. Found package %2.

Fields #

Description

Metadata package search for device container Prop_ContainerId completed. No package is found.

Message #

Metadata package search for device container %1 completed. No package is found.

Fields #

Description

Metadata package Prop_PackageId was blocked.

Message #

Metadata package %1 was blocked.

Fields #

Description

Signature verification failed for metadata package Prop_PackageId from metadata store, error Error.

Message #

Signature verification failed for metadata package %1 from metadata store, error %2.

Fields #

Description

Metadata package Prop_PackageId was not fully staged due to signature verification: Prop_IsLegacySigCheckForFile1 for 'Prop_FileName1' had result HRESULT1, Prop_IsLegacySigCheckForFile2 for 'Prop_FileName2' had result HRESULT2.

Message #

Metadata package %1 was not fully staged due to signature verification: %2 for '%3' had result %4, %5 for '%6' had result %7.

Fields #

Description

Device 'Prop_DeviceName' (Prop_ContainerId) was removed.

Message #

Device '%1' (%2) was removed.

Fields #

Description

Device 'Prop_DeviceName' (Prop_ContainerId) failed to respond to a device removal request.

Message #

Device '%1' (%2) failed to respond to a device removal request.

Fields #

Description

Device 'Prop_DeviceName' (Prop_ContainerId) removal failed with error HRESULT.

Message #

Device '%1' (%2) removal failed with error %3.

Fields #

Description

Software Prop_SoftwareName was installed for device 'Prop_DeviceInstanceId' in Prop_InstallTime ms.

Message #

Software %1 was installed for device '%2' in %3 ms.

Fields #

Description

Software Prop_SoftwareName was not newer, Version: 'Prop_HiHighPartNew.Prop_LoHighPartNew.Prop_HiLowPartNew.Prop_LoLowPartNew'. Current Version: 'Prop_HiHighPartOld.Prop_LoHighPartOld.Prop_HiLowPartOld.Prop_LoLowPartOld'.

Message #

Software %1 was not newer, Version: '%2.%3.%4.%5'. Current Version: '%6.%7.%8.%9'.

Fields #

Description

Software Prop_SoftwareName failed installation with error Prop_DeviceInstanceId.

Message #

Software %1 failed installation with error %2.

Fields #

Description

Software Prop_SoftwareName failed installation with error Prop_DeviceInstanceId and process exit code Error.

Message #

Software %1 failed installation with error %2 and process exit code %3.

Fields #

Description

Software Prop_SoftwareName had non-critical error Prop_DeviceInstanceId during installation, will retry later.

Message #

Software %1 had non-critical error %2 during installation, will retry later.

Fields #

Description

Software Prop_SoftwareName is being launched with command line: 'Prop_CommandLine'.

Message #

Software %1 is being launched with command line: '%2'.

Fields #

Description

Device 'Prop_DeviceInstanceId' requested Store App for 'Prop_SoftwareLinks'.

Message #

Device '%1' requested Store App for '%2'.

Fields #

Description

Product for pfn IsFramework located: ProductId: Prop_ProductId, IsFramework: Prop_SoftwarePfn.

Message #

Product for pfn %1 located: ProductId: %2, IsFramework: %3.

Fields #

Description

Uninstalling existing pfn Prop_SoftwarePfn failed with error ErrorCode.

Message #

Uninstalling existing pfn %1 failed with error %2.

Fields #

Description

Store product Prop_ProductId is already installed and is being checked for updates.

Message #

Store product %1 is already installed and is being checked for updates.

Fields #

Description

Store product Prop_ProductId is being installed.

Message #

Store product %1 is being installed.

Fields #

Description

ProductId Prop_ProductId done processing, install Prop_InstallType completed with error %3.

Message #

ProductId %1 done processing, install %2 completed with error %3.

Fields #

Description

Store product Prop_ProductId install (Prop_InstallType) failed with error HRESULT.

Message #

Store product %1 install (%2) failed with error %3.

Fields #

Description

Retrieving entitlement for Store product Prop_ProductId failed with error ErrorCode.

Message #

Retrieving entitlement for Store product %1 failed with error %2.

Fields #

Description

Property heuristics for device container 'Prop_DeviceName' (Prop_ContainerId) completed in Prop_MilliSeconds ms.

Message #

Property heuristics for device container '%1' (%2) completed in %3 ms.

Fields #

Description

Property heuristics for device container 'Prop_DeviceName' (Prop_ContainerId) failed with error HRESULT.

Message #

Property heuristics for device container '%1' (%2) failed with error %3.

Fields #

Description

Connection to the Windows Update service could not be established.

Message #

Connection to the Windows Update service could not be established.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 200,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T22:48:31.260287+00:00",
    "event_record_id": 56,
    "correlation": {},
    "execution": {
      "process_id": 1028,
      "thread_id": 2300
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Connection to the Windows Metadata and Internet Services (WMIS) could not be established.

Message #

Connection to the Windows Metadata and Internet Services (WMIS) could not be established.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 201,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T22:48:32.032702+00:00",
    "event_record_id": 59,
    "correlation": {},
    "execution": {
      "process_id": 1028,
      "thread_id": 2344
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The Network List Manager reports no connectivity to the internet.

Message #

The Network List Manager reports no connectivity to the internet.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 202,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T22:48:32.030724+00:00",
    "event_record_id": 58,
    "correlation": {},
    "execution": {
      "process_id": 1028,
      "thread_id": 2344
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

The Network List Manager reports connection to the internet has been established.

Message #

The Network List Manager reports connection to the internet has been established.

Description

Registered the handler Prop_NotificationHandler for the app Prop_PackageId to handle notifications from the device container Prop_ContainerId.

Message #

Registered the handler %3 for the app %2 to handle notifications from the device container %1.

Fields #

Description

App Prop_PackageId already has a handler registered for the device container Prop_ContainerId.

Message #

App %2 already has a handler registered for the device container %1.

Fields #

Description

Device container Prop_ContainerId and app Prop_PackageId specify background task information, but registration failed with error HRESULT.

Message #

Device container %1 and app %2 specify background task information, but registration failed with error %3.

Fields #

Description

Unregistered for the Print background task after uninstalling the app Prop_PackageId.

Message #

Unregistered for the Print background task after uninstalling the app %1.

Fields #

Description

Unregistered for the Mobile Operator background task after uninstalling the app Prop_PackageId.

Message #

Unregistered for the Mobile Operator background task after uninstalling the app %1.

Fields #

Description

Requested download of the app Prop_PackageId from the store for device Prop_ContainerId.

Message #

Requested download of the app %2 from the store for device %1.

Fields #

Description

Successfully installed the app Prop_PackageId from the store for device Prop_ContainerId.

Message #

Successfully installed the app %2 from the store for device %1.

Fields #

Description

Encountered error trying to install app Prop_PackageId from the store for device Prop_ContainerId. This operation will be retried when the device is reconnected or the user logs on again.

Message #

Encountered error trying to install app %2 from the store for device %1.  This operation will be retried when the device is reconnected or the user logs on again.

Fields #

Description

Encountered error trying to install app Prop_PackageId from the store for device Prop_ContainerId.

Message #

Encountered error trying to install app %2 from the store for device %1.

Fields #

Description

Driver update(s) was installed on device 'Prop_DevnodeId' in Prop_MilliSeconds ms.

Message #

Driver update(s) was installed on device '%1' in %2 ms.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 234,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-10-25T21:25:33.223883+00:00",
    "event_record_id": 9,
    "correlation": {},
    "execution": {
      "process_id": 2076,
      "thread_id": 3168
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Admin",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_DevnodeId": "PCI\\VEN_15AD&DEV_0740&SUBSYS_074015AD&REV_10\\3&61AAA01&0&3F",
    "Prop_MilliSeconds": 36967
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Device container 'Prop_ContainerId' has entered the ready state.

Message #

Device container '%1' has entered the ready state.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 300,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 10,
    "keywords": 9223372036854775808,
    "time_created": "2023-10-25T22:50:55.529095+00:00",
    "event_record_id": 19,
    "correlation": {},
    "execution": {
      "process_id": 3156,
      "thread_id": 4092
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Operational",
    "computer": "WinDevEval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_ContainerId": "{FF3C9BFC-6A33-58E1-8CFA-A12CE4352D2F}"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Device setup for device container 'Prop_ContainerId' has been completed.

Message #

Device setup for device container '%1' has been completed.

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DeviceSetupManager",
    "guid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2",
    "event_source_name": "",
    "event_id": 301,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 11,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-05T22:30:42.666470+00:00",
    "event_record_id": 22,
    "correlation": {},
    "execution": {
      "process_id": 3256,
      "thread_id": 4616
    },
    "channel": "Microsoft-Windows-DeviceSetupManager/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Prop_ContainerId": "{1074B24D-B986-5A01-B420-B3D39C2F9286}"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Description

Device metadata that contains an extension namespace has been parsed for device container 'Prop_ContainerId', ExtensionNamespace = 'Prop_ServiceInfoNamespace', Culture = 'Prop_CultureCode'.

Message #

Device metadata that contains an extension namespace has been parsed for device container '%1', ExtensionNamespace = '%2', Culture = '%3'.

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Description

ENTER: Searching WU for driver updates.

Message #

ENTER: Searching WU for driver updates.

Description

EXIT: Searching WU for driver updates.

Message #

EXIT: Searching WU for driver updates.

Description

ENTER: Downloading driver update from WU.

Message #

ENTER: Downloading driver update from WU.

Description

EXIT: Downloading driver update from WU.

Message #

EXIT: Downloading driver update from WU.

Description

ENTER: Installing driver update from WU.

Message #

ENTER: Installing driver update from WU.

Description

EXIT: Installing driver update from WU.

Message #

EXIT: Installing driver update from WU.