Microsoft-Windows-Diagnostics-Performance
113 events across 3 channels
Event ID 100 — Windows has started up.
#Description
Windows has started up.
Message #
Fields #
| Name | Description |
|---|---|
BootTsVersion UInt32 | — |
BootStartTime FILETIME | — |
BootEndTime FILETIME | — |
SystemBootInstance UInt32 | — |
UserBootInstance UInt32 | — |
BootTime UInt32 | — |
MainPathBootTime UInt32 | — |
BootKernelInitTime UInt32 | — |
BootDriverInitTime UInt32 | — |
BootDevicesInitTime UInt32 | — |
BootPrefetchInitTime UInt32 | — |
BootPrefetchBytes UInt32 | — |
BootAutoChkTime UInt32 | — |
BootSmssInitTime UInt32 | — |
BootCriticalServicesInitTime UInt32 | — |
BootUserProfileProcessingTime UInt32 | — |
BootMachineProfileProcessingTime UInt32 | — |
BootExplorerInitTime UInt32 | — |
BootNumStartupApps UInt32 | — |
BootPostBootTime UInt32 | — |
BootIsRebootAfterInstall Boolean | — |
BootRootCauseStepImprovementBits UInt32 | — |
BootRootCauseGradualImprovementBits UInt32 | — |
BootRootCauseStepDegradationBits UInt32 | — |
BootRootCauseGradualDegradationBits UInt32 | — |
BootIsDegradation Boolean | — |
BootIsStepDegradation Boolean | — |
BootIsGradualDegradation Boolean | — |
BootImprovementDelta UInt32 | — |
BootDegradationDelta UInt32 | — |
BootIsRootCauseIdentified Boolean | — |
OSLoaderDuration UInt32 | — |
BootPNPInitStartTimeMS UInt32 | — |
BootPNPInitDuration UInt32 | — |
OtherKernelInitDuration UInt32 | — |
SystemPNPInitStartTimeMS UInt32 | — |
SystemPNPInitDuration UInt32 | — |
SessionInitStartTimeMS UInt32 | — |
Session0InitDuration UInt32 | — |
Session1InitDuration UInt32 | — |
SessionInitOtherDuration UInt32 | — |
WinLogonStartTimeMS UInt32 | — |
OtherLogonInitActivityDuration UInt32 | — |
UserLogonWaitDuration UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 100,
"version": 2,
"level": 1,
"task": 4002,
"opcode": 34,
"keywords": 9223372036854841344,
"time_created": "2023-11-05T22:33:58.036254+00:00",
"event_record_id": 38,
"correlation": {
"ActivityID": "E4DB489E-1037-0003-0982-DBE43710DA01"
},
"execution": {
"process_id": 3160,
"thread_id": 3556
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"BootTsVersion": 2,
"BootStartTime": "2023-11-05T22:32:00.970725Z",
"BootEndTime": "2023-11-05T22:33:56.389945Z",
"SystemBootInstance": 8,
"UserBootInstance": 2,
"BootTime": 110680,
"MainPathBootTime": 34629,
"BootKernelInitTime": 164,
"BootDriverInitTime": 1567,
"BootDevicesInitTime": 2810,
"BootPrefetchInitTime": 0,
"BootPrefetchBytes": 0,
"BootAutoChkTime": 0,
"BootSmssInitTime": 6391,
"BootCriticalServicesInitTime": 1441,
"BootUserProfileProcessingTime": 1084,
"BootMachineProfileProcessingTime": 456,
"BootExplorerInitTime": 18858,
"BootNumStartupApps": 3,
"BootPostBootTime": 76051,
"BootIsRebootAfterInstall": false,
"BootRootCauseStepImprovementBits": 0,
"BootRootCauseGradualImprovementBits": 0,
"BootRootCauseStepDegradationBits": 13631488,
"BootRootCauseGradualDegradationBits": 13631488,
"BootIsDegradation": true,
"BootIsStepDegradation": true,
"BootIsGradualDegradation": true,
"BootImprovementDelta": 0,
"BootDegradationDelta": 68995,
"BootIsRootCauseIdentified": true,
"OSLoaderDuration": 3107,
"BootPNPInitStartTimeMS": 164,
"BootPNPInitDuration": 4163,
"OtherKernelInitDuration": 445,
"SystemPNPInitStartTimeMS": 4495,
"SystemPNPInitDuration": 1301,
"SessionInitStartTimeMS": 5910,
"Session0InitDuration": 1013,
"Session1InitDuration": 219,
"SessionInitOtherDuration": 5158,
"WinLogonStartTimeMS": 12302,
"OtherLogonInitActivityDuration": 1926,
"UserLogonWaitDuration": 4739
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 101 — This application took longer than usual to start up, resulting in a performance degradation in the system startup process.
#Description
This application took longer than usual to start up, resulting in a performance degradation in the system startup process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 101,
"version": 1,
"level": 3,
"task": 4002,
"opcode": 33,
"keywords": 9223372036854841344,
"time_created": "2023-11-05T22:33:58.036338+00:00",
"event_record_id": 44,
"correlation": {
"ActivityID": "E4DB489E-1037-0003-0982-DBE43710DA01"
},
"execution": {
"process_id": 3160,
"thread_id": 3556
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-11-05T22:32:00.970725Z",
"NameLength": 28,
"Name": "StartMenuExperienceHost.exe",
"FriendlyNameLength": 30,
"FriendlyName": "Windows Start Experience Host",
"VersionLength": 39,
"Version": "10.0.22621.2361 (WinBuild.160101.0800)",
"TotalTime": 6125,
"DegradationTime": 3625,
"PathLength": 106,
"Path": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe",
"ProductNameLength": 37,
"ProductName": "Microsoft® Windows® Operating System",
"CompanyNameLength": 22,
"CompanyName": "Microsoft Corporation"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 102 — This driver took longer to initialize, resulting in a performance degradation in the system start up process.
#Description
This driver took longer to initialize, resulting in a performance degradation in the system start up process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 102,
"version": 1,
"level": 3,
"task": 4002,
"opcode": 33,
"keywords": 9223372036854841344,
"time_created": "2023-10-25T22:05:44.601509+00:00",
"event_record_id": 25,
"correlation": {
"ActivityID": "028F2288-078F-0001-413E-8F028F07DA01"
},
"execution": {
"process_id": 2484,
"thread_id": 3796
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-10-25T22:02:56.552302Z",
"NameLength": 7,
"Name": "VfpExt",
"FriendlyNameLength": 30,
"FriendlyName": "Microsoft Azure VFP Extension",
"VersionLength": 36,
"Version": "10.0.22621.1 (WinBuild.160101.0800)",
"TotalTime": 8403,
"DegradationTime": 6903,
"PathLength": 39,
"Path": "C:\\Windows\\system32\\drivers\\vfpext.sys",
"ProductNameLength": 37,
"ProductName": "Microsoft® Windows® Operating System",
"CompanyNameLength": 22,
"CompanyName": "Microsoft Corporation"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 103 — This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process.
Description
This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 104 — Core system took longer to initialize, resulting in a performance degradation in the system start up process.
Event ID 105 — Foreground optimizations (prefetching) took longer to complete, resulting in a performance degradation in the system start up process.
Event ID 106 — Background optimizations (prefetching) took longer to complete, resulting in a performance degradation in the system start up process.
Event ID 107 — Application of machine policy caused a slow down in the system start up process.
Description
Application of machine policy caused a slow down in the system start up process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 107,
"version": 1,
"level": 3,
"task": 4002,
"opcode": 33,
"keywords": 9223372036854841344,
"time_created": "2026-02-10T04:13:48.386918+00:00",
"event_record_id": 13,
"correlation": {
"ActivityID": "43A6D212-9A2A-0007-EC4C-A7432A9ADC01"
},
"execution": {
"process_id": 3924,
"thread_id": 4184
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "LAB-WIN11.ludus.domain",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2026-02-10T01:12:02.866821Z",
"NameLength": 25,
"Name": "MachinePolicyApplication",
"TotalTime": 2121,
"DegradationTime": 1121
},
"message": ""
}
Event ID 108 — Application of user policy caused a slow down in the system start up process.
Event ID 109 — This device took longer to initialize, resulting in a performance degradation in the system start up process.
Description
This device took longer to initialize, resulting in a performance degradation in the system start up process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 110 — Session manager initialization caused a slow down in the startup process.
#Description
Session manager initialization caused a slow down in the startup process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 110,
"version": 1,
"level": 3,
"task": 4002,
"opcode": 33,
"keywords": 9223372036854841344,
"time_created": "2023-10-25T22:05:44.601513+00:00",
"event_record_id": 26,
"correlation": {
"ActivityID": "028F2288-078F-0001-413E-8F028F07DA01"
},
"execution": {
"process_id": 2484,
"thread_id": 3796
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-10-25T22:02:56.552302Z",
"NameLength": 9,
"Name": "SMSSInit",
"TotalTime": 17567,
"DegradationTime": 7567
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 200 — Windows has shutdown.
#Description
Windows has shutdown.
Message #
Fields #
| Name | Description |
|---|---|
ShutdownTsVersion UInt32 | — |
ShutdownStartTime FILETIME | — |
ShutdownEndTime FILETIME | — |
ShutdownTime UInt32 | — |
ShutdownUserSessionTime UInt32 | — |
ShutdownUserPolicyTime UInt32 | — |
ShutdownUserProfilesTime UInt32 | — |
ShutdownSystemSessionsTime UInt32 | — |
ShutdownPreShutdownNotificationsTime UInt32 | — |
ShutdownServicesTime UInt32 | — |
ShutdownKernelTime UInt32 | — |
ShutdownRootCauseStepImprovementBits UInt32 | — |
ShutdownRootCauseGradualImprovementBits UInt32 | — |
ShutdownRootCauseStepDegradationBits UInt32 | — |
ShutdownRootCauseGradualDegradationBits UInt32 | — |
ShutdownIsDegradation Boolean | — |
ShutdownTimeChange Int32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 200,
"version": 1,
"level": 3,
"task": 4007,
"opcode": 40,
"keywords": 9223372036854841344,
"time_created": "2023-11-05T22:33:56.991516+00:00",
"event_record_id": 36,
"correlation": {
"ActivityID": "E4DB489E-1037-0001-FD89-DBE43710DA01"
},
"execution": {
"process_id": 3160,
"thread_id": 3468
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"ShutdownTsVersion": 1,
"ShutdownStartTime": "2023-11-05T22:31:30.287074Z",
"ShutdownEndTime": "2023-11-05T22:31:43.106260Z",
"ShutdownTime": 12819,
"ShutdownUserSessionTime": 3778,
"ShutdownUserPolicyTime": 17,
"ShutdownUserProfilesTime": 236,
"ShutdownSystemSessionsTime": 6148,
"ShutdownPreShutdownNotificationsTime": 1596,
"ShutdownServicesTime": 4185,
"ShutdownKernelTime": 2892,
"ShutdownRootCauseStepImprovementBits": 0,
"ShutdownRootCauseGradualImprovementBits": 0,
"ShutdownRootCauseStepDegradationBits": 72,
"ShutdownRootCauseGradualDegradationBits": 0,
"ShutdownIsDegradation": true,
"ShutdownTimeChange": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 201 — This application caused a delay in the system shutdown process.
Description
This application caused a delay in the system shutdown process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 202 — This device caused a delay in the system shutdown process.
Description
This device caused a delay in the system shutdown process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 203 — This service caused a delay in the system shutdown process.
#Description
This service caused a delay in the system shutdown process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 203,
"version": 1,
"level": 3,
"task": 4007,
"opcode": 41,
"keywords": 9223372036854841344,
"time_created": "2023-11-05T22:33:56.991549+00:00",
"event_record_id": 37,
"correlation": {
"ActivityID": "E4DB489E-1037-0001-FD89-DBE43710DA01"
},
"execution": {
"process_id": 3160,
"thread_id": 3468
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-11-05T22:31:30.287074Z",
"NameLength": 10,
"Name": "WinDefend",
"FriendlyNameLength": 0,
"FriendlyName": "",
"VersionLength": 0,
"Version": "",
"TotalTime": 4054,
"DegradationTime": 54,
"PathLength": 83,
"Path": "\"c:\\programdata\\microsoft\\windows defender\\platform\\4.18.23090.2008-0\\msmpeng.exe\"",
"ProductNameLength": 0,
"ProductName": "",
"CompanyNameLength": 0,
"CompanyName": ""
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 300 — Windows has resumed from standby.
Description
Windows has resumed from standby.
Message #
Fields #
| Name | Description |
|---|---|
StandbyTsVersion UInt32 | — |
StandbyAppCount UInt32 | — |
StandbyServicesCount UInt32 | — |
StandbyDevicesCount UInt32 | — |
StandbyStartTime FILETIME | — |
StandbyEndTime FILETIME | — |
StandbySuspendTotal UInt32 | — |
StandbySuspendTotalChange Int32 | — |
StandbySuspendQueryApps UInt32 | — |
StandbySuspendQueryAppsChange Int32 | — |
StandbySuspendQueryServices UInt32 | — |
StandbySuspendQueryServicesChange Int32 | — |
StandbySuspendApps UInt32 | — |
StandbySuspendAppsChange Int32 | — |
StandbySuspendServices UInt32 | — |
StandbySuspendServicesChange Int32 | — |
StandbySuspendShowUI UInt32 | — |
StandbySuspendShowUIChange Int32 | — |
StandbySuspendSuperfetchPageIn UInt32 | — |
StandbySuspendSuperfetchPageInChange Int32 | — |
StandbySuspendWinlogon UInt32 | — |
StandbySuspendWinlogonChange Int32 | — |
StandbySuspendLockPageableSections UInt32 | — |
StandbySuspendLockPageableSectionsChange Int32 | — |
StandbySuspendPreSleepCallbacks UInt32 | — |
StandbySuspendPreSleepCallbacksChange Int32 | — |
StandbySuspendSwapInWorkerThreads UInt32 | — |
StandbySuspendSwapInWorkerThreadsChange Int32 | — |
StandbySuspendQueryDevices UInt32 | — |
StandbySuspendQueryDevicesChange Int32 | — |
StandbySuspendFlushVolumes UInt32 | — |
StandbySuspendFlushVolumesChange Int32 | — |
StandbySuspendSuspendDevices UInt32 | — |
StandbySuspendSuspendDevicesChange Int32 | — |
StandbySuspendHibernateWrite UInt32 | — |
StandbySuspendHibernateWriteChange Int32 | — |
ResumeStartTime FILETIME | — |
ResumeEndTime FILETIME | — |
StandbyResumeTotal UInt32 | — |
StandbyResumeTotalChange Int32 | — |
StandbyResumeHibernateRead UInt32 | — |
StandbyResumeHibernateReadChange Int32 | — |
StandbyResumeS3BiosInitTime UInt32 | — |
StandbyResumeS3BiosInitTimeChange Int32 | — |
StandbyResumeResumeDevices UInt32 | — |
StandbyResumeResumeDevicesChange Int32 | — |
StandbyRootCauseDegradationGradual UInt32 | — |
StandbyRootCauseImprovementGradual UInt32 | — |
StandbyRootCauseDegradationStep UInt32 | — |
StandbyRootCauseImprovementStep UInt32 | — |
StandbyIsDegradation Boolean | — |
StandbyIsTroubleshooterLaunched Boolean | — |
StandbyIsRootCauseIdentified Boolean | — |
Event ID 301 — This application caused a delay during standby.
Description
This application caused a delay during standby.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 302 — This driver caused a delay during standby while servicing a device.
Description
This driver caused a delay during standby while servicing a device.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
DeviceNameLength UInt32 | — |
DeviceName UnicodeString | — |
DeviceFriendlyNameLength UInt32 | — |
DeviceFriendlyName UnicodeString | — |
DeviceTotalTime UInt32 | — |
DeviceDegradationTime UInt32 | — |
Event ID 303 — This service caused a delay during hybrid-sleep.
Description
This service caused a delay during hybrid-sleep.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 304 — Creation of the hiber-file was slower than expected.
Event ID 305 — Persisting disk caches was slower than expected.
Event ID 306 — Preparing the video subsystem for sleep was slower than expected.
Event ID 307 — Preparing Winlogon for sleep was slower than expected.
Event ID 308 — Preparing system memory for sleep was slower than expected.
Event ID 309 — Preparing core system for sleep was slower than expected.
Event ID 310 — Preparing system worker threads for sleep was slower than expected.
Event ID 350 — Bios initialization time was greater than 250ms (logo requirement) during system resume.
Event ID 351 — This driver responded slower than expected to the resume request while servicing this device.
Description
This driver responded slower than expected to the resume request while servicing this device.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
DeviceNameLength UInt32 | — |
DeviceName UnicodeString | — |
DeviceFriendlyNameLength UInt32 | — |
DeviceFriendlyName UnicodeString | — |
DeviceTotalTime UInt32 | — |
DeviceDegradationTime UInt32 | — |
Event ID 352 — Reading the hiber-file was slower than expected.
Event ID 400 — Information about the system performance monitoring event.
Description
Information about the system performance monitoring event.
Message #
Fields #
| Name | Description |
|---|---|
ShellScenarioStartTime FILETIME | — |
ShellScenarioEndTime FILETIME | — |
ShellSubScenario UInt32 | — |
ShellScenarioDuration UInt32 | — |
ShellRootCauseBits UInt32 | — |
ShellAnalysisResult UInt32 | — |
ShellDegradationType UInt32 | — |
ShellTsVersion UInt32 | — |
ShellMachineUpTimeHours UInt32 | — |
ShellMachineSleepPattern UInt32 | — |
Event ID 401 — This process is using up processor time and is impacting the performance of Windows.
Description
This process is using up processor time and is impacting the performance of Windows.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 402 — This process is doing excessive disk activities and is impacting the performance of Windows.
Description
This process is doing excessive disk activities and is impacting the performance of Windows.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 403 — This driver is using up too many resources and is impacting the performance of Windows.
Description
This driver is using up too many resources and is impacting the performance of Windows.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 404 — This driver is waiting longer than expected on a device.
Description
This driver is waiting longer than expected on a device.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 405 — This file is fragmented and is impacting the performance of Windows.
Description
This file is fragmented and is impacting the performance of Windows.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 406 — Disk IO to this file is taking longer than expected.
Description
Disk IO to this file is taking longer than expected.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
ThreadTime UInt32 | — |
BlockedTime UInt32 | — |
PercentTime Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 407 — This process is using up too much system memory.
Description
This process is using up too much system memory.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
WorkingSetSizeKb UInt32 | — |
PeakWorkingSetSizeKb UInt32 | — |
ProcessId UInt32 | — |
PercentMemory Double | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Event ID 408 — Many processes are using too much system memory.
Event ID 500 — The Desktop Window Manager is experiencing heavy resource contention.
Event ID 501 — The Desktop Window Manager is experiencing heavy resource contention.
Event ID 1002 — Status
Event ID 1006 — Status
Message #
Event ID 1007 — Status
Event ID 1010 — Status
Message #
Event ID 1012 — Status
Message #
Event ID 1014 — Status
Message #
Event ID 1022 — Status
Message #
Event ID 1024 — Status
Message #
Event ID 1026 — Status
Message #
Event ID 1027 — Status
Message #
Event ID 1028 — Status
Message #
Event ID 1030 — Status
Message #
Event ID 2001 — Status
Message #
Event ID 2002 — Status
Message #
Event ID 2003 — Status
Message #
Event ID 2004 — Status
Message #
Event ID 2007 — Status
Event ID 2008 — Status
Event ID 2009 — Status
Event ID 2010 — Status
Event ID 2011 — Status
Event ID 2012 — Status
Event ID 7001 — Status
Message #
Event ID 7101 — Status
Message #
Event ID 7102 — Status
Message #
Event ID 7103 — Status
Message #
Event ID 7104 — Status
Message #
Event ID 7105 — Status
Message #
Event ID 7106 — Status
Message #
Event ID 8003 — Status
Message #
Event ID 8005 — Status
Message #
Event ID 8008 — Status
Message #
Event ID 8010 — Status
Message #
Event ID 8011 — Status
Message #
Event ID 8013 — Status
Message #
Event ID 9003 — Status
Event ID 9007 — Status
Message #
Event ID 9009 — Status
Event ID 9011 — Status
Message #
Event ID 9013 — Status
Message #
Event ID 10001 — Status
Message #
Event ID 11001 —
Fields #
| Name | Description |
|---|---|
GUID GUID | — |
EventId UInt16 | — |
InternalState UInt32 | — |
Event ID 11002 —
Fields #
| Name | Description |
|---|---|
NewState UInt32 | — |
Event ID 11003 —
Event ID 11005 —
Event ID 11006 —
Fields #
| Name | Description |
|---|---|
HResult UInt32 | — |