Event ID 102 — This driver took longer to initialize, resulting in a performance degradation in the system start up process.
Description
This driver took longer to initialize, resulting in a performance degradation in the system start up process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 102,
"version": 1,
"level": 3,
"task": 4002,
"opcode": 33,
"keywords": 9223372036854841344,
"time_created": "2023-10-25T22:05:44.601509+00:00",
"event_record_id": 25,
"correlation": {
"ActivityID": "028F2288-078F-0001-413E-8F028F07DA01"
},
"execution": {
"process_id": 2484,
"thread_id": 3796
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-10-25T22:02:56.552302Z",
"NameLength": 7,
"Name": "VfpExt",
"FriendlyNameLength": 30,
"FriendlyName": "Microsoft Azure VFP Extension",
"VersionLength": 36,
"Version": "10.0.22621.1 (WinBuild.160101.0800)",
"TotalTime": 8403,
"DegradationTime": 6903,
"PathLength": 39,
"Path": "C:\\Windows\\system32\\drivers\\vfpext.sys",
"ProductNameLength": 37,
"ProductName": "Microsoft® Windows® Operating System",
"CompanyNameLength": 22,
"CompanyName": "Microsoft Corporation"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline