Event ID 203 — This service caused a delay in the system shutdown process.
Description
This service caused a delay in the system shutdown process.
Message #
Fields #
| Name | Description |
|---|---|
StartTime FILETIME | — |
NameLength UInt32 | — |
Name UnicodeString | — |
FriendlyNameLength UInt32 | — |
FriendlyName UnicodeString | — |
VersionLength UInt32 | — |
Version UnicodeString | — |
TotalTime UInt32 | — |
DegradationTime UInt32 | — |
PathLength UInt32 | — |
Path UnicodeString | — |
ProductNameLength UInt32 | — |
ProductName UnicodeString | — |
CompanyNameLength UInt32 | — |
CompanyName UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Diagnostics-Performance",
"guid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A",
"event_source_name": "",
"event_id": 203,
"version": 1,
"level": 3,
"task": 4007,
"opcode": 41,
"keywords": 9223372036854841344,
"time_created": "2023-11-05T22:33:56.991549+00:00",
"event_record_id": 37,
"correlation": {
"ActivityID": "E4DB489E-1037-0001-FD89-DBE43710DA01"
},
"execution": {
"process_id": 3160,
"thread_id": 3468
},
"channel": "Microsoft-Windows-Diagnostics-Performance/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"StartTime": "2023-11-05T22:31:30.287074Z",
"NameLength": 10,
"Name": "WinDefend",
"FriendlyNameLength": 0,
"FriendlyName": "",
"VersionLength": 0,
"Version": "",
"TotalTime": 4054,
"DegradationTime": 54,
"PathLength": 83,
"Path": "\"c:\\programdata\\microsoft\\windows defender\\platform\\4.18.23090.2008-0\\msmpeng.exe\"",
"ProductNameLength": 0,
"ProductName": "",
"CompanyNameLength": 0,
"CompanyName": ""
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline