Microsoft-Windows-EnhancedPhishingProtection-Events

1 events across 1 channel

Event ID 8265: Aggregated Threat assessment of current system instance

#
Provider
Microsoft-Windows-EnhancedPhishingProtection-Events
Channel
System

Description

Aggregated Threat assessment of current system instance.

Message #

Aggregated Threat assessment of current system instance

Fields #

NameDescription
ThreatId GUID
Verdict UnicodeString
UserSid UnicodeString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID e8abc5fb-bf87-5462-278d-1b5e18775a8f

Defined in ThreatAssessment.dll, which carries the event manifest.

Observed on:

  • Win11-26200.6584 · schema read from the registered manifest · binary version 1.0.0.221 · captured 2026-06-02

Downloads

Credits

  • Microsoft - authored the ETW manifests and PDBs the schema comes from
  • jdu2600 - the event-schema TSV format this catalog adopted
  • nasbench - the tool that dumps registered providers and manifests