detection.wiki

Microsoft-Windows-FileHistory-Service

10 events across 1 channel

Event IDTitleChannel
1Debug
2Debug
3Debug
4Debug
5Debug
6Debug
7Debug
8Debug
9Debug
10Debug

Event ID 1 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
ConfigurationLoad
Opcode
Start

Event ID 2 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
ConfigurationLoad
Opcode
Stop

Fields #

NameDescription
Result Int32
ConfigFilePath UnicodeString

Event ID 3 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
CatalogLoad
Opcode
Start

Fields #

NameDescription
CatalogPath1 UnicodeString
CatalogPath2 UnicodeString

Event ID 4 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
CatalogLoad
Opcode
Stop

Fields #

NameDescription
Result Int32
CatalogPath1 UnicodeString
CatalogPath2 UnicodeString

Event ID 5 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
ConfigurationSave
Opcode
Start

Fields #

NameDescription
ConfigFilePath UnicodeString

Event ID 6 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
ConfigurationSave
Opcode
Stop

Fields #

NameDescription
ConfigFilePath UnicodeString

Event ID 7 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
BackupCycle
Opcode
Start

Fields #

NameDescription
ConfigFilePath UnicodeString
BackupType UInt32

Event ID 8 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
BackupCycle
Opcode
Stop

Fields #

NameDescription
ConfigFilePath UnicodeString

Event ID 9 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
BackupStop
Opcode
Start

Fields #

NameDescription
ConfigFilePath UnicodeString
StopSync Boolean

Event ID 10 —

Provider
Microsoft-Windows-FileHistory-Service
Channel
Debug
Task
BackupStop
Opcode
Stop

Fields #

NameDescription
ConfigFilePath UnicodeString
StopSync Boolean