Microsoft-Windows-Install-Agent
9 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 2000 | Process Name: %1 Module Name: %2 Build: %3. | Operational |
| 2001 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2002 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2003 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2004 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2005 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2006 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2007 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
| 2008 | %1 Error: %3 Function: %2 Source: %4 (%5). | Operational |
Event ID 2000 — Process Name: %1 Module Name: %2 Build: %3.
Message
Fields
| Name | Description |
|---|---|
Process Name | — |
Module Name | — |
Build Name | Build. |
Example Event
system:
provider: Microsoft-Windows-Install-Agent
guid: E0C6F6DE-258A-50E0-AC1A-103482D118BC
event_source_name: ''
event_id: 2000
version: 0
level: 4
task: 2000
opcode: 0
keywords: 9223372037391646720
time_created: '2023-11-06T00:35:13.825360+00:00'
event_record_id: 5952
correlation: {}
execution:
process_id: 7648
thread_id: 7500
channel: Microsoft-Windows-Store/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-18
event_data:
Process Name: C:\Windows\system32\taskhostw.exe
Module Name: C:\Windows\System32\InstallService.dll
Build Name: 22621.1.amd64fre.ni_release.220506-1250
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2001 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Function | — |
Error | — |
Source | — |
Message | — |
ErrorCode | — |
LineNumber | — |
Event ID 2002 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Function | — |
Error | — |
Source | — |
Message | — |
ErrorCode | — |
LineNumber | — |
Event ID 2003 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Function | — |
Error | — |
Source | — |
Message | — |
ErrorCode | — |
LineNumber | — |
Event ID 2004 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Function | — |
Error | — |
Source | — |
Message | — |
ErrorCode | — |
LineNumber | — |
Event ID 2005 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Message | — |
Function | — |
Error Code | Error. |
Source | — |
Line Number | — |
CorrelationVector | — |
ProductId | — |
Example Event
system:
provider: Microsoft-Windows-Install-Agent
guid: E0C6F6DE-258A-50E0-AC1A-103482D118BC
event_source_name: ''
event_id: 2005
version: 0
level: 5
task: 2002
opcode: 15
keywords: 9223372037391646720
time_created: '2023-11-06T01:42:45.154070+00:00'
event_record_id: 8990
correlation:
ActivityID: E4DB489E-1037-0000-5148-EDE43710DA01
execution:
process_id: 6356
thread_id: 20696
channel: Microsoft-Windows-Store/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-18
event_data:
Message: Releasing InstallAgentPdcActivation
Function: UWAInstallWork::_InstallCompleted
Error Code: -1
Source: onecoreuap\enduser\winstore\installservice\lib\uwainstallwork.cpp
Line Number: 3019
CorrelationVector: iqy1i7eyvUG5fBxGHMqgfg.1375.9
ProductId: 9NCBCSZSJRSB
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2006 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Message | — |
Function | — |
Error Code | Error. |
Source | — |
Line Number | — |
CorrelationVector | — |
ProductId | — |
Example Event
system:
provider: Microsoft-Windows-Install-Agent
guid: E0C6F6DE-258A-50E0-AC1A-103482D118BC
event_source_name: ''
event_id: 2006
version: 0
level: 4
task: 2002
opcode: 14
keywords: 9223372037391646720
time_created: '2023-11-06T01:42:54.186549+00:00'
event_record_id: 9051
correlation:
ActivityID: E4DB489E-1037-0000-5148-EDE43710DA01
execution:
process_id: 6356
thread_id: 20696
channel: Microsoft-Windows-Store/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-18
event_data:
Message: 'Queue State: Working = 0, Pending = 0, Idle = 29 '
Function: InstallQueue2::_FindNextPendingItem
Error Code: 0
Source: onecoreuap\enduser\winstore\installservice\libqueue2\installqueue2.cpp
Line Number: 2503
CorrelationVector: ''
ProductId: ''
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2007 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Message | — |
Function | — |
Error Code | Error. |
Source | — |
Line Number | — |
CorrelationVector | — |
ProductId | — |
Example Event
system:
provider: Microsoft-Windows-Install-Agent
guid: E0C6F6DE-258A-50E0-AC1A-103482D118BC
event_source_name: ''
event_id: 2007
version: 0
level: 3
task: 2002
opcode: 13
keywords: 9223372037391646720
time_created: '2023-11-06T01:42:54.149535+00:00'
event_record_id: 9049
correlation:
ActivityID: E4DB489E-1037-0000-5148-EDE43710DA01
execution:
process_id: 6356
thread_id: 20696
channel: Microsoft-Windows-Store/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data:
Message: Failure detected
Function: ''
Error Code: -2147024891
Source: onecoreuap\enduser\winstore\installservice\lib\TokenHelpers.h
Line Number: 69
CorrelationVector: 'NULL'
ProductId: 'NULL'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2008 — %1 Error: %3 Function: %2 Source: %4 (%5).
Message
Fields
| Name | Description |
|---|---|
Function | — |
Error | — |
Source | — |
Message | — |
ErrorCode | — |
LineNumber | — |
CorrelationVector | — |
ProductId | — |