Event ID 1010 — Device DeviceInstanceId has been surprise removed as it is reported as missing on the bus.

Provider: Microsoft-Windows-Kernel-PnP
Channel: Device Management
Level: Informational
Opcode: Info

Description

Device DeviceInstanceId has been surprise removed as it is reported as missing on the bus.

Message #

Device %1 has been surprise removed as it is reported as missing on the bus.
Count of devices removed: %2

Fields #

Name	Description
`DeviceInstanceId` UnicodeString	—
`DeviceCount` UInt32	Count of devices removed.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Kernel-PnP",
    "guid": "9C205A39-1250-487D-ABD7-E831C6290539",
    "event_source_name": "",
    "event_id": 1010,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 72057594037927936,
    "time_created": "2023-11-06T01:46:52.163431+00:00",
    "event_record_id": 23,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 17804
    },
    "channel": "Microsoft-Windows-Kernel-PnP/Device Management",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "DeviceInstanceId": "SWD\\MSDAS\\{ce958e9a-424f-4c88-86f4-11314821e75a}",
    "DeviceCount": 1
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline