Microsoft-Windows-Program-Compatibility-Assistant

44 events across 5 channels

Event ID	Title	Channel
1		Analytic
1		CompatAfterUpgrade
3		Analytic
3		CompatAfterUpgrade
5		Analytic
5		CompatAfterUpgrade
8		Analytic
8		CompatAfterUpgrade
9		Analytic
9		CompatAfterUpgrade
10		Analytic
10		CompatAfterUpgrade
11		Analytic
11		CompatAfterUpgrade
12		Analytic
12		CompatAfterUpgrade
14		Analytic
14		CompatAfterUpgrade
15	Binary data sent from PCA Diagnostic Module to PCA service for processing.	Analytic
15	Binary data sent from PCA Diagnostic Module to PCA service for processing.	CompatAfterUpgrade
16	PCA has finished monitoring an application: %1 The problems detected code is: %2 …	Program-Compatibility-Assistant
17	Exe: %1 ResolverName: %2.	Program-Compatibility-Assistant
30	The Program Compatibility Assistant was invoked to correct a compatibility …	Program-Compatibility-Assistant
31	The Program Compatibility Assistant was invoked to correct a compatibility …	Program-Compatibility-Assistant
32	The Program Compatibility Assistant was invoked due to an unsigned driver …	Program-Compatibility-Assistant
101	PCA Service startup begin.	Operational
102	PCA Service startup finished.	Operational
103	PCA Process Monitor begin.	Operational
104	PCA Process Monitor finished.	Operational
105	PCA Service initialization begin.	Operational
106	PCA Service initialization finished.	Operational
107	PCA Service initialization begin.	Operational
108	PCA Service initialization finished.	Operational
200	The Program Compatibility Assistant service was stopped successfully.	Program-Compatibility-Assistant
201	The Program Compatibility Assistant service started successfully.	Program-Compatibility-Assistant
202	The Program Compatibility Assistant service failed to initialize.	Program-Compatibility-Assistant
203	The Program Compatibility Assistant service failed to start.	Program-Compatibility-Assistant
204	The Program Compatibility Assistant service failed to stop.	Program-Compatibility-Assistant
205	The Program Compatibility Assistant service failed to perform the phase two …	Program-Compatibility-Assistant
206	The Program Compatibility Assistant service successfully performed phase two …	Program-Compatibility-Assistant
1100	Notified PCA service of status icon registration.	Analytic
1200	PCA Trigger event:%1.	CompatAfterUpgrade
1200	PCA Trigger event.	Analytic
1234	Exe: AppId.	CompatAfterUpgrade

Event ID 1 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 1 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 3 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 3 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 5 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 5 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 8 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 8 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 9 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 9 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 10 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 10 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 11 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 11 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`DisplayNameSize`	—
`DisplayName`	—
`FullImagePathSize`	—
`FullImagePath`	—
`SessionId`	—

Event ID 12 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 12 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 14 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 14 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields

Name	Description
`ApplicationNameSize`	—
`ApplicationName`	—
`CommandLineSize`	—
`CommandLine`	—
`CurrentDirectorySize`	—
`CurrentDirectory`	—
`DllNameSize`	—
`DllName`	—
`InterfaceCLSID`	—
`SessionId`	—
`Flags`	—

Event ID 15 — Binary data sent from PCA Diagnostic Module to PCA service for processing.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Message

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Fields

Name	Description
`TokenDataSize`	—
`TokenData`	—

Event ID 15 — Binary data sent from PCA Diagnostic Module to PCA service for processing.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Message

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Fields

Name	Description
`TokenDataSize`	—
`TokenData`	—

Event ID 16 — PCA has finished monitoring an application: %1 The problems detected code is: %2 If this number is not 0, PCA observed some indications of compatib...

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

PCA has finished monitoring an application: %1

The problems detected code is: %2

If this number is not 0, PCA observed some indications of compatibility problems.

For this application, the following dialog type was shown:%3

If this number is not 0, an actual dialog was shown offering possible fixes to suspected problems.

Fields

Name	Description
`ExePath`	—
`ResolverMap`	—
`DialogType`	—

Event ID 17 — Exe: %1 ResolverName: %2.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant
Level: 4
Samples: 1

Message

Exe: %1

ResolverName: %2

Fields

Name	Description
`ResolverFiredEvent.ExePath`	Exe.
`ResolverFiredEvent.ResolverName`	ResolverName.

Example Event

system:
  provider: Microsoft-Windows-Program-Compatibility-Assistant
  guid: 4CB314DF-C11F-47D7-9C04-65FB0051561B
  event_source_name: ''
  event_id: 17
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 4611686018427387904
  time_created: '2023-11-06T02:02:45.055790+00:00'
  event_record_id: 42
  correlation: {}
  execution:
    process_id: 5756
    thread_id: 8424
  channel: Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
user_data:
  ResolverFiredEvent:
    ExePath: C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
    ResolverName: DetectorShim_KernelDriver
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 30 — The Program Compatibility Assistant was invoked to correct a compatibility problem.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6

Fields

Name	Description
`Application_name`	—
`Application_version`	—
`Executable_path`	—
`Scenario_ID`	—
`User_action`	—
`Compatibility_layer`	—
`ApplicationName`	—
`ApplicationVersion`	—
`ExecutablePath`	—
`ScenarioId`	—
`UserAction`	—
`CompatibilityLayer`	—

Event ID 31 — The Program Compatibility Assistant was invoked to correct a compatibility problem.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6
Deprecated component: %7

Fields

Name	Description
`Application_name`	—
`Application_version`	—
`Executable_path`	—
`Scenario_ID`	—
`User_action`	—
`Compatibility_layer`	—
`Deprecated_component`	—
`ApplicationName`	—
`ApplicationVersion`	—
`ExecutablePath`	—
`ScenarioId`	—
`UserAction`	—
`CompatibilityLayer`	—
`DeprecatedComponent`	—

Event ID 32 — The Program Compatibility Assistant was invoked due to an unsigned driver install.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant was invoked due to an unsigned driver install. This version of Windows requires all drivers to have a valid digital signature. Information about the driver is below.

Driver: %1
Service: %2
Publisher: %3
Location: %4
Version: %5

This driver is unavailable and the program that uses this driver might not work correctly.

Fields

Name	Description
`Driver`	—
`Service`	—
`Publisher`	—
`Location`	—
`Version`	—
`DriverName`	—
`ServiceName`	—
`PublisherName`	—
`DriverPath`	—
`DriverVersion`	—

Event ID 101 — PCA Service startup begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service startup begin.

Event ID 102 — PCA Service startup finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service startup finished.

Event ID 103 — PCA Process Monitor begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Process Monitor begin.

Event ID 104 — PCA Process Monitor finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Process Monitor finished.

Event ID 105 — PCA Service initialization begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service initialization begin.

Event ID 106 — PCA Service initialization finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service initialization finished.

Event ID 107 — PCA Service initialization begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service initialization begin.

Event ID 108 — PCA Service initialization finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational

Message

PCA Service initialization finished.

Event ID 200 — The Program Compatibility Assistant service was stopped successfully.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service was stopped successfully.

Event ID 201 — The Program Compatibility Assistant service started successfully.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service started successfully.

Event ID 202 — The Program Compatibility Assistant service failed to initialize.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service failed to initialize.

Event ID 203 — The Program Compatibility Assistant service failed to start.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service failed to start.

Event ID 204 — The Program Compatibility Assistant service failed to stop.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service failed to stop.

Event ID 205 — The Program Compatibility Assistant service failed to perform the phase two initialization.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service failed to perform the phase two initialization.

Event ID 206 — The Program Compatibility Assistant service successfully performed phase two initialization.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message

The Program Compatibility Assistant service successfully performed phase two initialization.

Event ID 1100 — Notified PCA service of status icon registration.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Message

Notified PCA service of status icon registration.

Event ID 1200 — PCA Trigger event:%1.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Message

PCA Trigger event:%1

Fields

Name	Description
`TriggerID`	—
`ExtraDataSize`	—
`ExtraData`	—

Event ID 1200 — PCA Trigger event.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Message

PCA Trigger event:%1

Fields

Name	Description
`PCA_Trigger_event`	—

Event ID 1234 — Exe: AppId.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Message

Exe: AppId%1

Uptime %2

Fields

Name	Description
`ApplicationID`	—
`Uptime`	—