Microsoft-Windows-Program-Compatibility-Assistant

44 events across 5 channels

Event ID	Title	Channel
1		Analytic
1		CompatAfterUpgrade
3		Analytic
3		CompatAfterUpgrade
5		Analytic
5		CompatAfterUpgrade
8		Analytic
8		CompatAfterUpgrade
9		Analytic
9		CompatAfterUpgrade
10		Analytic
10		CompatAfterUpgrade
11		Analytic
11		CompatAfterUpgrade
12		Analytic
12		CompatAfterUpgrade
14		Analytic
14		CompatAfterUpgrade
15	Binary data sent from PCA Diagnostic Module to PCA service for processing.	Analytic
15	Binary data sent from PCA Diagnostic Module to PCA service for processing.	CompatAfterUpgrade
16	PCA has finished monitoring an application: ExePath.	Program-Compatibility-Assistant
17	Exe: ResolverFiredEvent.ExePath ResolverName: ResolverFiredEvent.ResolverName.	Program-Compatibility-Assistant
30	The Program Compatibility Assistant was invoked to correct a compatibility …	Program-Compatibility-Assistant
31	The Program Compatibility Assistant was invoked to correct a compatibility …	Program-Compatibility-Assistant
32	The Program Compatibility Assistant was invoked due to an unsigned driver …	Program-Compatibility-Assistant
101	PCA Service startup begin.	Operational
102	PCA Service startup finished.	Operational
103	PCA Process Monitor begin.	Operational
104	PCA Process Monitor finished.	Operational
105	PCA Service initialization begin.	Operational
106	PCA Service initialization finished.	Operational
107	PCA Service initialization begin.	Operational
108	PCA Service initialization finished.	Operational
200	The Program Compatibility Assistant service was stopped successfully.	Program-Compatibility-Assistant
201	The Program Compatibility Assistant service started successfully.	Program-Compatibility-Assistant
202	The Program Compatibility Assistant service failed to initialize.	Program-Compatibility-Assistant
203	The Program Compatibility Assistant service failed to start.	Program-Compatibility-Assistant
204	The Program Compatibility Assistant service failed to stop.	Program-Compatibility-Assistant
205	The Program Compatibility Assistant service failed to perform the phase two …	Program-Compatibility-Assistant
206	The Program Compatibility Assistant service successfully performed phase two …	Program-Compatibility-Assistant
1100	Notified PCA service of status icon registration.	Analytic
1200	PCA Trigger event:PCA_Trigger_event.	Analytic
1200	PCA Trigger event:TriggerID.	CompatAfterUpgrade
1234	Exe: AppIdApplicationID.	CompatAfterUpgrade

Event ID 1 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 1 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 3 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 3 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 5 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 5 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 8 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 8 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 9 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 9 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 10 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 10 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 11 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 11 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`DisplayNameSize` UInt32	—
`DisplayName` UnicodeString	—
`FullImagePathSize` UInt32	—
`FullImagePath` UnicodeString	—
`SessionId` UInt32	—

Event ID 12 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 12 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 14 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Event ID 14 —

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Fields #

Name	Description
`ApplicationNameSize` UInt32	—
`ApplicationName` UnicodeString	—
`CommandLineSize` UInt32	—
`CommandLine` UnicodeString	—
`CurrentDirectorySize` UInt32	—
`CurrentDirectory` UnicodeString	—
`DllNameSize` UInt32	—
`DllName` UnicodeString	—
`InterfaceCLSID` GUID	—
`SessionId` UInt32	—
`Flags` UInt32	—

Event ID 15 — Binary data sent from PCA Diagnostic Module to PCA service for processing.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Description

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Message #

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Fields #

Name	Description
`TokenDataSize` UInt32	—
`TokenData` Binary	—

Event ID 15 — Binary data sent from PCA Diagnostic Module to PCA service for processing.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Description

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Message #

Binary data sent from PCA Diagnostic Module to PCA service for processing. It is not meant to be human readable.

Fields #

Name	Description
`TokenDataSize` UInt32	—
`TokenData` Binary	—

Event ID 16 — PCA has finished monitoring an application: ExePath.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

PCA has finished monitoring an application: ExePath.

Message #

PCA has finished monitoring an application: %1

The problems detected code is: %2

If this number is not 0, PCA observed some indications of compatibility problems.

For this application, the following dialog type was shown:%3

If this number is not 0, an actual dialog was shown offering possible fixes to suspected problems.

Fields #

Name	Description
`ExePath` UnicodeString	—
`ResolverMap` UInt64	—
`DialogType` UInt32	—

Event ID 17 — Exe: ResolverFiredEvent.ExePath ResolverName: ResolverFiredEvent.ResolverName.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant
Level: Informational

Message #

Exe: %1

ResolverName: %2

Fields #

Name	Description
`ResolverFiredEvent.ExePath`	Exe.
`ResolverFiredEvent.ResolverName`	ResolverName.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Program-Compatibility-Assistant",
    "guid": "4CB314DF-C11F-47D7-9C04-65FB0051561B",
    "event_source_name": "",
    "event_id": 17,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T02:02:45.055790+00:00",
    "event_record_id": 42,
    "correlation": {},
    "execution": {
      "process_id": 5756,
      "thread_id": 8424
    },
    "channel": "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "ResolverFiredEvent": {
      "ExePath": "C:\\Program Files (x86)\\OpenOffice 4\\program\\soffice.exe",
      "ResolverName": "DetectorShim_KernelDriver"
    }
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 30 — The Program Compatibility Assistant was invoked to correct a compatibility problem.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Message #

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6

Fields #

Name	Description
`Application_name` UnicodeString	—
`Application_version` UnicodeString	—
`Executable_path` UnicodeString	—
`Scenario_ID` UnicodeString	—
`User_action` UnicodeString	—
`Compatibility_layer` UnicodeString	—
`ApplicationName` UnicodeString	—
`ApplicationVersion` UnicodeString	—
`ExecutablePath` UnicodeString	—
`ScenarioId` UnicodeString	—
`UserAction` UnicodeString	—
`CompatibilityLayer` UnicodeString	—

Event ID 31 — The Program Compatibility Assistant was invoked to correct a compatibility problem.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Message #

The Program Compatibility Assistant was invoked to correct a compatibility problem. Information about the application is below.

Application name: %1
Application version: %2
Executable path: %3
Scenario ID: %4
User action: %5
Compatibility layer: %6
Deprecated component: %7

Fields #

Name	Description
`Application_name` UnicodeString	—
`Application_version` UnicodeString	—
`Executable_path` UnicodeString	—
`Scenario_ID` UnicodeString	—
`User_action` UnicodeString	—
`Compatibility_layer` UnicodeString	—
`Deprecated_component` UnicodeString	—
`ApplicationName` UnicodeString	—
`ApplicationVersion` UnicodeString	—
`ExecutablePath` UnicodeString	—
`ScenarioId` UnicodeString	—
`UserAction` UnicodeString	—
`CompatibilityLayer` UnicodeString	—
`DeprecatedComponent` UnicodeString	—

Event ID 32 — The Program Compatibility Assistant was invoked due to an unsigned driver install.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Message #

The Program Compatibility Assistant was invoked due to an unsigned driver install. This version of Windows requires all drivers to have a valid digital signature. Information about the driver is below.

Driver: %1
Service: %2
Publisher: %3
Location: %4
Version: %5

This driver is unavailable and the program that uses this driver might not work correctly.

Fields #

Name	Description
`Driver` UnicodeString	—
`Service` UnicodeString	—
`Publisher` UnicodeString	—
`Location` UnicodeString	—
`Version` UnicodeString	—
`DriverName` UnicodeString	—
`ServiceName` UnicodeString	—
`PublisherName` UnicodeString	—
`DriverPath` UnicodeString	—
`DriverVersion` UnicodeString	—

Event ID 101 — PCA Service startup begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceStartup
Opcode: Start

Description

PCA Service startup begin.

Message #

PCA Service startup begin.

Event ID 102 — PCA Service startup finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceStartup
Opcode: Stop

Description

PCA Service startup finished.

Message #

PCA Service startup finished.

Event ID 103 — PCA Process Monitor begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_MonitorProcess
Opcode: Start

Description

PCA Process Monitor begin.

Message #

PCA Process Monitor begin.

Event ID 104 — PCA Process Monitor finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_MonitorProcess
Opcode: Stop

Description

PCA Process Monitor finished.

Message #

PCA Process Monitor finished.

Event ID 105 — PCA Service initialization begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceInitialize
Opcode: Start

Description

PCA Service initialization begin.

Message #

PCA Service initialization begin.

Event ID 106 — PCA Service initialization finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceInitialize
Opcode: Stop

Description

PCA Service initialization finished.

Message #

PCA Service initialization finished.

Event ID 107 — PCA Service initialization begin.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceShutdown
Opcode: Start

Description

PCA Service initialization begin.

Message #

PCA Service initialization begin.

Event ID 108 — PCA Service initialization finished.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Operational
Task: PCA_ServiceShutdown
Opcode: Stop

Description

PCA Service initialization finished.

Message #

PCA Service initialization finished.

Event ID 200 — The Program Compatibility Assistant service was stopped successfully.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service was stopped successfully.

Message #

The Program Compatibility Assistant service was stopped successfully.

Event ID 201 — The Program Compatibility Assistant service started successfully.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service started successfully.

Message #

The Program Compatibility Assistant service started successfully.

Event ID 202 — The Program Compatibility Assistant service failed to initialize.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service failed to initialize.

Message #

The Program Compatibility Assistant service failed to initialize.

Event ID 203 — The Program Compatibility Assistant service failed to start.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service failed to start.

Message #

The Program Compatibility Assistant service failed to start.

Event ID 204 — The Program Compatibility Assistant service failed to stop.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service failed to stop.

Message #

The Program Compatibility Assistant service failed to stop.

Event ID 205 — The Program Compatibility Assistant service failed to perform the phase two initialization.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service failed to perform the phase two initialization.

Message #

The Program Compatibility Assistant service failed to perform the phase two initialization.

Event ID 206 — The Program Compatibility Assistant service successfully performed phase two initialization.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Program-Compatibility-Assistant

Description

The Program Compatibility Assistant service successfully performed phase two initialization.

Message #

The Program Compatibility Assistant service successfully performed phase two initialization.

Event ID 1100 — Notified PCA service of status icon registration.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Description

Notified PCA service of status icon registration.

Message #

Notified PCA service of status icon registration.

Event ID 1200 — PCA Trigger event:PCA_Trigger_event.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: Analytic

Description

PCA Trigger event:PCA_Trigger_event.

Message #

PCA Trigger event:%1

Fields #

Name	Description
`PCA_Trigger_event`	—

Event ID 1200 — PCA Trigger event:TriggerID.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Description

PCA Trigger event:TriggerID.

Message #

PCA Trigger event:%1

Fields #

Name	Description
`TriggerID` UInt32	—
`ExtraDataSize` UInt32	—
`ExtraData` Binary	—

Event ID 1234 — Exe: AppIdApplicationID.

Provider: Microsoft-Windows-Program-Compatibility-Assistant
Channel: CompatAfterUpgrade

Description

Exe: AppIdApplicationID.

Message #

Exe: AppId%1

Uptime %2

Fields #

Name	Description
`ApplicationID` UnicodeString	—
`Uptime` UInt32	—