Microsoft-Windows-Resource-Exhaustion-Detector

8 events across 2 channels

Event ID	Title	Channel
1001	The Windows Resource Exhaustion Detector started.	Operational
1002	The Windows Resource Exhaustion Detector stopped.	Operational
1003	The Windows Resource Exhaustion Detector received a notification that the …	Operational
1005	The Windows Resource Exhaustion Detector failed to start due to an error.	Operational
1006	The Windows Resource Exhaustion Detector failed to stop due to an error.	Operational
1007	The Windows Resource Exhaustion Detector experienced a memory allocation …	Operational
1008	Windows failed to diagnose a low virtual memory condition.	Operational
2004	Windows successfully diagnosed a low virtual memory condition.	System

Event ID 1001 — The Windows Resource Exhaustion Detector started.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational
Level: 4
Samples: 1

Message

The Windows Resource Exhaustion Detector started.

Example Event

system:
  provider: Microsoft-Windows-Resource-Exhaustion-Detector
  guid: 9988748E-C2E8-4054-85F6-0C3E1CAD2470
  event_source_name: ''
  event_id: 1001
  version: 0
  level: 4
  task: 1
  opcode: 11
  keywords: 4611686018695823360
  time_created: '2023-11-06T01:57:36.907331+00:00'
  event_record_id: 24
  correlation: {}
  execution:
    process_id: 4892
    thread_id: 14348
  channel: Microsoft-Windows-Resource-Exhaustion-Detector/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1002 — The Windows Resource Exhaustion Detector stopped.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational
Level: 4
Samples: 1

Message

The Windows Resource Exhaustion Detector stopped.

Example Event

system:
  provider: Microsoft-Windows-Resource-Exhaustion-Detector
  guid: 9988748E-C2E8-4054-85F6-0C3E1CAD2470
  event_source_name: ''
  event_id: 1002
  version: 0
  level: 4
  task: 1
  opcode: 12
  keywords: 4611686018695823360
  time_created: '2023-11-06T01:20:01.146474+00:00'
  event_record_id: 23
  correlation: {}
  execution:
    process_id: 4892
    thread_id: 16848
  channel: Microsoft-Windows-Resource-Exhaustion-Detector/Operational
  computer: WinDev2310Eval
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1003 — The Windows Resource Exhaustion Detector received a notification that the computer is low on virtual memory.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational

Message

The Windows Resource Exhaustion Detector received a notification that the computer is low on virtual memory.

Fields

Name	Description
`SystemCommitLimit`	—
`SystemCommitCharge`	—

Event ID 1005 — The Windows Resource Exhaustion Detector failed to start due to an error.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational

Message

The Windows Resource Exhaustion Detector failed to start due to an error.

Fields

Name	Description
`ErrorCode`	—

Event ID 1006 — The Windows Resource Exhaustion Detector failed to stop due to an error.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational

Message

The Windows Resource Exhaustion Detector failed to stop due to an error.

Fields

Name	Description
`ErrorCode`	—

Event ID 1007 — The Windows Resource Exhaustion Detector experienced a memory allocation failure.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational

Message

The Windows Resource Exhaustion Detector experienced a memory allocation failure.

Fields

Name	Description
`RequestSize`	—
`ErrorCode`	—

Event ID 1008 — Windows failed to diagnose a low virtual memory condition.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: Operational

Message

Windows failed to diagnose a low virtual memory condition.

Fields

Name	Description
`ErrorCode`	—

Event ID 2004 — Windows successfully diagnosed a low virtual memory condition.

Provider: Microsoft-Windows-Resource-Exhaustion-Detector
Channel: System

Message

Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: %21 (%22) consumed %24 bytes, %28 (%29) consumed %31 bytes, and %35 (%36) consumed %38 bytes.

Fields

Name	Description
`SystemCommitLimit`	—
`SystemCommitCharge`	—
`ProcessCommitCharge`	—
`PagedPoolUsage`	—
`PhysicalMemorySize`	—
`PhysicalMemoryUsage`	—
`NonPagedPoolUsage`	—
`TotalProcesses`	—
`PagedPoolTag_1`	—
`PagedPoolUsed_1`	—
`PagedPoolTag_2`	—
`PagedPoolUsed_2`	—
`PagedPoolTag_3`	—
`PagedPoolUsed_3`	—
`NonPagedPoolTag_1`	—
`NonPagedPoolUsed_1`	—
`NonPagedPoolTag_2`	—
`NonPagedPoolUsed_2`	—
`NonPagedPoolTag_3`	—
`NonPagedPoolUsed_3`	—
`Process_1_Name`	—
`Process_1_ID`	—
`Process_1_CreationTime`	—
`Process_1_CommitCharge`	—
`Process_1_HandleCount`	—
`Process_1_Version`	—
`Process_1_TypeInfo`	—
`Process_2_Name`	—
`Process_2_ID`	—
`Process_2_CreationTime`	—
`Process_2_CommitCharge`	—
`Process_2_HandleCount`	—
`Process_2_Version`	—
`Process_2_TypeInfo`	—
`Process_3_Name`	—
`Process_3_ID`	—
`Process_3_CreationTime`	—
`Process_3_CommitCharge`	—
`Process_3_HandleCount`	—
`Process_3_Version`	—
`Process_3_TypeInfo`	—
`Process_4_Name`	—
`Process_4_ID`	—
`Process_4_CreationTime`	—
`Process_4_CommitCharge`	—
`Process_4_HandleCount`	—
`Process_4_Version`	—
`Process_4_TypeInfo`	—
`Process_5_Name`	—
`Process_5_ID`	—
`Process_5_CreationTime`	—
`Process_5_CommitCharge`	—
`Process_5_HandleCount`	—
`Process_5_Version`	—
`Process_5_TypeInfo`	—
`Process_6_Name`	—
`Process_6_ID`	—
`Process_6_CreationTime`	—
`Process_6_CommitCharge`	—
`Process_6_HandleCount`	—
`Process_6_Version`	—
`Process_6_TypeInfo`	—
`EventGenerationTime`	—