Microsoft-Windows-Resource-Exhaustion-Detector
8 events across 2 channels
| Event ID | Title | Channel |
|---|---|---|
| 1001 | The Windows Resource Exhaustion Detector started. | Operational |
| 1002 | The Windows Resource Exhaustion Detector stopped. | Operational |
| 1003 | The Windows Resource Exhaustion Detector received a notification that the … | Operational |
| 1005 | The Windows Resource Exhaustion Detector failed to start due to an error. | Operational |
| 1006 | The Windows Resource Exhaustion Detector failed to stop due to an error. | Operational |
| 1007 | The Windows Resource Exhaustion Detector experienced a memory allocation … | Operational |
| 1008 | Windows failed to diagnose a low virtual memory condition. | Operational |
| 2004 | Windows successfully diagnosed a low virtual memory condition. | System |
Event ID 1001 — The Windows Resource Exhaustion Detector started.
#Description
The Windows Resource Exhaustion Detector started.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Resource-Exhaustion-Detector",
"guid": "9988748E-C2E8-4054-85F6-0C3E1CAD2470",
"event_source_name": "",
"event_id": 1001,
"version": 0,
"level": 4,
"task": 1,
"opcode": 11,
"keywords": 4611686018695823360,
"time_created": "2023-11-06T01:57:36.907331+00:00",
"event_record_id": 24,
"correlation": {},
"execution": {
"process_id": 4892,
"thread_id": 14348
},
"channel": "Microsoft-Windows-Resource-Exhaustion-Detector/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1002 — The Windows Resource Exhaustion Detector stopped.
#Description
The Windows Resource Exhaustion Detector stopped.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Resource-Exhaustion-Detector",
"guid": "9988748E-C2E8-4054-85F6-0C3E1CAD2470",
"event_source_name": "",
"event_id": 1002,
"version": 0,
"level": 4,
"task": 1,
"opcode": 12,
"keywords": 4611686018695823360,
"time_created": "2023-11-06T01:20:01.146474+00:00",
"event_record_id": 23,
"correlation": {},
"execution": {
"process_id": 4892,
"thread_id": 16848
},
"channel": "Microsoft-Windows-Resource-Exhaustion-Detector/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1003 — The Windows Resource Exhaustion Detector received a notification that the computer is low on virtual memory.
Event ID 1005 — The Windows Resource Exhaustion Detector failed to start due to an error.
Event ID 1006 — The Windows Resource Exhaustion Detector failed to stop due to an error.
Event ID 1007 — The Windows Resource Exhaustion Detector experienced a memory allocation failure.
Event ID 1008 — Windows failed to diagnose a low virtual memory condition.
Event ID 2004 — Windows successfully diagnosed a low virtual memory condition.
Description
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: () consumed bytes, () consumed bytes, and () consumed bytes.
Message #
Fields #
| Name | Description |
|---|---|
SystemCommitLimit UInt64 | — |
SystemCommitCharge UInt64 | — |
ProcessCommitCharge UInt64 | — |
PagedPoolUsage UInt64 | — |
PhysicalMemorySize UInt64 | — |
PhysicalMemoryUsage UInt64 | — |
NonPagedPoolUsage UInt64 | — |
TotalProcesses UInt32 | — |
PagedPoolTag_1 UnicodeString | — |
PagedPoolUsed_1 UInt64 | — |
PagedPoolTag_2 UnicodeString | — |
PagedPoolUsed_2 UInt64 | — |
PagedPoolTag_3 UnicodeString | — |
PagedPoolUsed_3 UInt64 | — |
NonPagedPoolTag_1 UnicodeString | — |
NonPagedPoolUsed_1 UInt64 | — |
NonPagedPoolTag_2 UnicodeString | — |
NonPagedPoolUsed_2 UInt64 | — |
NonPagedPoolTag_3 UnicodeString | — |
NonPagedPoolUsed_3 UInt64 | — |
Process_1_Name UnicodeString | — |
Process_1_ID UInt32 | — |
Process_1_CreationTime FILETIME | — |
Process_1_CommitCharge UInt64 | — |
Process_1_HandleCount UInt32 | — |
Process_1_Version UnicodeString | — |
Process_1_TypeInfo UInt32 | — |
Process_2_Name UnicodeString | — |
Process_2_ID UInt32 | — |
Process_2_CreationTime FILETIME | — |
Process_2_CommitCharge UInt64 | — |
Process_2_HandleCount UInt32 | — |
Process_2_Version UnicodeString | — |
Process_2_TypeInfo UInt32 | — |
Process_3_Name UnicodeString | — |
Process_3_ID UInt32 | — |
Process_3_CreationTime FILETIME | — |
Process_3_CommitCharge UInt64 | — |
Process_3_HandleCount UInt32 | — |
Process_3_Version UnicodeString | — |
Process_3_TypeInfo UInt32 | — |
Process_4_Name UnicodeString | — |
Process_4_ID UInt32 | — |
Process_4_CreationTime FILETIME | — |
Process_4_CommitCharge UInt64 | — |
Process_4_HandleCount UInt32 | — |
Process_4_Version UnicodeString | — |
Process_4_TypeInfo UInt32 | — |
Process_5_Name UnicodeString | — |
Process_5_ID UInt32 | — |
Process_5_CreationTime FILETIME | — |
Process_5_CommitCharge UInt64 | — |
Process_5_HandleCount UInt32 | — |
Process_5_Version UnicodeString | — |
Process_5_TypeInfo UInt32 | — |
Process_6_Name UnicodeString | — |
Process_6_ID UInt32 | — |
Process_6_CreationTime FILETIME | — |
Process_6_CommitCharge UInt64 | — |
Process_6_HandleCount UInt32 | — |
Process_6_Version UnicodeString | — |
Process_6_TypeInfo UInt32 | — |
EventGenerationTime FILETIME | — |