Microsoft-Windows-Resource-Exhaustion-Resolver
17 events across 1 channel
Event ID 1001 — The Windows Resource Exhaustion Resolver started.
Message
Example Event
system:
provider: Microsoft-Windows-Resource-Exhaustion-Resolver
guid: 91F5FB12-FDEA-4095-85D5-614B495CD9DE
event_source_name: ''
event_id: 1001
version: 0
level: 4
task: 1
opcode: 11
keywords: 9223372036854779904
time_created: '2023-11-06T00:17:35.591067+00:00'
event_record_id: 1
correlation: {}
execution:
process_id: 4036
thread_id: 3104
channel: Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-21-1992711665-1655669231-58201500-1000
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1002 — The Windows Resource Exhaustion Resolver stopped.
Message
Event ID 1003 — The Windows Resource Exhaustion Resolver received a notification that the computer is low on virtual memory.
Message
Fields
| Name | Description |
|---|---|
TimeSinceLastUI | — |
EventGenerationTime | — |
EventType | — |
DropReasonCode | — |
TimesUIShown | — |
MaxCommit | — |
Event ID 1004 — The Windows Resource Exhaustion Resolver close programs UI was launched.
Message
Fields
| Name | Description |
|---|---|
Process_1_Name | — |
Process_1_ID | — |
Process_1_CreationTime | — |
Process_1_Version | — |
Process_2_Name | — |
Process_2_ID | — |
Process_2_CreationTime | — |
Process_2_Version | — |
Process_3_Name | — |
Process_3_ID | — |
Process_3_CreationTime | — |
Process_3_Version | — |
ResolverID | — |
EventGenerationTime | — |
Event ID 1005 — The Windows Resource Exhaustion Resolver failed to start due to an error.
Message
Fields
| Name | Description |
|---|---|
ErrorCode | — |
Event ID 1006 — The Windows Resource Exhaustion Resolver failed to stop due to an error.
Message
Fields
| Name | Description |
|---|---|
ErrorCode | — |
Event ID 1007 — The Windows Resource Exhaustion Resolver experienced a memory allocation failure.
Message
Fields
| Name | Description |
|---|---|
RequestSize | — |
ErrorCode | — |
Event ID 1008 — The Windows Resource Exhaustion Resolver failed to launch the close programs UI.
Message
Fields
| Name | Description |
|---|---|
ErrorCode | — |
Event ID 1009 — The Windows Resource Exhaustion Resolver close programs UI was closed.
Message
Fields
| Name | Description |
|---|---|
UIDisplayTime | — |
UserAction | — |
MaxCommit | — |
Event ID 1010 — Windows could not restore the computer's virtual memory.
Message
Fields
| Name | Description |
|---|---|
ReasonCode | — |
UserAction | — |
MaxCommit | — |
Event ID 1011 — Windows could not restore the computer's virtual memory because some programs could not be closed.
Message
Fields
| Name | Description |
|---|---|
ReasonCode | — |
UserAction | — |
MaxCommit | — |
Event ID 1012 — Windows successfully restored your computer's virtual memory.
Message
Fields
| Name | Description |
|---|---|
TimesUIShown | — |
UserAction | — |
Event ID 1013 — Windows successfully restored your computer's virtual memory without closing any programs.
Message
Fields
| Name | Description |
|---|---|
TimesUIShown | — |
UserAction | — |
Event ID 1014 — The Windows Resource Exhaustion Resolver received a notification to perform memory leak diagnosis.
Message
Fields
| Name | Description |
|---|---|
DroppedLeakDiagnosisEventInfo.ProcessImageName | — |
DroppedLeakDiagnosisEventInfo.ProcessId | — |
DroppedLeakDiagnosisEventInfo.ProcessCreationTime | — |
DroppedLeakDiagnosisEventInfo.DropReasonCode | — |
Example Event
system:
provider: Microsoft-Windows-Resource-Exhaustion-Resolver
guid: 91F5FB12-FDEA-4095-85D5-614B495CD9DE
event_source_name: ''
event_id: 1014
version: 0
level: 4
task: 5
opcode: 41
keywords: 9223372036854792192
time_created: '2023-11-06T01:57:53.182895+00:00'
event_record_id: 5
correlation:
ActivityID: 44552D3D-0E8F-4E4A-B552-A11F4B96A461
execution:
process_id: 4036
thread_id: 10076
channel: Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-21-1992711665-1655669231-58201500-1000
user_data:
DroppedLeakDiagnosisEventInfo:
ProcessImageName: eclipse.exe
ProcessId: 14244
ProcessCreationTime: '2023-11-06T01:52:45.374765Z'
DropReasonCode: 16
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1015 — The Windows Resource Exhaustion Resolver received an event from the Windows Resource Exhaustion Detector.
Message
Fields
| Name | Description |
|---|---|
EventInfo.Event | — |
Example Event
system:
provider: Microsoft-Windows-Resource-Exhaustion-Resolver
guid: 91F5FB12-FDEA-4095-85D5-614B495CD9DE
event_source_name: ''
event_id: 1015
version: 0
level: 4
task: 3
opcode: 21
keywords: 9223372036854784000
time_created: '2023-11-06T01:57:37.883763+00:00'
event_record_id: 4
correlation:
ActivityID: 44552D3D-0E8F-4E4A-B552-A11F4B96A461
execution:
process_id: 4036
thread_id: 10076
channel: Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
computer: WinDev2310Eval
security:
user_id: S-1-5-21-1992711665-1655669231-58201500-1000
user_data:
EventInfo:
Event: 4
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1016 — Windows could not restore the computer's virtual memory.
Message
Fields
| Name | Description |
|---|---|
ErrorCode | — |
ResolutionAttempted | — |
Event ID 1017 — The Windows Resource Exhaustion Resolver resolution failure notification UI was closed.
Message
Fields
| Name | Description |
|---|---|
UIDisplayTime | — |
UserAction | — |
MaxCommit | — |