detection.wiki

Microsoft-Windows-Servicing › Event 8

Event ID 8 — Initiating changes to turn off update updateName of package identifier.

Provider
Microsoft-Windows-Servicing
Channel
Setup
Task
Generic_Task

Description

Initiating changes to turn off update updateName of package identifier. Client id: client.

Message #

Initiating changes to turn off update %1 of package %2. Client id: %4.

Fields #

NameDescription
updateName UnicodeString
identifier UnicodeString
errorCode UnicodeString
client UnicodeString

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Servicing",
    "guid": "BD12F3B8-FC40-4A61-A307-B7A013A069C1",
    "event_source_name": "",
    "event_id": 8,
    "version": 0,
    "level": 0,
    "task": 1,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-04T09:34:23.102927Z",
    "event_record_id": 21,
    "correlation": {
      "#attributes": {
        "ActivityID": "5E3EF0A6-D286-4320-A2E8-AE15128166B5"
      }
    },
    "execution": {
      "process_id": 14668,
      "thread_id": 19008
    },
    "channel": "Setup",
    "computer": "N900B7FFD.kapsch.co.at",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "user_data": {
    "CbsUpdateChangeState": {
      "#attributes": {
        "xmlns": "http://manifests.microsoft.com/win/2004/08/windows/setup_provider"
      },
      "UpdateName": "Windows-Defender-Default-Definitions",
      "PackageIdentifier": "Windows-Defender-Client",
      "ErrorCode": null,
      "Client": "DISM Package Manager Provider"
    }
  }
}

References #