Microsoft-Windows-SmartScreen

4 events across 1 channel

Event ID	Title	Channel
1000	Application SmartScreen Event	Debug
1001	Uri SmartScreen Event	Debug
1002	User Decision SmartScreen Event	Debug
1003	Telemetry SmartScreen Event	Debug

Event ID 1000 — Application SmartScreen Event

Provider: Microsoft-Windows-SmartScreen
Channel: Debug

Description

Application SmartScreen Event.

Message #

Application SmartScreen Event

Fields #

Name	Description
`FilePath` UnicodeString	—
`FullFileHash` UnicodeString	—
`AuthenticodeHash` UnicodeString	—
`AuthenticodeAlgorithm` UnicodeString	—
`MarkOfTheWeb` UnicodeString	—
`CallingProcessId` UInt32	—
`CallingProcessCreationTime` UInt64	—
`Sid` UnicodeString	—
`ActivityId` UnicodeString	—
`Enforcement` UnicodeString	—
`Experience` UnicodeString	—

Event ID 1001 — Uri SmartScreen Event

Provider: Microsoft-Windows-SmartScreen
Channel: Debug

Description

Uri SmartScreen Event.

Message #

Uri SmartScreen Event

Fields #

Name	Description
`Uri` UnicodeString	—
`IP` UnicodeString	—
`ReferrerUri` UnicodeString	—
`ReferrerIP` UnicodeString	—
`Recommendation` UnicodeString	—
`HitType` UnicodeString	—
`NavigationType` UnicodeString	—
`ProductType` UnicodeString	—
`CallingProcessId` UInt32	—
`CallingProcessCreationTime` UInt64	—
`Sid` UnicodeString	—
`ActivityId` UnicodeString	—
`Enforcement` UnicodeString	—
`Experience` UnicodeString	—

Event ID 1002 — User Decision SmartScreen Event

Provider: Microsoft-Windows-SmartScreen
Channel: Debug

Description

User Decision SmartScreen Event.

Message #

User Decision SmartScreen Event

Fields #

Name	Description
`Action` UnicodeString	—
`ActivitiyId` UnicodeString	—

Event ID 1003 — Telemetry SmartScreen Event

Provider: Microsoft-Windows-SmartScreen
Channel: Debug
Level: Verbose

Description

Telemetry SmartScreen Event.

Message #

Telemetry SmartScreen Event

Fields #

Name	Description
`Data_0`	—
`Data` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-SmartScreen",
    "guid": "3CB2A168-FE34-4A4E-BDAD-DCF422F34473",
    "event_source_name": "",
    "event_id": 1003,
    "version": 0,
    "level": 5,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T21:26:53.616236+00:00",
    "event_record_id": 1,
    "correlation": {},
    "execution": {
      "process_id": 3204,
      "thread_id": 10796
    },
    "channel": "Microsoft-Windows-SmartScreen/Debug",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
    }
  },
  "event_data": {
    "Data_0": "{\"$type\":\"scenario\",\"name\":\"onAllowedZoneCheck\"}"
  },
  "message": ""
}