Microsoft-Windows-UAC-FileVirtualization
27 events across 1 channel
Event ID 2000 — Failed to register with Filter Manager.
Event ID 2001 — Failed to read the settings.
Event ID 2002 — Failed to read the file list.
Event ID 2003 — Failed to initialize security.
Event ID 2004 — Failed to start filtering.
Event ID 2005 — Failed to set up the instance for a volume.
Event ID 2006 — Failed to query the virtualization mode.
Event ID 2007 — Failed to query virtual store file information.
Event ID 2008 — Failed to select which file to create.
Event ID 2009 — Failed to create a stream handle context.
Event ID 2010 — Failed to set the stream handle context.
Event ID 2011 — Failed to perform the administrator access check.
Event ID 2012 — Failed to prepare for delayed virtualization.
Event ID 2013 — Failed to perform delayed virtualization.
Event ID 2014 — Failed to switch one or more delayed file objects.
Event ID 2015 — Failed to create the virtual file path.
Event ID 2016 — Failed to copy the file into the virtual store.
Event ID 2017 — Failed to perform the merged directory query.
Event ID 2018 — Failed to query information for the file object.
Event ID 2019 — Failed to check target file for WRP protection.
Event ID 4000 — Virtual file "FileNameBuffer" created.
Description
Virtual file "FileNameBuffer" created.
Message #
Fields #
| Name | Description |
|---|---|
Flags UInt32 | — |
SidLength UInt32 | — |
Sid SID | — |
FileNameLength UInt16 | — |
FileNameBuffer UnicodeString | — |
ProcessImageNameLength UInt16 | — |
ProcessImageNameBuffer UnicodeString | — |
CreateOptions UInt32 | — |
DesiredAccess UInt32 | — Process access rights reference |
IrpMajorFunction UInt8 | — |
Event ID 4001 — Virtual file "FileNameBuffer" renamed to "TargetFileNameBuffer".
Description
Virtual file "FileNameBuffer" renamed to "TargetFileNameBuffer".
Message #
Fields #
| Name | Description |
|---|---|
Flags UInt32 | — |
SidLength UInt32 | — |
Sid SID | — |
FileNameLength UInt16 | — |
FileNameBuffer UnicodeString | — |
ProcessImageNameLength UInt16 | — |
ProcessImageNameBuffer UnicodeString | — |
TargetFileNameLength UInt16 | — |
TargetFileNameBuffer UnicodeString | — |
Event ID 4002 — Virtual delete of file "FileNameBuffer" requested.
Event ID 5000 — Operation on file "FileNameBuffer" excluded from virtualization.
Description
Operation on file "FileNameBuffer" excluded from virtualization.
Message #
Fields #
| Name | Description |
|---|---|
Flags UInt32 | — |
SidLength UInt32 | — |
Sid SID | — |
FileNameLength UInt16 | — |
FileNameBuffer UnicodeString | — |
ProcessImageNameLength UInt16 | — |
ProcessImageNameBuffer UnicodeString | — |
CreateOptions UInt32 | — |
DesiredAccess UInt32 | — Process access rights reference |
IrpMajorFunction UInt8 | — |
Exclusions UInt32 | — |
Event ID 5002 — Delayed virtual file "FileNameBuffer" not virtualized.
Description
Delayed virtual file "FileNameBuffer" not virtualized.
Message #
Fields #
| Name | Description |
|---|---|
Flags UInt32 | — |
SidLength UInt32 | — |
Sid SID | — |
FileNameLength UInt16 | — |
FileNameBuffer UnicodeString | — |
ProcessImageNameLength UInt16 | — |
ProcessImageNameBuffer UnicodeString | — |
CreateOptions UInt32 | — |
DesiredAccess UInt32 | — Process access rights reference |