Event ID 20001 — Driver Management concluded the process to install driver http://schemas.
Description
Driver Management concluded the process to install driver for Device Instance ID with the following status: .
Message #
Fields #
| Name | Description |
|---|---|
InstallDeviceID.xmlns:auto-ns2 | — |
InstallDeviceID.DriverName | — |
InstallDeviceID.DriverVersion | — |
InstallDeviceID.DriverProvider | — |
InstallDeviceID.DeviceInstanceID | — |
InstallDeviceID.SetupClass | — |
InstallDeviceID.RebootOption | — |
InstallDeviceID.UpgradeDevice | — |
InstallDeviceID.IsDriverOEM | — |
InstallDeviceID.InstallStatus | — |
InstallDeviceID.DriverDescription | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-UserPnp",
"guid": "96F4A050-7E31-453C-88BE-9634F4E02139",
"event_source_name": "",
"event_id": 20001,
"version": 0,
"level": 4,
"task": 7005,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2013-10-23T16:17:53.968750+00:00",
"event_record_id": 250,
"correlation": {},
"execution": {
"process_id": 1536,
"thread_id": 1900
},
"channel": "System",
"computer": "37L4247D28-05",
"security": {
"user_id": "S-1-5-18"
}
},
"user_data": {
"InstallDeviceID": {
"xmlns:auto-ns2": "http://schemas.microsoft.com/win/2004/08/events",
"DriverName": "FileRepository\\rdpbus.inf_x86_neutral_27637529205407be\\rdpbus.inf",
"DriverVersion": "6.1.7600.16385",
"DriverProvider": "Microsoft",
"DeviceInstanceID": "ROOT\\RDPBUS\\0000",
"SetupClass": "4D36E97D-E325-11CE-BFC1-08002BE10318",
"RebootOption": false,
"UpgradeDevice": false,
"IsDriverOEM": false,
"InstallStatus": 0,
"DriverDescription": "Remote Desktop Device Redirector Bus"
}
},
"message": "Driver Management concluded the process to install driver http://schemas.microsoft.com/win/2004/08/events for Device Instance ID Microsoft with the following status: false."
}
References #
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx