Microsoft-Windows-VerifyHardwareSecurity

13 events across 2 channels

Event ID	Title	Channel
3001	Hardware Security Check.	Operational
3002	SecureBoot is currently disabled.	Admin
3003	Failed to check if secureboot is enabled.	Admin
3004	PreRelease/Test cert found in SecureBoot database.	Admin
3005	Failed to check for PreRelease/Test certificates found in SecureBoot DB.	Admin
3006	A non-production SecureBoot Policy was detected.	Admin
3007	Failed to check for non-production SecureBoot Policy.	Admin
3008	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational
3009	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational
3010	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational
3011	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational
3012	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational
3013	Host provider %1 is trying to load %2 to invoke its %3 API.	Operational

Event ID 3001 — Hardware Security Check.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Hardware Security Check: %1

Fields

Name	Description
`CurrentCheckBit`	—

Event ID 3002 — SecureBoot is currently disabled.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

SecureBoot is currently disabled. Please enable SecureBoot through the system firmware.

Event ID 3003 — Failed to check if secureboot is enabled.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

Failed to check if secureboot is enabled. Status: %1

Fields

Name	Description
`hr`	—

Event ID 3004 — PreRelease/Test cert found in SecureBoot database.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

PreRelease/Test cert found in SecureBoot database. Please re-provision SecureBoot to not include %1 in variable %2 of EFI database. Certificate Thumbprint = %3

Fields

Name	Description
`name`	—
`database`	—
`bytes`	—

Event ID 3005 — Failed to check for PreRelease/Test certificates found in SecureBoot DB.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

Failed to check for PreRelease/Test certificates found in SecureBoot DB. Status: %1

Fields

Name	Description
`hr`	—

Event ID 3006 — A non-production SecureBoot Policy was detected.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

A non-production SecureBoot Policy was detected. Remove Debug/PreRelease policy through the system firmware.

Event ID 3007 — Failed to check for non-production SecureBoot Policy.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Admin

Message

Failed to check for non-production SecureBoot Policy. Status: %1

Fields

Name	Description
`hr`	—

Event ID 3008 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke its %3 API. %2 has an OriginalFilename or InternalName of %4.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`InternalName`	—

Event ID 3009 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke its %3 API. %2 has an OriginalFilename or InternalName of %4. NtQuerySecurityPolicy failed with error code %5.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`InternalName`	—
`hr`	—

Event ID 3010 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke its %3 API. %2 has an OriginalFilename or InternalName of %4. It is blocked by host lockdown security policy.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`InternalName`	—

Event ID 3011 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke its %3 API. Failed to find the OriginalFilename or InternalName from resource with error code %4.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`hr`	—

Event ID 3012 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke  its %3 API. %2 has an OriginalFilename or InternalName of %4. The invoking is allowed because UMCI or host lockdown policy is not enabled.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`InternalName`	—

Event ID 3013 — Host provider %1 is trying to load %2 to invoke its %3 API.

Provider: Microsoft-Windows-VerifyHardwareSecurity
Channel: Operational

Message

Host provider %1 is trying to load %2 to invoke its %3 API. %2 has an OriginalFilename or InternalName of %4. The invoking is allowed because of the audit mode of the host lockdown security policy.

Fields

Name	Description
`HostProvider`	—
`ModulePath`	—
`Method`	—
`InternalName`	—