Microsoft-Windows-WindowsSystemAssessmentTool
14 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 0 | TestV1 TestV2 TestV3 TestV4. | Operational |
| 1 | WinSAT Application Start: StartTimeOfDay. | Operational |
| 2 | WinSAT Application Command Line CommandLine. | Operational |
| 3 | WinSAT Application Stop: ExitCode. | Operational |
| 4 | ERROR. | Operational |
| 5 | COM ERROR: Source Interface. | Operational |
| 6 | ERROR. | Operational |
| 7 | ERROR: FailingHresult ErrorMsg. | Operational |
| 8 | Message. | Operational |
| 9 | PhaseID:Description. | Operational |
| 10 | PhaseID. | Operational |
| 11 | Main watch dog timeout - terminating process | Operational |
| 12 | Assessment watch dog timeout - terminating process | Operational |
| 13 | Short watch dog timeout - terminating process | Operational |
Event ID 0 — TestV1 TestV2 TestV3 TestV4.
Event ID 1 — WinSAT Application Start: StartTimeOfDay.
#Description
WinSAT Application Start: StartTimeOfDay.
Message #
Fields #
| Name | Description |
|---|---|
StartTimeOfDay FILETIME | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsSystemAssessmentTool",
"guid": "11A75546-3234-465E-BEC8-2D301CB501AC",
"event_source_name": "",
"event_id": 1,
"version": 0,
"level": 0,
"task": 1,
"opcode": 1,
"keywords": 9223372036854775808,
"time_created": "2022-04-04T08:01:33.192091+00:00",
"event_record_id": 1,
"correlation": {},
"execution": {
"process_id": 3768,
"thread_id": 4432
},
"channel": "Microsoft-Windows-WindowsSystemAssessmentTool/Operational",
"computer": "WIN-TKC15D7KHUR",
"security": {
"user_id": "S-1-5-21-1958040314-2592322477-2606035944-500"
}
},
"event_data": {
"StartTimeOfDay": "2022-04-04T08:01:33.191900Z"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2 — WinSAT Application Command Line CommandLine.
#Description
WinSAT Application Command Line CommandLine.
Message #
Fields #
| Name | Description |
|---|---|
CommandLineSize UInt16 | — |
CommandLine UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsSystemAssessmentTool",
"guid": "11A75546-3234-465E-BEC8-2D301CB501AC",
"event_source_name": "",
"event_id": 2,
"version": 0,
"level": 0,
"task": 1,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2022-04-04T08:01:33.246239+00:00",
"event_record_id": 3,
"correlation": {},
"execution": {
"process_id": 3768,
"thread_id": 4432
},
"channel": "Microsoft-Windows-WindowsSystemAssessmentTool/Operational",
"computer": "WIN-TKC15D7KHUR",
"security": {
"user_id": "S-1-5-21-1958040314-2592322477-2606035944-500"
}
},
"event_data": {
"CommandLineSize": 92,
"CommandLine": "C:\\Windows\\system32\\winsat.exe formal -log -cancelevent c44be6b9-8148-4e99-84df-c74f2f9e27e2"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3 — WinSAT Application Stop: ExitCode.
#Description
WinSAT Application Stop: ExitCode.
Message #
Fields #
| Name | Description |
|---|---|
ExitCode UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsSystemAssessmentTool",
"guid": "11A75546-3234-465E-BEC8-2D301CB501AC",
"event_source_name": "",
"event_id": 3,
"version": 0,
"level": 0,
"task": 1,
"opcode": 2,
"keywords": 9223372036854775808,
"time_created": "2022-04-04T08:03:12.759191+00:00",
"event_record_id": 82,
"correlation": {},
"execution": {
"process_id": 3768,
"thread_id": 4432
},
"channel": "Microsoft-Windows-WindowsSystemAssessmentTool/Operational",
"computer": "WIN-TKC15D7KHUR",
"security": {
"user_id": "S-1-5-21-1958040314-2592322477-2606035944-500"
}
},
"event_data": {
"ExitCode": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4 — ERROR.
Event ID 5 — COM ERROR: Source Interface.
Event ID 7 — ERROR: FailingHresult ErrorMsg.
Event ID 9 — PhaseID:Description.
#Message #
Fields #
| Name | Description |
|---|---|
PhaseID UInt16 | — |
DescriptionSize UInt16 | — |
Description UnicodeString | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsSystemAssessmentTool",
"guid": "11A75546-3234-465E-BEC8-2D301CB501AC",
"event_source_name": "",
"event_id": 9,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2022-04-04T08:03:12.754854+00:00",
"event_record_id": 80,
"correlation": {},
"execution": {
"process_id": 3768,
"thread_id": 4432
},
"channel": "Microsoft-Windows-WindowsSystemAssessmentTool/Operational",
"computer": "WIN-TKC15D7KHUR",
"security": {
"user_id": "S-1-5-21-1958040314-2592322477-2606035944-500"
}
},
"event_data": {
"PhaseID": 140,
"DescriptionSize": 24,
"Description": "Restore system policies"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 10 — PhaseID.
#Message #
Fields #
| Name | Description |
|---|---|
PhaseID UInt16 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsSystemAssessmentTool",
"guid": "11A75546-3234-465E-BEC8-2D301CB501AC",
"event_source_name": "",
"event_id": 10,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 9223372036854775808,
"time_created": "2022-04-04T08:03:12.761466+00:00",
"event_record_id": 83,
"correlation": {},
"execution": {
"process_id": 3768,
"thread_id": 4432
},
"channel": "Microsoft-Windows-WindowsSystemAssessmentTool/Operational",
"computer": "WIN-TKC15D7KHUR",
"security": {
"user_id": "S-1-5-21-1958040314-2592322477-2606035944-500"
}
},
"event_data": {
"PhaseID": 150
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 11 — Main watch dog timeout - terminating process
Description
Main watch dog timeout - terminating process.
Message #
Event ID 12 — Assessment watch dog timeout - terminating process
Description
Assessment watch dog timeout - terminating process.
Message #
Event ID 13 — Short watch dog timeout - terminating process
Description
Short watch dog timeout - terminating process.