SecurityCenter

4 events across 1 channel

Event ID	Title	Channel
1	The Windows Security Center Service has started.	Application
2	The Windows Security Center Service has stopped.	Application
15	Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.	Application
16	Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.	Application

Event ID 1 — The Windows Security Center Service has started.

Provider: SecurityCenter
Channel: Application
Level: 4
Samples: 1

Example Event

system:
  provider: SecurityCenter
  guid: ''
  event_source_name: ''
  event_id: 1
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-05T22:34:27.020738+00:00'
  event_record_id: 1587
  correlation: {}
  execution:
    process_id: 1640
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data: {}
message: The Windows Security Center Service has started.

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 2 — The Windows Security Center Service has stopped.

Provider: SecurityCenter
Channel: Application
Level: 4
Samples: 1

Example Event

system:
  provider: SecurityCenter
  guid: ''
  event_source_name: ''
  event_id: 2
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-05T22:31:36.782611+00:00'
  event_record_id: 1536
  correlation: {}
  execution:
    process_id: 7732
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data: {}
message: The Windows Security Center Service has stopped.

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 15 — Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.

Provider: SecurityCenter
Channel: Application
Level: 4
Samples: 1

Fields

Name	Description
`Data`	—

Example Event

system:
  provider: SecurityCenter
  guid: ''
  event_source_name: ''
  event_id: 15
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-05T22:34:29.037912+00:00'
  event_record_id: 1589
  correlation: {}
  execution:
    process_id: 1640
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  Data:
  - Windows Defender
  - SECURITY_PRODUCT_STATE_ON
message: Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 16 — Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Provider: SecurityCenter
Channel: Application
Level: 2
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: SecurityCenter
  guid: ''
  event_source_name: ''
  event_id: 16
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2025-12-31T19:37:29.959155+00:00'
  event_record_id: 138
  correlation: {}
  execution:
    process_id: 1736
    thread_id: 0
  channel: Application
  computer: WIN11-22H2-X64
  security:
    user_id: ''
event_data:
  Data:
  - Windows Defender
  - SECURITY_PRODUCT_STATE_ON
  Binary: AgAAAA==
message: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline