Low


Active Directory Account Deleted

Active Directory - Account Deleted

Active Directory Group Membership Changed

Active Directory - Group Membership Changed

Application Hang Detected

Application Hang Detected

Firewall Internet Connection Latency Or Packet Loss

Firewall internet connection latency or packet loss

Service Control Manager Error

Windows Service Control Manager Error

PAStore Engine Applied Locally Cached Copy Of Active Directory Storage IPsec Policy On The Computer

May contain any one of the following: PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer. PAStore Engine applied Active Directory storage IPsec policy on the computer. PAStore Engine applied local registry storage IPsec policy on the computer. PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer. PAStore Engine failed to apply Active Directory storage IPsec policy on the computer. PAStore Engine failed to apply local registry storage IPsec policy on the computer. PAStore Engine failed to apply some rules of the active IPsec policy on the computer. PAStore Engine failed to load directory storage IPsec policy on the computer. PAStore Engine loaded directory storage IPsec policy on the computer. PAStore Engine failed to load local storage IPsec policy on the computer. PAStore Engine loaded local storage IPsec policy on the computer.PAStore Engine polled for changes to the active IPsec policy and detected no changes.

Application Hang Detected

Application Hang Detected

New Application Installation

Event Source - Microsoft-Windows-Application-Experience - Event Log - Microsoft-Windows-Application-Experience/Program-Inventory

A Privileged Service Was Called

A privileged service was called.

A Basic Application Group Was Changed

A basic application group was changed.

A Basic Application Group Was Created

A basic application group was created.

A Basic Application Group Was Deleted

A basic application group was deleted.

A Certificate Request Extension Changed

A certificate request extension changed.

A Change Has Been Made To IPsec Settings A Connection Security Rule Was Added

A change has been made to IPsec settings. A Connection Security Rule was added.

A Change Has Been Made To IPsec Settings A Connection Security Rule Was Deleted

A change has been made to IPsec settings. A Connection Security Rule was deleted.

A Change Has Been Made To IPsec Settings A Connection Security Rule Was Modified

A change has been made to IPsec settings. A Connection Security Rule was modified.

A Change Has Been Made To IPsec Settings A Crypto Set Was Added

A change has been made to IPsec settings. A Crypto Set was added.

A Change Has Been Made To IPsec Settings A Crypto Set Was Deleted

A change has been made to IPsec settings. A Crypto Set was deleted.

A Change Has Been Made To IPsec Settings A Crypto Set Was Modified

A change has been made to IPsec settings. A Crypto Set was modified.

A Change Has Been Made To IPsec Settings An Authentication Set Was Added

A change has been made to IPsec settings. An Authentication Set was added.

A Change Has Been Made To IPsec Settings An Authentication Set Was Deleted

A change has been made to IPsec settings. An Authentication Set was deleted.

A Change Has Been Made To IPsec Settings An Authentication Set Was Modified

A change has been made to IPsec settings. An Authentication Set was modified.

A Change Has Been Made To Windows Firewall Exception List A Rule Was Added

A change has been made to Windows Firewall exception list. A rule was added.

A Change Has Been Made To Windows Firewall Exception List A Rule Was Deleted

A change has been made to Windows Firewall exception list. A rule was deleted.

A Change Has Been Made To Windows Firewall Exception List A Rule Was Modified

A change has been made to Windows Firewall exception list. A rule was modified.

A Computer Account Was Changed

A computer account was changed.

A Computer Account Was Changed

A computer account was changed.

A Computer Account Was Deleted

A computer account was deleted.

A Configuration Entry Changed In Certificate Services

A configuration entry changed in Certificate Services.

A Cryptographic Context Modification Was Attempted

A cryptographic context modification was attempted.

A Cryptographic Context Operation Was Attempted

A cryptographic context operation was attempted.

A Cryptographic Function Modification Was Attempted

A cryptographic function modification was attempted.

A Cryptographic Function Operation Was Attempted

A cryptographic function operation was attempted.

A Cryptographic Function Property Modification Was Attempted

A cryptographic function property modification was attempted.

A Cryptographic Function Property Operation Was Attempted

A cryptographic function property operation was attempted.

A Cryptographic Function Provider Operation Was Attempted

A cryptographic function provider operation was attempted.

A Cryptographic Primitive Operation Failed

A cryptographic primitive operation failed.

A Cryptographic Provider Operation Was Attempted

A cryptographic provider operation was attempted.

A Cryptographic Self Test Was Performed

A cryptographic self test was performed.

A Directory Service Object Was Created

A directory service object was created.

A Directory Service Object Was Deleted

A directory service object was deleted.

A Directory Service Object Was Modified

A directory service object was modified.

A Directory Service Object Was Moved

A directory service object was moved.

A Directory Service Object Was Undeleted

A directory service object was undeleted.

A File Was Virtualized

A file was virtualized.

A Handle To An Object Was Requested

A handle to an object was requested.

A Handle To An Object Was Requested

A handle to an object was requested.

A Handle To An Object Was Requested

A handle to an object was requested.

A Handle To An Object Was Requested With Intent To Delete

A handle to an object was requested with intent to delete.

A Kerberos Authentication Ticket Request Failed

A Kerberos authentication ticket request failed.

A Kerberos Service Ticket Was Renewed

A Kerberos service ticket was renewed.

A Kernel Mode Cryptographic Self Test Was Performed

A kernel-mode cryptographic self test was performed.

A Lingering Object Was Removed From A Replica

A lingering object was removed from a replica.

A Logon Was Attempted Using Explicit Credentials

A logon was attempted using explicit credentials.

A Member Was Added To A Basic Application Group

A member was added to a basic application group.

A Member Was Added To A Security Disabled Global Group

A member was added to a security-disabled global group.

A Member Was Added To A Security Disabled Local Group

A member was added to a security-disabled local group.

A Member Was Added To A Security Disabled Universal Group

A member was added to a security-disabled universal group.

A Member Was Added To A Security Enabled Global Group

A member was added to a security-enabled global group.

A Member Was Added To A Security Enabled Local Group

A member was added to a security-enabled local group.

A Member Was Added To A Security Enabled Universal Group

A member was added to a security-enabled universal group.

A Member Was Removed From A Basic Application Group

A member was removed from a basic application group.

A Member Was Removed From A Security Disabled Global Group

A member was removed from a security-disabled global group.

A Member Was Removed From A Security Disabled Local Group

A member was removed from a security-disabled local group.

A Member Was Removed From A Security Disabled Universal Group

A member was removed from a security-disabled universal group.

A Member Was Removed From A Security Enabled Global Group

A member was removed from a security-enabled global group.

A Member Was Removed From A Security Enabled Local Group

A member was removed from a security-enabled local group.

A Member Was Removed From A Security Enabled Universal Group

A member was removed from a security-enabled universal group.

A More Restrictive Windows Filtering Platform Filter Has Blocked A Packet

A more restrictive Windows Filtering Platform filter has blocked a packet.

A Namespace Collision Was Detected

A namespace collision was detected.

A Network Share Object Was Accessed

A network share object was accessed.

A New Process Has Been Created

A new process has been created.

A Nonmember Was Added To A Basic Application Group

A nonmember was added to a basic application group.

A Nonmember Was Removed From A Basic Application Group

A nonmember was removed from a basic application group.

A Notification Package Has Been Loaded By The Security Account Manager

A notification package has been loaded by the Security Account Manager.

A Primary Token Was Assigned To Process

A primary token was assigned to process.

A Process Has Exited

A process has exited.

A Registry Key Was Virtualized

A registry key was virtualized.

A Registry Value Was Modified

A registry value was modified.

A Remote Procedure Call (RPC) Was Attempted

A Remote Procedure Call (RPC) was attempted.

A Request Was Made To Authenticate To A Wired Network

A request was made to authenticate to a wired network.

A Request Was Made To Authenticate To A Wireless Network

A request was made to authenticate to a wireless network.

A Request Was Submitted To The OCSP Responder Service

A request was submitted to the OCSP Responder Service

A Rule Has Been Ignored Because Its Major Version Number Was Not Recognized By Windows Firewall

A rule has been ignored because its major version number was not recognized by Windows Firewall.

A Rule Has Been Ignored By Windows Firewall Because IT Could Not Parse The Rule

A rule has been ignored by Windows Firewall because it could not parse the rule.

A Rule Was Listed When The Windows Firewall Started

A rule was listed when the Windows Firewall started.

A Scheduled Task Was Created

A scheduled task was created.

A Scheduled Task Was Deleted

A scheduled task was deleted.

A Scheduled Task Was Disabled

A scheduled task was disabled.

A Scheduled Task Was Enabled

A scheduled task was enabled.

A Scheduled Task Was Updated

A scheduled task was updated.

A Security Disabled Global Group Was Changed

A security-disabled global group was changed.

A Security Disabled Global Group Was Created

A security-disabled global group was created.

A Security Disabled Global Group Was Deleted

A security-disabled global group was deleted.

A Security Disabled Local Group Was Changed

A security-disabled local group was changed.

A Security Disabled Local Group Was Created

A security-disabled local group was created.

A Security Disabled Local Group Was Deleted

A security-disabled local group was deleted.

A Security Disabled Universal Group Was Changed

A security-disabled universal group was changed.

A Security Disabled Universal Group Was Created

A security-disabled universal group was created.

A Security Enabled Global Group Was Deleted

A security-enabled global group was deleted.

A Security Enabled Local Group Was Created

A security-enabled local group was created.

A Security Enabled Local Group Was Deleted

A security-enabled local group was deleted.

A Security Enabled Universal Group Was Deleted

A security-enabled universal group was deleted.

A Security Package Has Been Loaded By The Local Security Authority

A security package has been loaded by the Local Security Authority.

A Session Was Disconnected From A Window Station

A session was disconnected from a Window Station.

A Session Was Reconnected To A Window Station

A session was reconnected to a Window Station.

A Trust To A Domain Was Removed

A trust to a domain was removed.

A Trusted Logon Process Has Been Registered With The Local Security Authority

A trusted logon process has been registered with the Local Security Authority.

A User Account Was Changed

A user account was changed.

A User Account Was Created

A user account was created.

A User Account Was Deleted

A user account was deleted.

A User Account Was Disabled

A user account was disabled.

A User Account Was Enabled

A user account was enabled.

A User Account Was Locked Out

A user account was locked out.

A User Account Was Unlocked

A user account was unlocked.

A User Right Was Assigned

A user right was assigned.

A User Right Was Removed

A user right was removed.

A Windows Filtering Platform Callout Has Been Changed

A Windows Filtering Platform callout has been changed.

A Windows Filtering Platform Filter Has Been Changed

A Windows Filtering Platform filter has been changed.

A Windows Filtering Platform Provider Context Has Been Changed

A Windows Filtering Platform provider context has been changed.

A Windows Filtering Platform Provider Has Been Changed

A Windows Filtering Platform provider has been changed.

A Windows Filtering Platform Sublayer Has Been Changed

A Windows Filtering Platform sublayer has been changed.

A Windows Firewall Setting Has Changed

A Windows Firewall setting has changed.

An Account Could Not Be Mapped For Logon

An account could not be mapped for logon.

An Account Failed To Log On

An account failed to log on.

An Account Was Logged Off

An account was logged off.

An Account Was Mapped For Logon

An account was mapped for logon.

An Account Was Successfully Logged On

An account was successfully logged on.

An Active Directory Replica Destination Naming Context Was Modified

An Active Directory replica destination naming context was modified.

An Active Directory Replica Source Naming Context Was Established

An Active Directory replica source naming context was established.

An Active Directory Replica Source Naming Context Was Modified

An Active Directory replica source naming context was modified.

An Active Directory Replica Source Naming Context Was Removed

An Active Directory replica source naming context was removed.

An Application Attempted An Operation:

An application attempted an operation:

An Application Attempted To Access A Blocked Ordinal Through The TBS

An application attempted to access a blocked ordinal through the TBS.

An Application Client Context Was Deleted

An application client context was deleted.

An Application Was Initialized

An application was initialized.

An Attempt To Programmatically Disable The Windows Firewall Using A Call To InetFwProfile FirewallEnabled(False)

An attempt to programmatically disable the Windows Firewall using a call to InetFwProfile.FirewallEnabled(False)

An Attempt Was Made To Access An Object

An attempt was made to access an object.

An Attempt Was Made To Change An Account's Password

An attempt was made to change an account’s password.

An Attempt Was Made To Create A Hard Link

An attempt was made to create a hard link.

An Attempt Was Made To Create An Application Client Context

An attempt was made to create an application client context.

An Attempt Was Made To Duplicate A Handle To An Object

An attempt was made to duplicate a handle to an object.

An Attempt Was Made To Register A Security Event Source

An attempt was made to register a security event source.

An Attempt Was Made To Unregister A Security Event Source

An attempt was made to unregister a security event source.

An Authentication Package Has Been Loaded By The Local Security Authority

An authentication package has been loaded by the Local Security Authority.

An IPsec Main Mode Negotiation Failed

An IPsec Main Mode negotiation failed.

An IPsec Main Mode Negotiation Failed

An IPsec Main Mode negotiation failed.

An IPsec Main Mode Security Association Ended

An IPsec Main Mode security association ended.

An IPsec Main Mode Security Association Was Established Extended Mode Was Not Enabled A Certificate Was Used For Authentication

An IPsec Main Mode security association was established. Extended Mode was not enabled. A certificate was used for authentication.

An IPsec Main Mode Security Association Was Established Extended Mode Was Not Enabled Certificate Authentication Was Not Used

An IPsec Main Mode security association was established. Extended Mode was not enabled. Certificate authentication was not used.

An IPsec Quick Mode Negotiation Failed

An IPsec Quick Mode negotiation failed.

An IPsec Quick Mode Security Association Ended

An IPsec Quick Mode security association ended.

An IPsec Quick Mode Security Association Was Established

An IPsec Quick Mode security association was established.

An IPsec Security Association Was Deleted

An IPsec Security Association was deleted.

An LDAP Query Group Was Created

An LDAP query group was created.

An Object In The COM+ Catalog Was Modified

An object in the COM+ Catalog was modified.

An Object Was Added To The COM+ Catalog

An object was added to the COM+ Catalog.

An Object Was Deleted

An object was deleted.

An Object Was Deleted From The COM+ Catalog

An object was deleted from the COM+ Catalog.

An Operation Was Attempted On A Privileged Object

An operation was attempted on a privileged object.

An Operation Was Performed On An Object

An operation was performed on an object.

Application Installed

Modern app install Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/Packaged app-Deployment

Application Ran

Modern app run Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/Packaged app-Execution

AppLocker Block

Configured to audit process starts. Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/EXE and DLL

Attempt To Install A Service

Attempt to install a service

Attributes Of An Active Directory Object Were Replicated

Attributes of an Active Directory object were replicated.

Certificate Services Security Updated

Certificate Services template security was updated. Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Certificate Services Updated

A Certificate Services template was updated. Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Certificate Services Approved A Certificate Request And Issued A Certificate

Certificate Services approved a certificate request and issued a certificate.

Certificate Services Archived A Key

Certificate Services archived a key.

Certificate Services Backup Completed

Certificate Services backup completed.

Certificate Services Backup Started

Certificate Services backup started.

Certificate Services Denied A Certificate Request

Certificate Services denied a certificate request.

Certificate Services Imported A Certificate Into Its Database

Certificate Services imported a certificate into its database.

Certificate Services Imported And Archived A Key

Certificate Services imported and archived a key.

Certificate Services Published The CA Certificate To Active Directory Domain Services

Certificate Services published the CA certificate to Active Directory Domain Services.

Certificate Services Published The Certificate Revocation List (CRL)

Certificate Services published the certificate revocation list (CRL).

Certificate Services Received A Certificate Request

Certificate Services received a certificate request.

Certificate Services Received A Request To Publish The Certificate Revocation List (CRL)

Certificate Services received a request to publish the certificate revocation list (CRL).

Certificate Services Received A Request To Shut Down

Certificate Services received a request to shut down.

Certificate Services Received A Resubmitted Certificate Request

Certificate Services received a resubmitted certificate request.

Certificate Services Restore Completed

Certificate Services restore completed.

Certificate Services Restore Started

Certificate Services restore started.

Certificate Services Retrieved An Archived Key

Certificate Services retrieved an archived key.

Certificate Services Set The Status Of A Certificate Request To Pending

Certificate Services set the status of a certificate request to pending.

Certificate Services Started

Certificate Services started.

Certificate Services Stopped

Certificate Services stopped.

Conversion Worker Thread For Volume Started

Conversion worker thread for volume started

Conversion Worker Thread For Volume Temporarily Stopped

Conversion worker thread for volume temporarily stopped

Cryptographic Operation

Cryptographic operation.

Decryption Of Volume Completed

Decryption of volume completed

Decryption Of Volume Started

Decryption of volume started

Decryption Of Volume Stopped

Decryption of volume stopped

Detected An Invalid Page Hash Of An Image File

Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Disconnect From Wireless Connection

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

DNS Query Complete

DNS query completed (Application DNS Lookup) Event Source - Microsoft-Windows-DNS-Client - Event Log - Microsoft-Windows-DNS-Client/Operational

DNS Request/Response

Requires enhanced auditing enabled. Event Source - Microsoft-Windows-DNSServer - Event Log - Microsoft-Windows-DNSServer/Analytical

DNS Response Complete

DNS Query Response (DNS Cache service) Event Source - Microsoft-Windows-DNS-Client - Event Log - Microsoft-Windows-DNS-Client/Operational

Encryption Of Volume Completed

Encryption of volume completed

Encryption Of Volume Started

Encryption of volume started

Encryption Of Volume Stopped

Encryption of volume stopped

Event Log Service Shutdown

(Security Log) Event Log Service Shutdown Event Source - Microsoft-Windows-EventLog - Event Log - Security

Event Log Was Cleared

Event Source - Microsoft-Windows-Eventlog - Event Log - System

Exception Raised

PowerShell exception raised. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational

Firewall Rule Add

Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

Firewall Rule Change

Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

Firewall Rules Deleted

Event Source - Microsoft-Windows-Windows Firewall With Advanced Security - Event Log - Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

Group Assigned To New Session

Groups assigned to new Logon session Event Source - LsaSrv - Event Log - Microsoft-Windows-LSA/Operational

Hotpatching Failed

Event Source - Microsoft-Windows-Servicing - Event Log - Setup

IKE DoS Prevention Mode Started

IKE DoS-prevention mode started.

Indirect Access To An Object Was Requested

Indirect access to an object was requested.

Initial State Check: Rolling Volume Conversion Transaction On 2

Initial state check: Rolling volume conversion transaction on 2.

Internal Resources Allocated For The Queuing Of Audit Messages Have Been Exhausted, Leading To The Loss Of Some Audits

Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.

Invalid Use Of LPC Port

Invalid use of LPC port.

IPsec Main Mode And Extended Mode Security Associations Were Established

IPsec Main Mode and Extended Mode security associations were established.

IPsec Main Mode And Extended Mode Security Associations Were Established

IPsec Main Mode and Extended Mode security associations were established.

IPsec Main Mode And Extended Mode Security Associations Were Established

IPsec Main Mode and Extended Mode security associations were established.

IPsec Main Mode And Extended Mode Security Associations Were Established

IPsec Main Mode and Extended Mode security associations were established.

IPsec Policy Agent

IPsec policy agent

IPsec Policy Agent Disabled

IPsec policy agent disabled

IPsec Policy Agent Encountered A Potential Serious Failure

IPsec policy agent encountered a potential serious failure

IPsec Policy Agent Started

IPsec policy agent started

IPsec Services Encountered A Potentially Serious Failure

IPsec Services encountered a potentially serious failure.

IPsec Services Has Been Shut Down Successfully The Shutdown Of IPsec Services Can Put The Computer At Greater Risk Of Network Attack Or Expose The Computer To Potential Security Risks

IPsec Services has been shut down successfully. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.

IPsec Services Has Started Successfully

IPsec Services has started successfully.

IPsec Services Was Disabled

IPsec Services was disabled.

IPsec Services Was Started

IPsec Services was started.

Kerberos Pre Authentication Failed

Kerberos pre-authentication failed.

Key File Operation

Key file operation.

Key Migration Operation

Key migration operation.

Malware Removal Error

Malware removal action taken with non-critical error Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Malware Removed

Malware removal action taken Event Source - Microsoft-Windows-Windows Defender - Event Log - Microsoft-Windows-Windows Defender/Operational

Network Connection And Disconnection Status (Wired And Wireless)

Event Source - Microsoft-Windows-NetworkProfile - Event Log - Microsoft-Windows-NetworkProfile/Operational

Network Policy Server Granted Access To A User

Network Policy Server granted access to a user.

Network Share Checked

A network share object was checked to see whether the client can be granted desired access. Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Network Share Created

Network Share Created Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

Network Share Deleted

Network Share Deleted Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

New Device Information

Event Source - Microsoft-Windows-USB-USBHUB3 - Event Log - Microsoft-Windows-USB-USBHUB3-Analytic

New Mass Storage Installation

Event Source - Microsoft-Windows-Kernel-PnP - Event Log - Microsoft-Windows-Kernel-PnP/Device Configuration

New MSI File Installed

Event Source - MsiInstaller - Event Log - Application

New Task Registered

New Task Registered Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

New Windows Service

Event Source - Microsoft-Windows-FilterManager - Event Log - System

Object Open For Delete

Object open for delete

One Or More Certificate Request Attributes Changed

One or more certificate request attributes changed.

Outbound TS Connect Attempt

Outbound TS connection attempt Event Source - Microsoft-Windows-TerminalServices-ClientActiveXCore - Event Log - Microsoft-Windows-TerminalServices-RDPClient/Operational

Parts Of A Rule Have Been Ignored Because Its Minor Version Number Was Not Recognized By Windows Firewall The Other Parts Of The Rule Will Be Enforced

Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.

PAStore Engine Applied Active Directory Storage IPsec Policy On The Computer

PAStore Engine applied Active Directory storage IPsec policy on the computer.

PAStore Engine Applied Local Registry Storage IPsec Policy On The Computer

PAStore Engine applied local registry storage IPsec policy on the computer.

PAStore Engine Applied Locally Cached Copy Of Active Directory Storage IPsec Policy On The Computer

PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer.

PAStore Engine Failed To Add Quick Mode Filter

PAStore Engine failed to add quick mode filter.

PAStore Engine Failed To Apply Active Directory Storage IPsec Policy On The Computer

PAStore Engine failed to apply Active Directory storage IPsec policy on the computer.

PAStore Engine Failed To Apply Local Registry Storage IPsec Policy On The Computer

PAStore Engine failed to apply local registry storage IPsec policy on the computer.

PAStore Engine Failed To Apply Locally Cached Copy Of Active Directory Storage IPsec Policy On The Computer

PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.

PAStore Engine Failed To Apply Some Rules Of The Active IPsec Policy On The Computer Use The IP Security Monitor Snap In To Diagnose The Problem

PAStore Engine failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem.

PAStore Engine Failed To Load Directory Storage IPsec Policy On The Computer

PAStore Engine failed to load directory storage IPsec policy on the computer.

PAStore Engine Failed To Load Local Storage IPsec Policy On The Computer

PAStore Engine failed to load local storage IPsec policy on the computer.

PAStore Engine Loaded Directory Storage IPsec Policy On The Computer

PAStore Engine loaded directory storage IPsec policy on the computer.

PAStore Engine Loaded Local Storage IPsec Policy On The Computer

PAStore Engine loaded local storage IPsec policy on the computer.

PAStore Engine Polled For Changes To The Active Directory IPsec Policy, Determined That Active Directory Can Be Reached, And Found No Changes To The Policy The Cached Copy Of The Active Directory IPsec Policy Is No Longer Being Used

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used.

PAStore Engine Polled For Changes To The Active Directory IPsec Policy, Determined That Active Directory Can Be Reached, Found Changes To The Policy, And Applied Those Changes The Cached Copy Of The Active Directory IPsec Policy Is No Longer Being Used

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used.

PAStore Engine Polled For Changes To The Active Directory IPsec Policy, Determined That Active Directory Cannot Be Reached, And Will Use The Cached Copy Of The Active Directory IPsec Policy Instead Any Changes Made To The Active Directory IPsec Policy Since The Last Poll Could Not Be Applied

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied.

PAStore Engine Polled For Changes To The Active IPsec Policy And Detected No Changes

PAStore Engine polled for changes to the active IPsec policy and detected no changes.

PAStore Engine Polled For Changes To The Active IPsec Policy, Detected Changes, And Applied Them To IPsec Services

PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services.

PAStore Engine Received A Control For Forced Reloading Of IPsec Policy And Processed The Control Successfully

PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully.

Permissions On An Object Were Changed

Permissions on an object were changed.

Printing Document

Event Source - Microsoft-Windows-PrintService - Event Log - Microsoft-Windows-PrintService/Operational

Protection Of Auditable Protected Data Was Attempted

Protection of auditable protected data was attempted.

Remote Connection

PowerShell remoting connection (legacy) Event Source - Microsoft-Windows-Powershell - Event Log - Powershell

Removed Application

Event Source - Microsoft-Windows-Application-Experience - Event Log - Microsoft-Windows-Application-Experience/Program-Inventory

Replication Failure Begins

Replication failure begins.

Replication Failure Ends

Replication failure ends.

Script Block Contents

PowerShell script block contents. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational

Script Block End

PowerShell script block end. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational

Script Block Start

PowerShell script block start. Event Source - Microsoft-Windows-Powershell - Event Log - Microsoft-Windows-Powershell/Operational

Script Or Installer Ran

Scripts and Installers run Event Source - Microsoft-Windows-AppLocker - Event Log - Microsoft-Windows-AppLocker/MSI and Script

Security Policy In The Group Policy Objects Has Been Applied Successfully

Security policy in the Group Policy objects has been applied successfully.

Signing Certificate Was Automatically Updated By The OCSP Responder Service

Signing Certificate was automatically updated by the OCSP Responder Service

Special Privileges Assigned To New Logon

Special privileges assigned to new logon.

Starting A Wireless Connection

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

Successfully Connected To A Wireless Connection

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

Synchronization Of A Replica Of An Active Directory Naming Context Has Begun

Synchronization of a replica of an Active Directory naming context has begun.

Synchronization Of A Replica Of An Active Directory Naming Context Has Ended

Synchronization of a replica of an Active Directory naming context has ended.

System Security Access Was Granted To An Account

System security access was granted to an account.

System Security Access Was Removed From An Account

System security access was removed from an account.

Task Deleted

Task Deleted Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

Task Disabled

Task Disabled Event Source - Microsoft-Windows-TaskScheduler - Event Log - Microsoft-Windows-TaskScheduler/Operational

The Conversion Operation On Volume 2 Encountered A Bad Sector Error Please Validate The Data On This Volume

The conversion operation on volume 2 encountered a bad sector error. Please validate the data on this volume

The Domain Controller Attempted To Validate The Credentials For An Account

The domain controller attempted to validate the credentials for an account.

The Domain Controller Failed To Validate The Credentials For An Account

The domain controller failed to validate the credentials for an account.

The Following Callout Was Present When The Windows Filtering Platform Base Filtering Engine Started

The following callout was present when the Windows Filtering Platform Base Filtering Engine started.

The Following Filter Was Present When The Windows Filtering Platform Base Filtering Engine Started

The following filter was present when the Windows Filtering Platform Base Filtering Engine started.

The Following Policy Was Active When The Windows Firewall Started

The following policy was active when the Windows Firewall started.

The Following Provider Context Was Present When The Windows Filtering Platform Base Filtering Engine Started

The following provider context was present when the Windows Filtering Platform Base Filtering Engine started.

The Following Provider Was Present When The Windows Filtering Platform Base Filtering Engine Started

The following provider was present when the Windows Filtering Platform Base Filtering Engine started.

The Following Sublayer Was Present When The Windows Filtering Platform Base Filtering Engine Started

The following sublayer was present when the Windows Filtering Platform Base Filtering Engine started.

The Group Policy Settings For The TBS Were Changed

The Group Policy settings for the TBS were changed.

The Handle To An Object Was Closed

The handle to an object was closed.

The Local Policy Settings For The TBS Were Changed

The local policy settings for the TBS were changed.

The Name Of An Account Was Changed:

The name of an account was changed:

The OCSP Revocation Provider Successfully Updated The Revocation Information

The OCSP Revocation Provider successfully updated the revocation information

The Password Hash An Account Was Accessed

The password hash an account was accessed.

The Password Policy Checking API Was Called

The Password Policy Checking API was called.

The Per User Audit Policy Table Was Created

The Per-user audit policy table was created.

The Previous System Shutdown Was Unexpected

The previous system shutdown was unexpected

The Requested Credentials Delegation Was Disallowed By Policy

The requested credentials delegation was disallowed by policy.

The Screen Saver Was Dismissed

The screen saver was dismissed.

The Screen Saver Was Invoked

The screen saver was invoked.

The State Of A Transaction Has Changed

The state of a transaction has changed.

The System Time Was Changed

The system time was changed.

The Windows Filtering Platform Blocked A Packet

The Windows Filtering Platform blocked a packet.

The Windows Filtering Platform Has Allowed A Connection

The Windows Filtering Platform has allowed a connection.

The Windows Filtering Platform Has Blocked A Bind To A Local Port

The Windows Filtering Platform has blocked a bind to a local port.

The Windows Filtering Platform Has Blocked A Connection

The Windows Filtering Platform has blocked a connection.

The Windows Filtering Platform Has Blocked An Application Or Service From Listening On A Port For Incoming Connections

The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.

The Windows Filtering Platform Has Permitted A Bind To A Local Port

The Windows Filtering Platform has permitted a bind to a local port.

The Windows Filtering Platform Has Permitted An Application Or Service To Listen On A Port For Incoming Connections

The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.

The Windows Firewall Driver Has Been Stopped

The Windows Firewall Driver has been stopped.

The Windows Firewall Driver Has Started Successfully

The Windows Firewall Driver has started successfully.

The Windows Firewall Service Blocked An Application From Accepting Incoming Connections On The Network

The Windows Firewall Service blocked an application from accepting incoming connections on the network.

The Windows Firewall Service Has Been Stopped

The Windows Firewall Service has been stopped.

The Windows Firewall Service Has Started Successfully

The Windows Firewall Service has started successfully.

The Workstation Was Locked

The workstation was locked.

The Workstation Was Unlocked

The workstation was unlocked.

Unprotection Of Auditable Protected Data Was Attempted

Unprotection of auditable protected data was attempted.

Updated Application

Event Source - Microsoft-Windows-Application-Experience - Event Log - Microsoft-Windows-Application-Experience/Program-Inventory

User Account Type Changed

User Account Type Changed

User Added To Privileged Group

Event Source - Microsoft-Windows-Security-Auditing - Event Log - Security

User Initiated Logoff

User initiated logoff.

Verification Operation Failed

Verification operation failed.

Volume 2 Contains Bad Clusters These Clusters Will Be Skipped During Conversion

Volume 2 contains bad clusters. These clusters will be skipped during conversion.

Windows Firewall Did Not Apply The Following Rule Because The Rule Referred To Items Not Configured On This Computer:

Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer:

Windows Firewall Did Not Apply The Following Rule:

Windows Firewall did not apply the following rule:

Windows Firewall Group Policy Settings Have Changed The New Settings Have Been Applied

Windows Firewall Group Policy settings have changed. The new settings have been applied.

Windows Firewall Has Changed The Active Profile

Windows Firewall has changed the active profile.

Windows Firewall Settings Were Restored To The Default Values

Windows Firewall settings were restored to the default values.

Windows Firewall Was Unable To Notify The User That IT Blocked An Application From Accepting Incoming Connections On The Network

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Windows Is Shutting Down

Windows is shutting down.

Windows Is Starting Up

Windows is starting up.

Windows Shutdown

Windows Shutdown Event Source - Microsoft-Windows-Kernel-General - Event Log - System

Windows Update Installed

Event Source - Microsoft-Windows-WindowsUpdateClient - Event Log - System

Wireless Association Status

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

Wireless Authentication Started And Failed

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

Wireless Security Started, Stopped, Successful, Or Failed

Event Source - Microsoft-Windows-WLAN-AutoConfig - Event Log - Microsoft-Windows-WLAN-AutoConfig/Operational

Last modified June 8, 2022