| 1001 | Windows Defender Advanced Threat Protection Service |
Windows Defender Advanced Threat Protection Service |
| 1002 | Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. |
Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer. |
| 0x30000000 | Info |
Info |
| 0x50000002 | Error |
Error |
| 0x50000003 | Warning |
Warning |
| 0x50000004 | Information |
Information |
| 0x50000005 | Verbose |
Verbose |
| 0xB0000001 | Service is starting (Version %1). |
Service is starting (Version %1). |
| 0xB0000002 | Service is shutting down. |
Service is shutting down. |
| 0xB0000003 | Windows Defender Advanced Threat Protection service failed to start. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to start. Failure code: %1 |
| 0xB0000004 | Contacted server %1 times, all succeeded, URI: %2. |
Contacted server %1 times, all succeeded, URI: %2. |
| 0xB0000005 | Contacted server %1 times, all failed, URI: %2. Last HTTP error code: %3 |
Contacted server %1 times, all failed, URI: %2. Last HTTP error code: %3 |
| 0xB0000006 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. |
Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. |
| 0xB0000007 | Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: %1 |
Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: %1 |
| 0xB0000008 | Service failed to clean configuration settings. |
Service failed to clean configuration settings. |
| 0xB0000009 | Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: %1 |
| 0xB000000A | Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: %1 |
| 0xB000000B | Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed. |
Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed. |
| 0xB000000C | New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Also failed to apply the default configuration. |
New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Also failed to apply the default configuration. |
| 0xB000000D | Windows Defender Advanced Threat Protection machine ID calculated: %1 |
Windows Defender Advanced Threat Protection machine ID calculated: %1 |
| 0xB000000E | Windows Defender Advanced Threat Protection cannot calculate machine ID. Failure code: %1 |
Windows Defender Advanced Threat Protection cannot calculate machine ID. Failure code: %1 |
| 0xB000000F | Windows Defender Advanced Threat Protection cannot start command channel with URL: %1 |
Windows Defender Advanced Threat Protection cannot start command channel with URL: %1 |
| 0xB0000011 | Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: %1 |
| 0xB0000012 | OOBE (Windows Welcome) is completed. |
OOBE (Windows Welcome) is completed. |
| 0xB0000013 | OOBE (Windows Welcome) has not yet completed. |
OOBE (Windows Welcome) has not yet completed. |
| 0xB0000014 | Cannot wait for OOBE (Windows Welcome) to complete. Failure code: %1 |
Cannot wait for OOBE (Windows Welcome) to complete. Failure code: %1 |
| 0xB0000019 | Service failed to reset health status in the registry. Failure code: %1 |
Service failed to reset health status in the registry. Failure code: %1 |
| 0xB000001A | Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: %1 |
| 0xB000001B | Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: %1 |
Failed to enable Windows Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: %1 |
| 0xB000001C | Connected User Experiences and Telemetry service registration failed with failure code: %1. Requested disk quota in MB: %2, Requested daily upload quota in MB: %3 |
Connected User Experiences and Telemetry service registration failed with failure code: %1. Requested disk quota in MB: %2, Requested daily upload quota in MB: %3 |
| 0xB000001D | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 |
Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 |
| 0xB000001E | Failed to disable Windows Defender Advanced Threat Protection mode in Windows Defender. Failure code: %1 |
Failed to disable Windows Defender Advanced Threat Protection mode in Windows Defender. Failure code: %1 |
| 0xB000001F | Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: %1 |
Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: %1 |
| 0xB0000020 | Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1 |
| 0xB0000021 | Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: %1 |
Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: %1 |
| 0xB0000024 | Connected User Experiences and Telemetry service registration succeeded with completion code: %1. Requested disk quota in MB: %2, requested daily upload quota in MB: %3 |
Connected User Experiences and Telemetry service registration succeeded with completion code: %1. Requested disk quota in MB: %2, requested daily upload quota in MB: %3 |
| 0xB0000025 | Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4. |
Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4. |
| 0xB0000026 | Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. Metered connection: %2, internet available: %3, free network available: %4, proxy is defined by GP: %5. |
Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. Metered connection: %2, internet available: %3, free network available: %4, proxy is defined by GP: %5. |
| 0xB0000027 | Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. Metered connection: %2, internet available: %3, free network available: %4, proxy is defined by GP: %5. |
Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. Metered connection: %2, internet available: %3, free network available: %4, proxy is defined by GP: %5. |
| 0xB0000028 | Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. AC state: %2, battery saver mode : %3, battery low state: %4, battery critical state: %5 |
Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. AC state: %2, battery saver mode : %3, battery low state: %4, battery critical state: %5 |
| 0xB0000029 | Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. AC state: %2, battery saver mode : %3, battery low state: %4, battery critical state: %5 |
Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 seconds. AC state: %2, battery saver mode : %3, battery low state: %4, battery critical state: %5 |
| 0xB000002A | Component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4 |
Component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4 |
| 0xB000002B | Component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5 |
Component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5 |
| 0xB000002C | Offboarding of Windows Defender Advanced Threat Protection service completed. |
Offboarding of Windows Defender Advanced Threat Protection service completed. |
| 0xB000002D | Failed to register and to start the event trace session [%1]. Error code: %2 |
Failed to register and to start the event trace session [%1]. Error code: %2 |
| 0xB000002E | Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute. |
Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute. |
| 0xB000002F | Successfully registered and started the event trace session - recovered after previous failed attempts. |
Successfully registered and started the event trace session - recovered after previous failed attempts. |
| 0xB0000030 | Failed to add a provider [%1] to event trace session [%2]. Error code: %3. This means that events from this provider will not be reported. |
Failed to add a provider [%1] to event trace session [%2]. Error code: %3. This means that events from this provider will not be reported. |
| 0xB0000031 | Invalid cloud configuration command received and ignored. Version: %1, status: %2, error code: %3, message: %4 |
Invalid cloud configuration command received and ignored. Version: %1, status: %2, error code: %3, message: %4 |
| 0xB0000032 | New cloud configuration applied successfully. Version: %1. |
New cloud configuration applied successfully. Version: %1. |
| 0xB0000033 | New cloud configuration failed to apply, version: %1. Successfully applied the last known good configuration, version %2. |
New cloud configuration failed to apply, version: %1. Successfully applied the last known good configuration, version %2. |
| 0xB0000034 | New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Successfully applied the default configuration. |
New cloud configuration failed to apply, version: %1. Also failed to apply last known good configuration, version %2. Successfully applied the default configuration. |
| 0xB0000035 | Cloud configuration loaded from persistent storage, version: %1. |
Cloud configuration loaded from persistent storage, version: %1. |
| 0xB0000036 | Global (per-pattern) state changed. State: %1, pattern: %2 |
Global (per-pattern) state changed. State: %1, pattern: %2 |
| 0xB0000037 | Failed to create the Secure ETW autologger. Failure code: %1 |
Failed to create the Secure ETW autologger. Failure code: %1 |
| 0xB0000038 | Failed to remove the Secure ETW autologger. Failure code: %1 |
Failed to remove the Secure ETW autologger. Failure code: %1 |
| 0xB0000039 | Capturing a snapshot of the machine for troubleshooting purposes. |
Capturing a snapshot of the machine for troubleshooting purposes. |
| 0xB000003B | Starting command: %1 |
Starting command: %1 |
| 0xB000003C | Failed to run command %1, error: %2. |
Failed to run command %1, error: %2. |
| 0xB000003D | Data collection command parameters are invalid: SasUri: %1, compressionLevel: %2. |
Data collection command parameters are invalid: SasUri: %1, compressionLevel: %2. |
| 0xB000003E | Failed to start Connected User Experiences and Telemetry service. Failure code: %1 |
Failed to start Connected User Experiences and Telemetry service. Failure code: %1 |
| 0xB000003F | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 |
Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 |
| 0xB0000040 | Starting stopped external service. Name: %1, exit code: %2 |
Starting stopped external service. Name: %1, exit code: %2 |
| 0xB0000041 | Failed to load Microsoft Security Events Component Minifilter driver. Failure code: %1 |
Failed to load Microsoft Security Events Component Minifilter driver. Failure code: %1 |
| 0xB0000042 | Policy update: Latency mode - %1 |
Policy update: Latency mode - %1 |
| 0xB0000043 | Contacted server %1 times, failed %2 times and succeeded %3 times. URI: %4. Last HTTP error code: %5 |
Contacted server %1 times, failed %2 times and succeeded %3 times. URI: %4. Last HTTP error code: %5 |
| 0xB0000044 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 |
The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 |
| 0xB0000045 | The service is stopped. Service name: %1 |
The service is stopped. Service name: %1 |
| 0xB0000046 | Policy update: Allow sample collection - %1 |
Policy update: Allow sample collection - %1 |
| 0xB0000047 | Succeeded to run command: %1 |
Succeeded to run command: %1 |
| 0xB0000708 | CSP: Get Node's Value. NodeId: (%1), TokenName: (%2). |
CSP: Get Node's Value. NodeId: (%1), TokenName: (%2). |
| 0xB0000709 | CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). |
CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). |
| 0xB000070A | CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). |
CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). |
| 0xB000070B | CSP: Get Last Connected value complete. Result (%1), IsDefault: (%2). |
CSP: Get Last Connected value complete. Result (%1), IsDefault: (%2). |
| 0xB000070C | CSP: Get Org ID value complete. Result: (%1), IsDefault: (%2). |
CSP: Get Org ID value complete. Result: (%1), IsDefault: (%2). |
| 0xB000070D | CSP: Get Sense Is Running value complete. Result: (%1). |
CSP: Get Sense Is Running value complete. Result: (%1). |
| 0xB000070E | CSP: Get Onboarding State value complete. Result: (%1), IsDefault: (%2). |
CSP: Get Onboarding State value complete. Result: (%1), IsDefault: (%2). |
| 0xB000070F | CSP: Get Onboarding value complete. Onboarding Blob Hash: (%1), IsDefault: (%2), Onboarding State: (%3), Onboarding State IsDefault: (%4) |
CSP: Get Onboarding value complete. Onboarding Blob Hash: (%1), IsDefault: (%2), Onboarding State: (%3), Onboarding State IsDefault: (%4) |
| 0xB0000710 | CSP: Get Offboarding value complete. Offboarding Blob Hash: (%1), IsDefault: (%2). |
CSP: Get Offboarding value complete. Offboarding Blob Hash: (%1), IsDefault: (%2). |
| 0xB0000711 | CSP: Get Sample Sharing value complete. Result: (%1), IsDefault: (%2). |
CSP: Get Sample Sharing value complete. Result: (%1), IsDefault: (%2). |
| 0xB0000712 | CSP: Onboarding process. Started. |
CSP: Onboarding process. Started. |
| 0xB0000713 | CSP: Onboarding process. Delete Offboarding blob complete. Result: (%1). |
CSP: Onboarding process. Delete Offboarding blob complete. Result: (%1). |
| 0xB0000714 | CSP: Onboarding process. Write Onboarding blob complete. Result: (%1) |
CSP: Onboarding process. Write Onboarding blob complete. Result: (%1) |
| 0xB0000715 | CSP: Onboarding process. The service started successfully. |
CSP: Onboarding process. The service started successfully. |
| 0xB0000716 | CSP: Onboarding process. Pending service running state complete. Result: (%1). |
CSP: Onboarding process. Pending service running state complete. Result: (%1). |
| 0xB0000717 | CSP: Set Sample Sharing value complete. Previous Value: (%1), IsDefault: (%2), New Value: (%3), Result: (%4). |
CSP: Set Sample Sharing value complete. Previous Value: (%1), IsDefault: (%2), New Value: (%3), Result: (%4). |
| 0xB0000718 | CSP: Offboarding process. Delete Onboarding blob complete. Result (%1). |
CSP: Offboarding process. Delete Onboarding blob complete. Result (%1). |
| 0xB0000719 | CSP: Offboarding process. Write Offboarding blob complete. Result (%1). |
CSP: Offboarding process. Write Offboarding blob complete. Result (%1). |
| 0xB000071A | CSP: Set Node's Value started. NodeId: (%1), TokenName: (%2). |
CSP: Set Node's Value started. NodeId: (%1), TokenName: (%2). |
| 0xB000071B | CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). |
CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). |
| 0xB000071C | CSP: Set Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). |
CSP: Set Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). |
| 0xB000071D | CSP: Set Telemetry Reporting Frequency started. New value: (%1). |
CSP: Set Telemetry Reporting Frequency started. New value: (%1). |
| 0xB000071E | CSP: Set Telemetry Reporting Frequency complete. Previous value: (%1), IsDefault: (%2), New value: (%3), Result: (%4). |
CSP: Set Telemetry Reporting Frequency complete. Previous value: (%1), IsDefault: (%2), New value: (%3), Result: (%4). |
| 0xB000071F | CSP: Get Telemetry Reporting Frequency complete. Value: (%1), Registry Value: (%2), IsDefault: (%3). |
CSP: Get Telemetry Reporting Frequency complete. Value: (%1), Registry Value: (%2), IsDefault: (%3). |
| 0xB0000720 | CSP: Get Group Ids complete. Value: (%1), IsDefault: (%2). |
CSP: Get Group Ids complete. Value: (%1), IsDefault: (%2). |
| 0xB0000721 | CSP: Set Group Ids exceeded allowed limit. Allowed: (%1), Actual: (%2). |
CSP: Set Group Ids exceeded allowed limit. Allowed: (%1), Actual: (%2). |
| 0xB0000722 | CSP: Set Group Ids complete. Value: (%1), Result: (%2). |
CSP: Set Group Ids complete. Value: (%1), Result: (%2). |
| 0xB0000723 | CSP: Onboarding process. Service is running: (%1), Previous Onboarding Blob Hash: (%2), IsDefault: (%3), Onboarding State: (%4), Onboarding State IsDefault: (%5), New Onboarding Blob Hash: (%6) |
CSP: Onboarding process. Service is running: (%1), Previous Onboarding Blob Hash: (%2), IsDefault: (%3), Onboarding State: (%4), Onboarding State IsDefault: (%5), New Onboarding Blob Hash: (%6) |
| 0xB0000724 | CSP: Onboarding process. Service is running: (%1), Previous Offboarding Blob Hash: (%2), IsDefault: (%3), Onboarding State: (%4), Onboarding State IsDefault: (%5), New Offboarding Blob Hash: (%6) |
CSP: Onboarding process. Service is running: (%1), Previous Offboarding Blob Hash: (%2), IsDefault: (%3), Onboarding State: (%4), Onboarding State IsDefault: (%5), New Offboarding Blob Hash: (%6) |
| 0xB0000725 | CSP: Failed to Set Sample Sharing Value. Requested Value: (%1), Allowed Values between (%2) and (%3). |
CSP: Failed to Set Sample Sharing Value. Requested Value: (%1), Allowed Values between (%2) and (%3). |
| 0xB0000726 | CSP: Failed to Set Telemetry Reporting Frequency Value. Requested Value: (%1) |
CSP: Failed to Set Telemetry Reporting Frequency Value. Requested Value: (%1) |
| 0xB0000727 | CSP: Get Sense is running. Service is configured as delay-start, and hasn't started yet. |
CSP: Get Sense is running. Service is configured as delay-start, and hasn't started yet. |