| 100 | Isolated User Mode (IUM) |
Isolated User Mode (IUM) |
| 0x30000000 | Info |
Info |
| 0x30000001 | Start |
Start |
| 0x30000002 | Stop |
Stop |
| 0x50000000 | Log Always |
Log Always |
| 0x50000002 | Error |
Error |
| 0x50000003 | Warning |
Warning |
| 0x50000004 | Information |
Information |
| 0x50000005 | Verbose |
Verbose |
| 0x90000001 | Microsoft-Windows-CodeIntegrity |
Microsoft-Windows-CodeIntegrity |
| 0x90000002 | Microsoft-Windows-CodeIntegrity/Operational |
Microsoft-Windows-CodeIntegrity/Operational |
| 0x90000003 | Microsoft-Windows-CodeIntegrity/Verbose |
Microsoft-Windows-CodeIntegrity/Verbose |
| 0xB0000BB9 | Code Integrity determined an unsigned kernel module %2 is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available. |
Code Integrity determined an unsigned kernel module %2 is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available. |
| 0xB0000BBA | Code Integrity is unable to verify the image integrity of the file %2 because the set of per-page image hashes could not be found on the system. |
Code Integrity is unable to verify the image integrity of the file %2 because the set of per-page image hashes could not be found on the system. |
| 0xB0000BBB | Code Integrity is unable to verify the image integrity of the file %2 because the set of per-page image hashes could not be found on the system. The image is allowed to load because kernel mode debugger is attached. |
Code Integrity is unable to verify the image integrity of the file %2 because the set of per-page image hashes could not be found on the system. The image is allowed to load because kernel mode debugger is attached. |
| 0xB0000BBC | Windows is unable to verify the image integrity of the file %2 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. |
Windows is unable to verify the image integrity of the file %2 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. |
| 0xB0000BBD | Code Integrity is unable to verify the image integrity of the file %2 because a file hash could not be found on the system. The image is allowed to load because kernel mode debugger is attached. |
Code Integrity is unable to verify the image integrity of the file %2 because a file hash could not be found on the system. The image is allowed to load because kernel mode debugger is attached. |
| 0xB0000BBE | Code Integrity found a set of per-page image hashes for the file %2 in a catalog %4. |
Code Integrity found a set of per-page image hashes for the file %2 in a catalog %4. |
| 0xB0000BBF | Code Integrity found a set of per-page image hashes for the file %2 in the image embedded certificate. |
Code Integrity found a set of per-page image hashes for the file %2 in the image embedded certificate. |
| 0xB0000BC0 | Code Integrity found a file hash for the file %2 in a catalog %4. |
Code Integrity found a file hash for the file %2 in a catalog %4. |
| 0xB0000BC1 | Code Integrity found a file hash for the file %2 in the image embedded certificate. |
Code Integrity found a file hash for the file %2 in the image embedded certificate. |
| 0xB0000BC3 | Code Integrity successfully loaded the %2 catalog. |
Code Integrity successfully loaded the %2 catalog. |
| 0xB0000BC4 | Code Integrity started loading the %2 catalog. |
Code Integrity started loading the %2 catalog. |
| 0xB0000BC5 | Code Integrity started reloading catalogs. |
Code Integrity started reloading catalogs. |
| 0xB0000BC7 | Code Integrity started validating file hash of %2 file. |
Code Integrity started validating file hash of %2 file. |
| 0xB0000BC9 | Code Integrity started validating page hashes of %2 file. |
Code Integrity started validating page hashes of %2 file. |
| 0xB0000BCB | Code Integrity started loading catalog cache from %2 file. |
Code Integrity started loading catalog cache from %2 file. |
| 0xB0000BCD | Code Integrity determined a revoked kernel module %2 is loaded into the system. Check with the publisher to see if a new signed version of the kernel module is available. |
Code Integrity determined a revoked kernel module %2 is loaded into the system. Check with the publisher to see if a new signed version of the kernel module is available. |
| 0xB0000BCE | Code Integrity determined a revoked kernel module %2 is loaded into the system. The image is allowed to load because kernel mode debugger is attached. |
Code Integrity determined a revoked kernel module %2 is loaded into the system. The image is allowed to load because kernel mode debugger is attached. |
| 0xB0000BCF | Windows is unable to verify the integrity of the file %2 because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. |
Windows is unable to verify the integrity of the file %2 because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. |
| 0xB0000BD0 | Windows was unable to update the boot catalog cache file. Status %1. |
Windows was unable to update the boot catalog cache file. Status %1. |
| 0xB0000BD1 | Code Integrity determined kernel module %2 is loaded into the system which does not have a valid embedded digital signature. Check with the publisher to see if an embedded signed version of the kernel module is available. |
Code Integrity determined kernel module %2 is loaded into the system which does not have a valid embedded digital signature. Check with the publisher to see if an embedded signed version of the kernel module is available. |
| 0xB0000BD2 | Code Integrity was unable to load the %2 catalog because the signing certificate for this catalog has been revoked. This can result in images failing to load because a valid signature cannot be found. Check with the publisher to see if a new signed version of the catalog and images are available. |
Code Integrity was unable to load the %2 catalog because the signing certificate for this catalog has been revoked. This can result in images failing to load because a valid signature cannot be found. Check with the publisher to see if a new signed version of the catalog and images are available. |
| 0xB0000BD3 | Code Integrity started loading catalog %2 from the cache file. |
Code Integrity started loading catalog %2 from the cache file. |
| 0xB0000BD4 | Code Integrity started saving catalog cache to %2 file. |
Code Integrity started saving catalog cache to %2 file. |
| 0xB0000BD6 | Code Integrity saved catalog %2 to the cache file. |
Code Integrity saved catalog %2 to the cache file. |
| 0xB0000BD8 | Code Integrity determined a revoked image %2 is loaded into the system. Check with the publisher to see if a new signed version of the image is available. |
Code Integrity determined a revoked image %2 is loaded into the system. Check with the publisher to see if a new signed version of the image is available. |
| 0xB0000BD9 | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements. |
| 0xB0000BDA | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements or violated code integrity policy. However, due to code integrity auditing policy, the image was allowed to load. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements or violated code integrity policy. However, due to code integrity auditing policy, the image was allowed to load. |
| 0xB0000BDB | Code Integrity determined a revoked image %2 is loaded into the system. The image is allowed to load because kernel mode debugger is attached. |
Code Integrity determined a revoked image %2 is loaded into the system. The image is allowed to load because kernel mode debugger is attached. |
| 0xB0000BDD | Code Integrity determined an unsigned image %2 is loaded into the system. Check with the publisher to see if a signed version of the image is available. |
Code Integrity determined an unsigned image %2 is loaded into the system. Check with the publisher to see if a signed version of the image is available. |
| 0xB0000BDE | Code Integrity started validating image header of %2 file. |
Code Integrity started validating image header of %2 file. |
| 0xB0000BE0 | Code Integrity started retrieving the cached data of %2 file. |
Code Integrity started retrieving the cached data of %2 file. |
| 0xB0000BE2 | Code Integrity started setting the cache of %2 file. |
Code Integrity started setting the cache of %2 file. |
| 0xB0000BF7 | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the security requirements for %5. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the security requirements for %5. |
| 0xB0000BF8 | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the security requirements for %5. However, due to system policy, the image was allowed to load. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the security requirements for %5. However, due to system policy, the image was allowed to load. |
| 0xB0000BFC | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements or violated code integrity policy. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the %5 signing level requirements or violated code integrity policy. |
| 0xB0000BFD | Code Integrity was unable to load the weak crypto policy value from registry. Status %1. |
Code Integrity was unable to load the weak crypto policy value from registry. Status %1. |
| 0xB0000BFE | Code Integrity was unable to load the weak crypto policy from registry store. Status %1. |
Code Integrity was unable to load the weak crypto policy from registry store. Status %1. |
| 0xB0000BFF | Code Integrity was unable to load the weak crypto policies. Status %1. |
Code Integrity was unable to load the weak crypto policies. Status %1. |
| 0xB0000C00 | Code Integrity determined that the kernel module %2 is not compatible with hypervisor enforcement due to it having non-page aligned sections. |
Code Integrity determined that the kernel module %2 is not compatible with hypervisor enforcement due to it having non-page aligned sections. |
| 0xB0000C01 | Code Integrity determined that the kernel module %2 is not compatible with strict mode hypervisor enforcement due to it having an executable section that is also writable. |
Code Integrity determined that the kernel module %2 is not compatible with strict mode hypervisor enforcement due to it having an executable section that is also writable. |
| 0xB0000C02 | Code Integrity was unable to verify a page for a module verified using hypervisor enforcement. Status %1. |
Code Integrity was unable to verify a page for a module verified using hypervisor enforcement. Status %1. |
| 0xB0000C03 | Code Integrity determined that process (%4) spent %7 and %8 microseconds for Code Integrity check and policy check to load %2 with validated %6 signing level. For all components without EA cache, Code Integrity spent about %9‰ more time when policy enforced. |
Code Integrity determined that process (%4) spent %7 and %8 microseconds for Code Integrity check and policy check to load %2 with validated %6 signing level. For all components without EA cache, Code Integrity spent about %9‰ more time when policy enforced. |
| 0xB0000C0A | Code Integrity determined kernel module %2 that did not meet the WHQL requirements is loaded into the system. However, due to code integrity auditing policy, the image was allowed to load. |
Code Integrity determined kernel module %2 that did not meet the WHQL requirements is loaded into the system. However, due to code integrity auditing policy, the image was allowed to load. |
| 0xB0000C0B | Code Integrity determined kernel module %2 that did not meet the WHQL requirements is loaded into the system. Check with the publisher to see if a WHQL compliant kernel module is available. |
Code Integrity determined kernel module %2 that did not meet the WHQL requirements is loaded into the system. Check with the publisher to see if a WHQL compliant kernel module is available. |
| 0xB0000C0C | Code Integrity will enable WHQL driver enforcement for this boot session. Settings %1. Exemption %2. |
Code Integrity will enable WHQL driver enforcement for this boot session. Settings %1. Exemption %2. |
| 0xB0000C0D | Code Integrity will disable WHQL driver enforcement for this boot session. Settings %1. |
Code Integrity will disable WHQL driver enforcement for this boot session. Settings %1. |
| 0xB0000C0E | Code Integrity determined that a process (%4) attempted to load %2 that did not meet the signing requirements for Isolated User Mode. |
Code Integrity determined that a process (%4) attempted to load %2 that did not meet the signing requirements for Isolated User Mode. |
| 0xB0010BC2 | Code Integrity was unable to load the %2 catalog. Status %3. |
Code Integrity was unable to load the %2 catalog. Status %3. |
| 0xB0010BC6 | Code Integrity completed reloading catalogs. Status %1. |
Code Integrity completed reloading catalogs. Status %1. |
| 0xB0010BC8 | Code Integrity completed validating file hash. Status %1. |
Code Integrity completed validating file hash. Status %1. |
| 0xB0010BCA | Code Integrity completed validating page hashes. Status %1. |
Code Integrity completed validating page hashes. Status %1. |
| 0xB0010BCC | Code Integrity completed loading catalog cache. Status %1. |
Code Integrity completed loading catalog cache. Status %1. |
| 0xB0010BD5 | Code Integrity completed saving catalog cache. Status %1. |
Code Integrity completed saving catalog cache. Status %1. |
| 0xB0010BDF | Code Integrity completed validating image header. Status %1. |
Code Integrity completed validating image header. Status %1. |
| 0xB0010BE3 | Code Integrity completed setting the file cache. Status %1. |
Code Integrity completed setting the file cache. Status %1. |
| 0xB0020BE1 | Code Integrity completed retrieval of file cache. Status %1. |
Code Integrity completed retrieval of file cache. Status %1. |
| 0xD0000001 | Unchecked |
Unchecked |
| 0xD0000002 | Unsigned |
Unsigned |
| 0xD0000003 | Enterprise |
Enterprise |
| 0xD0000004 | Custom 1 |
Custom 1 |
| 0xD0000005 | Authenticode |
Authenticode |
| 0xD0000006 | Custom 2 |
Custom 2 |
| 0xD0000007 | Store |
Store |
| 0xD0000008 | Custom 3 / Antimalware |
Custom 3 / Antimalware |
| 0xD0000009 | Microsoft |
Microsoft |
| 0xD000000A | Custom 4 |
Custom 4 |
| 0xD000000B | Custom 5 |
Custom 5 |
| 0xD000000C | Dynamic Code Generation |
Dynamic Code Generation |
| 0xD000000D | Windows |
Windows |
| 0xD000000E | Windows Protected Process Light |
Windows Protected Process Light |
| 0xD000000F | Windows TCB |
Windows TCB |
| 0xD0000010 | Custom 6 |
Custom 6 |
| 0xD0000011 | other (see event data) |
other (see event data) |
| 0xD0000012 | Shared Sections |
Shared Sections |