| Server IP : 134.29.175.74 / Your IP : 216.73.216.160 Web Server : nginx/1.10.2 System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586 User : Administrator ( 0) PHP Version : 7.1.0 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /ProgramData/Microsoft/Windows Defender/Platform/4.18.25080.5-0/ |
Upload File : |
<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<assembly
xmlns="urn:schemas-microsoft-com:asm.v3"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
manifestVersion="1.0"
>
<assemblyIdentity
buildType="$(build.buildType)"
language="neutral"
name="Windows-Defender-Service-MpSvcEtw"
processorArchitecture="$(build.arch)"
publicKeyToken="$(Build.WindowsPublicKeyToken)"
version="$(build.version)"
versionScope="nonSxS"
/>
<instrumentation>
<events
xmlns="http://schemas.microsoft.com/win/2004/08/events"
xmlns:ms="http://manifests.microsoft.com/win/2004/08/windows/events"
xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"
>
<provider
guid="{751ef305-6c6e-4fed-b847-02ef79d26aef}"
message="$(string.Microsoft-Antimalware-Service.provider.name)"
messageFileName="%programfiles%\Windows Defender\MpSvc.dll"
name="Microsoft-Antimalware-Service"
resourceFileName="%programfiles%\Windows Defender\MpSvc.dll"
symbol="Microsoft_Antimalware_Service"
>
<tasks>
<task
eventGUID="{17991c99-d4f8-467f-9a97-1fed7d1208bc}"
name="ServiceOnDemandScan"
value="1"
/>
<task
eventGUID="{bfcc87ef-d782-43b2-aae8-b793e051f7bf}"
name="ServiceEngineUpdate"
value="2"
/>
<task
eventGUID="{d8769074-04fb-4146-b246-f4923f2bf9fa}"
name="ServiceCacheBuild"
value="3"
/>
<task
eventGUID="{c5c73be5-b124-4d07-bd1b-858360ad4830}"
name="ServiceLoadEngine"
value="4"
/>
<task
eventGUID="{30438a57-2866-4bb7-931d-4440153d4adc}"
name="ServiceReloadEngine"
value="5"
/>
<task
eventGUID="{e0919cbe-ec5a-406a-9be2-2aba408eee49}"
name="ServiceSync"
value="6"
/>
<task
eventGUID="{d7cb23e4-5f1c-4a18-9c79-9ffa1cef6997}"
name="ServiceAsync"
value="7"
/>
<task
eventGUID="{bc96821a-398f-49fc-9ebe-be603b8a2a7f}"
name="ServiceShutdown"
value="8"
/>
<task
eventGUID="{2c773cf1-6ff6-4bb8-805d-beb5672ad3a4}"
name="ServiceProcessScan"
value="9"
/>
<task
eventGUID="{053e6a8c-1a72-4e5c-83a4-d80144bd433a}"
name="EngineTask"
value="10"
/>
<task
eventGUID="{54c5f932-0597-492c-9e53-9a762e2e5655}"
name="ServiceTask"
value="11"
/>
<task
eventGUID="{6ab2b25d-4ba4-44cf-8648-5982c7799c76}"
name="ServiceClean"
value="12"
/>
<task
eventGUID="{ac047132-056a-4c46-99cb-03d1334fc457}"
name="MOAC_CacheHit"
value="13"
/>
<task
eventGUID="{562f67c5-b877-4ed0-b0bf-58556e044e4b}"
name="MOAC_CacheMiss"
value="14"
/>
<task
eventGUID="{495c9ada-d0da-4980-aeac-176fc6f3423b}"
name="MOAC_CacheAdd"
value="15"
/>
<task
eventGUID="{9398c3d7-59dc-4c99-ba30-cfdf2cd4710e}"
name="MOAC_CacheDelete"
value="16"
/>
<task
eventGUID="{b2beed96-8ab1-4846-be5e-5ec8aa15c787}"
name="MOAC_CacheFlush"
value="17"
/>
<task
eventGUID="{82844226-616e-491e-ba46-647c08f01763}"
name="ServiceRoutineCleanup"
value="18"
/>
<task
eventGUID="{42c7f94b-61db-48ae-8df6-f282cca0ad91}"
name="ServiceRoutineVerification"
value="19"
/>
<task
eventGUID="{689f0f35-9604-4057-87c3-e872c49a07b1}"
name="ServiceRoutineCacheMaintenance"
value="20"
/>
<task
eventGUID="{86b8e23b-c36b-49a4-9c33-14a876f7e142}"
name="ServiceVersion"
value="21"
/>
<task
eventGUID="{de862483-d6ff-46a2-97ce-41d5eba1d235}"
name="CacheState"
value="22"
/>
<task
eventGUID="{7e213735-2117-46c2-8119-9b3b78a533f4}"
name="SFCBuild"
value="23"
/>
<task
eventGUID="{c6b43d16-0b63-44e1-9fd5-d29c6cda90e9}"
name="Spynet_EventSpynetRequired"
value="24"
/>
<task
eventGUID="{b18f770a-83ae-4807-ae51-06d4a27fbf71}"
name="Spynet_EventCloudRequest"
value="25"
/>
<task
eventGUID="{3e6d25ab-8bb3-4d6f-b2b7-47673382c55d}"
name="Spynet_EventSendTelemetry"
value="26"
/>
<task
eventGUID="{6e2e0e7c-3702-4f8c-b2aa-0941120fb025}"
name="Spynet_MpCmdRunStart"
value="27"
/>
<task
eventGUID="{08d058c6-226a-4e7e-925f-3b6c2027448e}"
name="Spynet_GenerateReportStart"
value="28"
/>
<task
eventGUID="{9b439dd8-db34-4ebf-b11f-40925f723fdd}"
name="Spynet_GenerateReportComplete"
value="29"
/>
<task
eventGUID="{f9f0f8a6-8732-4414-98e6-9f870d0a7b10}"
name="Spynet_HandleResponseStart"
value="30"
/>
<task
eventGUID="{fc524ec4-f03c-4182-a556-a816c6b37895}"
name="Spynet_HandleResponseComplete"
value="31"
/>
<task
eventGUID="{d2ec2c24-e0a4-47b3-b777-b3cd8e65defe}"
name="Spynet_SendReportStart"
value="32"
/>
<task
eventGUID="{c9ff11d6-95d6-4d17-8d49-2a6de248d96b}"
name="Spynet_SendReportComplete"
value="33"
/>
<task
eventGUID="{d6ad8781-44b7-41cd-890c-9762b53c3714}"
name="MpCmdRun_CreateProcess"
value="34"
/>
<task
eventGUID="{533f0835-145f-429c-ac51-459a0e46cf54}"
name="Spynet_MpCmdRunCreateTimer"
value="35"
/>
<task
eventGUID="{6d1edd32-3ca2-4958-ba77-5edd7fb9bb3b}"
name="Spynet_MpCmdRunTimerTrigger"
value="36"
/>
<task
eventGUID="{8F2E98AE-DF1A-4F53-A580-4B1441B8BFBB}"
name="IOAVScanTriggered"
value="37"
/>
<task
eventGUID="{2C36DB2A-A39B-4A9B-8E23-321EE163C57E}"
name="Sense_RemediationInfoThreat"
value="38"
/>
<task
eventGUID="{C452A803-8378-4DA1-B495-B6630BEC649A}"
name="Sense_HipsFGInfo"
value="39"
/>
<task
eventGUID="{3434A803-8348-34A1-B345-34630BEC3434}"
name="Sense_NetworkFilterLookup"
value="40"
/>
<task
eventGUID="{7AC24CE5-7284-4429-9ED1-D8CE2F7296E7}"
name="Sense_NetworkFilterConnectionInfo"
value="41"
/>
<task
eventGUID="{FF6A1EA6-49E6-4D61-A4AF-BE6047461795}"
name="Sense_DlpInfo"
value="42"
/>
<task
eventGUID="{6A0DC6D8-05E1-4EA5-B9A5-B789238DDC99}"
name="Sense_DlpEventInfo"
value="43"
/>
<task
eventGUID="{F07136B9-28C6-4856-984C-8460E4F69DC7}"
name="Sense_DlpStatusInfo"
value="44"
/>
<task
eventGUID="{37A766DA-53A7-4D12-B452-DD98A3DD64CE}"
name="Sense_NetworkFilterBreakTheGlass"
value="45"
/>
<task
eventGUID="{3567D4A1-1429-4FAC-A035-0694069F7AE1}"
name="Sense_HipsAsrUserExclusionInfo"
value="46"
/>
<task
eventGUID="{6D20B44B-9BF9-48D7-98C3-D303BA92D476}"
name="Sense_NetworkFilterDnsQuestion"
value="47"
/>
<task
eventGUID="{B70EA01E-B3E1-4F05-B7BE-CBEF371EE536}"
name="Sense_NetworkFilterDnsAnswer"
value="48"
/>
<task
eventGUID="{F466B5E3-A006-4493-93A6-CB0CF7EC024B}"
name="Sense_NetworkFilterVolumeNotification"
value="49"
/>
<task
eventGUID="{27AAEFFD-D2D8-4C11-9790-D42EB4CCC48D}"
name="Sense_TroubleshootingModeNotification"
value="50"
/>
<task
eventGUID="{F70C7FA9-6671-4EBF-B6E9-64EDA8E2790E}"
name="Sense_NetworkFilterTlsAlert"
value="51"
/>
<task
eventGUID="{B25110EC-4ED1-4DCF-ABAA-9E3B3F0A6BC8}"
name="RbM_RollbackComplete"
value="52"
/>
<task
eventGUID="{3e80208a-9f94-4150-b3fc-bd51a81517c4}"
name="StartRundownTask"
symbol="_etwtask_StartRundown"
value="53"
/>
<task
eventGUID="{f51df377-c690-4441-876a-cf3016e01469}"
name="EndRundownTask"
symbol="_etwtask_EndRundown"
value="54"
/>
<task
eventGUID="{c73f41d1-0d4c-460a-9bd3-4b5caeed65b0}"
name="Sense_TamperProtectionNotification"
value="55"
/>
</tasks>
<keywords>
<keyword
mask="0x0000040000000000"
name="StartRundown"
symbol="StartRundownKeyword"
/>
<keyword
mask="0x0000080000000000"
name="EndRundown"
symbol="EndRundownKeyword"
/>
<!-- 0x0000 F000 0000 0000: Keywords reserved by Microsoft Telemetry -->
<!-- 0xFFFF 0000 0000 0000: Keywords reserved by ETW -->
</keywords>
<templates>
<template tid="RollbackCompleteData">
<data
inType="win:UInt64"
name="Timestamp"
/>
<data
inType="win:UnicodeString"
name="RollbackVersion"
/>
</template>
<template tid="StringPayload">
<data
inType="win:UnicodeString"
name="Description"
/>
</template>
<template tid="VersionPayload">
<data
inType="win:UnicodeString"
name="ServiceVersion"
/>
<data
inType="win:Boolean"
name="OsIsFreshInstall"
/>
</template>
<template tid="FileIDPayload">
<data
inType="win:UInt64"
name="File_ID"
/>
<data
inType="win:UInt64"
name="USN"
/>
</template>
<template tid="CachePayload">
<data
inType="win:UInt64"
name="TrustedUSN"
/>
<data
inType="win:UInt64"
name="TrustedState"
/>
<data
inType="win:UInt64"
name="SFCState"
/>
</template>
<template tid="GenerateReportSize">
<data
inType="win:UInt32"
name="Bytes"
/>
</template>
<template tid="MpCmdRunParams">
<data
inType="win:UnicodeString"
name="Command"
/>
</template>
<template tid="RemediationInfo">
<data
inType="win:UnicodeString"
name="Sha1"
/>
<data
inType="win:UnicodeString"
name="Sha256"
/>
<data
inType="win:UnicodeString"
name="MD5"
/>
<data
inType="win:UInt32"
name="ProcessID"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="ProcessPath"
/>
<data
inType="win:UnicodeString"
name="ThreatName"
/>
<data
inType="win:UnicodeString"
name="RealPath"
/>
<data
inType="win:Boolean"
name="WasExecutingWhileDetected"
/>
<data
inType="win:UInt32"
name="Action"
/>
<data
inType="win:HexInt32"
name="RemediationErrorCode"
/>
<data
inType="win:UInt64"
name="DetectionTime"
/>
<data
inType="win:UnicodeString"
name="User"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ResourceSchema"
/>
<data
inType="win:UnicodeString"
name="DetectionGuid"
/>
<data
inType="win:HexInt32"
name="Classification"
/>
<data
inType="win:UnicodeString"
name="SchemaParamAndDataDelimiter"
/>
<data
inType="win:UnicodeString"
name="SchemaParamList"
/>
<data
inType="win:UnicodeString"
name="SchemaParamDataList"
/>
<data
inType="win:HexInt32"
name="DetectionSource"
/>
<data
inType="win:Boolean"
name="IsPassiveMode"
/>
<data
inType="win:HexInt64"
name="SigSeq"
/>
<data
inType="win:UnicodeString"
name="SigSha"
/>
<data
inType="win:Boolean"
name="isCritical"
/>
<data
inType="win:UnicodeString"
name="ThreatTrackingId"
/>
<data
inType="win:UnicodeString"
name="PlatformVersion"
/>
<data
inType="win:UInt64"
name="PlatformUpdateTime"
/>
<data
inType="win:UnicodeString"
name="EngineVersion"
/>
<data
inType="win:UInt64"
name="EngineUpdateTime"
/>
<data
inType="win:UnicodeString"
name="ASSignatureVersion"
/>
<data
inType="win:UInt64"
name="ASSignatureUpdateTime"
/>
<data
inType="win:UnicodeString"
name="AVSignatureVersion"
/>
<data
inType="win:UInt64"
name="AVSignatureUpdateTime"
/>
<data
inType="win:UInt32"
name="BlockThreatExecSubCategory"
/>
<data
inType="win:UnicodeString"
name="PropertyBag"
/>
<data
inType="win:UInt64"
name="AllowThreatExpirationUTC"
/>
</template>
<template tid="HipsAsrUserExclusionInfo">
<data
inType="win:UnicodeString"
name="RuleId"
/>
<data
inType="win:UInt32"
name="RuleState"
/>
<data
inType="win:UInt32"
name="SessionId"
/>
<data
inType="win:Boolean"
name="TargetIdentified"
/>
<data
inType="win:UnicodeString"
name="Parent"
/>
<data
inType="win:UnicodeString"
name="Target"
/>
<data
inType="win:UnicodeString"
name="InvolvedFile"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
</template>
<template tid="HipsFGInfo">
<data
inType="win:UnicodeString"
name="RuleId"
/>
<data
inType="win:Boolean"
name="isAudit"
/>
<data
inType="win:UnicodeString"
name="Sha1"
/>
<data
inType="win:UnicodeString"
name="Sha256"
/>
<data
inType="win:UnicodeString"
name="MD5"
/>
<data
inType="win:UInt64"
name="FileSize"
/>
<data
inType="win:UInt32"
name="ProcessID"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UInt32"
name="ProcessIntegrityLevel"
/>
<data
inType="win:UnicodeString"
name="ProcessPath"
/>
<data
inType="win:UnicodeString"
name="TargetPath"
/>
<data
inType="win:UInt64"
name="SigSeq"
/>
<data
inType="win:UnicodeString"
name="SigSha"
/>
<data
inType="win:UnicodeString"
name="CommandLine"
/>
<data
inType="win:UInt64"
name="DetectionTime"
/>
<data
inType="win:Boolean"
name="TargetIdentified"
/>
<data
inType="win:UnicodeString"
name="ParentCommandLine"
/>
<data
inType="win:UnicodeString"
name="InvolvedFile"
/>
<data
inType="win:UInt32"
name="InheritanceFlags"
/>
<data
inType="win:UInt32"
name="RuleType"
/>
<data
inType="win:UInt32"
name="RuleState"
/>
<data
inType="win:UInt32"
name="SessionId"
/>
<data
inType="win:UnicodeString"
name="UserName"
/>
</template>
<template tid="NetworkFilterLookup">
<data
inType="win:Boolean"
name="IsAudit"
/>
<data
inType="win:UnicodeString"
name="Uri"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ResponseCategory"
/>
<data
inType="win:Boolean"
name="IsWarn"
/>
<data
inType="win:UnicodeString"
name="DisplayName"
/>
<data
inType="win:UnicodeString"
name="IocId"
/>
</template>
<template tid="NetworkFilterConnectionInfo">
<data
inType="win:UInt32"
name="LocalIpAddressLength"
/>
<data
inType="win:Binary"
length="LocalIpAddressLength"
name="LocalIpAddress"
outType="win:SocketAddress"
/>
<data
inType="win:UInt32"
name="RemoteIpAddressLength"
/>
<data
inType="win:Binary"
length="RemoteIpAddressLength"
name="RemoteIpAddress"
outType="win:SocketAddress"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
<data
inType="win:UnicodeString"
name="Uri"
/>
<data
inType="win:UnicodeString"
name="RequestHeaders"
/>
<data
inType="win:UnicodeString"
name="ResponseHeaders"
/>
<data
inType="win:UnicodeString"
name="ConnectionType"
/>
</template>
<template tid="DlpInfo">
<data
inType="win:UnicodeString"
name="RuleId"
/>
<data
inType="win:UInt32"
name="State"
/>
<data
inType="win:UInt64"
name="EventTimestamp"
/>
<data
inType="win:UnicodeString"
name="Action"
/>
<data
inType="win:UnicodeString"
name="Process"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UnicodeString"
name="Source"
/>
<data
inType="win:UnicodeString"
name="Target"
/>
<data
inType="win:UInt32"
name="SessionId"
/>
</template>
<template tid="DlpEventInfo">
<data
inType="win:UInt64"
name="UniqueId"
/>
<data
inType="win:UInt32"
name="TotalSourceFiles"
/>
<data
inType="win:UInt32"
name="CurrentIndexOfSourceFile"
/>
<data
inType="win:UnicodeString"
name="PolicyVersion"
/>
<data
inType="win:UnicodeString"
name="PolicyRuleId"
/>
<data
inType="win:UInt32"
name="EnforcementLevel"
/>
<data
inType="win:Boolean"
name="IsActionBypass"
/>
<data
inType="win:UInt64"
name="EventTimestamp"
/>
<data
inType="win:UnicodeString"
name="ActionType"
/>
<data
inType="win:UnicodeString"
name="Process"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="Source"
/>
<data
inType="win:UnicodeString"
name="Target"
/>
<data
inType="win:UInt32"
name="SessionId"
/>
<data
inType="win:SID"
name="UserSid"
/>
</template>
<template tid="DlpStatusInfo">
<data
inType="win:UInt32"
name="StatusCode"
/>
<data
inType="win:UnicodeString"
name="StatusDetails"
/>
</template>
<template tid="NetworkFilterBreakTheGlass">
<data
inType="win:Boolean"
name="Allow"
/>
<data
inType="win:UnicodeString"
name="UserOverrideKey"
/>
<data
inType="win:UnicodeString"
name="FriendlyName"
/>
<data
inType="win:UnicodeString"
name="Uri"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ResponseCategory"
/>
<data
inType="win:UnicodeString"
name="IocId"
/>
</template>
<template tid="NetworkFilterDnsQuestion">
<data
inType="win:UInt32"
name="DnsServerAddressLength"
/>
<data
inType="win:Binary"
length="DnsServerAddressLength"
name="DnsServerIpAddress"
outType="win:SocketAddress"
/>
<data
inType="win:UnicodeString"
name="QueryName"
/>
<data
inType="win:UInt32"
name="QueryType"
/>
<data
inType="win:UInt32"
name="ClassType"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
</template>
<template tid="NetworkFilterDnsAnswer">
<data
inType="win:UInt32"
name="DnsServerAddressLength"
/>
<data
inType="win:Binary"
length="DnsServerAddressLength"
name="DnsServerIpAddress"
outType="win:SocketAddress"
/>
<data
inType="win:UnicodeString"
name="AnswerName"
/>
<data
inType="win:UInt64"
name="Ttl"
/>
<data
inType="win:UnicodeString"
name="RecordType"
/>
<data
inType="win:UnicodeString"
name="ResourceRecord"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
</template>
<template tid="NetworkFilterVolumeNotification">
<data
inType="win:Boolean"
name="IsIncoming"
/>
<data
inType="win:UInt32"
name="SourceIpLength"
/>
<data
inType="win:Binary"
length="SourceIpLength"
name="SourceIp"
outType="win:SocketAddress"
/>
<data
inType="win:UInt32"
name="DestinationIpLength"
/>
<data
inType="win:Binary"
length="DestinationIpLength"
name="DestinationIp"
outType="win:SocketAddress"
/>
<data
inType="win:UInt64"
name="Size"
/>
<data
inType="win:UnicodeString"
name="DestinationDNSName"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
<data
inType="win:UnicodeString"
name="ConnectionType"
/>
<data
inType="win:Boolean"
name="IsBehindProxy"
/>
</template>
<template tid="TroubleshootingModeNotification">
<data
inType="win:UInt32"
name="TS_State"
/>
<data
inType="win:UInt32"
name="TS_PreviousState"
/>
<data
inType="win:UInt64"
name="TS_StartUTC"
/>
<data
inType="win:UInt64"
name="TS_ExpirationUTC"
/>
<data
inType="win:UInt32"
name="TS_ExpirationMinutesLeft"
/>
<data
inType="win:UInt32"
name="TS_StateChangeSource"
/>
<data
inType="win:UInt32"
name="TS_StateChangeReason"
/>
<data
inType="win:UInt32"
name="TS_QuotaMinutesLeft"
/>
<data
inType="win:UnicodeString"
name="PlatformVersion"
/>
<data
inType="win:UnicodeString"
name="EngineVersion"
/>
</template>
<template tid="NetworkFilterTlsAlert">
<data
inType="win:UInt32"
name="TlsServerAddressLength"
/>
<data
inType="win:Binary"
length="TlsServerAddressLength"
name="TlsServerIpAddress"
outType="win:SocketAddress"
/>
<data
inType="win:UInt8"
name="TlsAlertLevel"
/>
<data
inType="win:UInt8"
name="TlsAlertDescription"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
<data
inType="win:UnicodeString"
name="UserSid"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
</template>
<template tid="TamperProtectionNotification">
<data
inType="win:UInt64"
name="DetectionTime"
/>
<data
inType="win:UnicodeString"
name="TP_State"
/>
<data
inType="win:UnicodeString"
name="TP_Scenario"
/>
<data
inType="win:UnicodeString"
name="TP_ResourceType"
/>
<data
inType="win:UnicodeString"
name="TP_ResourceName"
/>
<data
inType="win:UnicodeString"
name="TP_ResourceOldState"
/>
<data
inType="win:UnicodeString"
name="TP_ResourceNewState"
/>
<data
inType="win:UInt32"
name="TP_IsBlocked"
/>
<data
inType="win:UInt32"
name="TP_IsUserMode"
/>
<data
inType="win:UnicodeString"
name="ProcessName"
/>
<data
inType="win:UInt32"
name="ProcessId"
/>
<data
inType="win:UInt64"
name="ProcessCreationTime"
/>
</template>
</templates>
<events>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceOnDemandScan_Start"
task="ServiceOnDemandScan"
template="StringPayload"
value="1"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceOnDemandScan_Stop"
task="ServiceOnDemandScan"
value="2"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceCacheBuild_Start"
task="ServiceCacheBuild"
value="4"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceCacheBuild_Stop"
task="ServiceCacheBuild"
value="5"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceLoadEngine_Start"
task="ServiceLoadEngine"
value="6"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceLoadEngine_Stop"
task="ServiceLoadEngine"
value="7"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceReloadEngine_Start"
task="ServiceReloadEngine"
value="8"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceReloadEngine_Stop"
task="ServiceReloadEngine"
value="9"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceSync_Start"
task="ServiceSync"
value="10"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceSync_Stop"
task="ServiceSync"
value="11"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceAsync_Start"
task="ServiceAsync"
value="12"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceAsync_Stop"
task="ServiceAsync"
value="13"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceShutdownEvent"
task="ServiceShutdown"
value="14"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceProcessScan_Start"
task="ServiceProcessScan"
value="15"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceProcessScan_Stop"
task="ServiceProcessScan"
value="16"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="EngineTaskEvent"
task="EngineTask"
template="StringPayload"
value="17"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceTaskLaunched"
task="ServiceTask"
template="StringPayload"
value="18"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceClean"
task="ServiceClean"
template="StringPayload"
value="19"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MOAC_CacheHitEvent"
task="MOAC_CacheHit"
template="FileIDPayload"
value="20"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MOAC_CacheMissEvent"
task="MOAC_CacheMiss"
template="FileIDPayload"
value="21"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MOAC_CacheAddEvent"
task="MOAC_CacheAdd"
template="FileIDPayload"
value="22"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MOAC_CacheDeleteEvent"
task="MOAC_CacheDelete"
template="FileIDPayload"
value="23"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MOAC_CacheFlushEvent"
task="MOAC_CacheFlush"
value="24"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceRoutineCleanupEvent"
task="ServiceRoutineCleanup"
value="25"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceRoutineVerificationEvent"
task="ServiceRoutineVerification"
value="26"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceRoutineCacheMaintenanceEvent"
task="ServiceRoutineCacheMaintenance"
value="27"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="ServiceVersionEvent"
task="ServiceVersion"
template="VersionPayload"
value="28"
version="1"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="ServiceEngineUpdate_Start"
task="ServiceEngineUpdate"
value="29"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="ServiceEngineUpdate_Stop"
task="ServiceEngineUpdate"
value="30"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="CacheStateEvent"
task="CacheState"
template="CachePayload"
value="31"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="SFCBuild_Start"
task="SFCBuild"
value="32"
version="0"
/>
<event
level="win:Informational"
opcode="win:Stop"
symbol="SFCBuild_Stop"
task="SFCBuild"
value="33"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_EventSpynetRequired"
task="Spynet_EventSpynetRequired"
value="34"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_EventCloudRequest"
task="Spynet_EventCloudRequest"
value="35"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_EventSendTelemetry"
task="Spynet_EventSendTelemetry"
value="36"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_MpCmdRunStart"
task="Spynet_MpCmdRunStart"
value="37"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_GenerateReportStart"
task="Spynet_GenerateReportStart"
value="38"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_GenerateReportComplete"
task="Spynet_GenerateReportComplete"
template="GenerateReportSize"
value="39"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_HandleResponseStart"
task="Spynet_HandleResponseStart"
value="40"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_HandleResponseComplete"
task="Spynet_HandleResponseComplete"
value="41"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_SendReportStart"
task="Spynet_SendReportStart"
value="42"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_SendReportComplete"
task="Spynet_SendReportComplete"
value="43"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="MpCmdRun_CreateProcess"
task="MpCmdRun_CreateProcess"
template="MpCmdRunParams"
value="44"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_MpCmdRunCreateTimer"
task="Spynet_MpCmdRunCreateTimer"
value="45"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Spynet_MpCmdRunTimerTrigger"
task="Spynet_MpCmdRunTimerTrigger"
value="46"
version="0"
/>
<event
level="win:Informational"
opcode="win:Start"
symbol="IOAVScanTriggered"
task="IOAVScanTriggered"
value="47"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_RemediationInfoThreat"
task="Sense_RemediationInfoThreat"
template="RemediationInfo"
value="48"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_HipsFGInfo"
task="Sense_HipsFGInfo"
template="HipsFGInfo"
value="49"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterLookup"
task="Sense_NetworkFilterLookup"
template="NetworkFilterLookup"
value="50"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterConnectionInfo"
task="Sense_NetworkFilterConnectionInfo"
template="NetworkFilterConnectionInfo"
value="51"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_DlpInfo"
task="Sense_DlpInfo"
template="DlpInfo"
value="52"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_DlpEventInfo"
task="Sense_DlpEventInfo"
template="DlpEventInfo"
value="53"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_DlpStatusInfo"
task="Sense_DlpStatusInfo"
template="DlpStatusInfo"
value="54"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterBreakTheGlass"
task="Sense_NetworkFilterBreakTheGlass"
template="NetworkFilterBreakTheGlass"
value="55"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_HipsAsrUserExclusionInfo"
task="Sense_HipsAsrUserExclusionInfo"
template="HipsAsrUserExclusionInfo"
value="56"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterDnsQuestion"
task="Sense_NetworkFilterDnsQuestion"
template="NetworkFilterDnsQuestion"
value="57"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterDnsAnswer"
task="Sense_NetworkFilterDnsAnswer"
template="NetworkFilterDnsAnswer"
value="58"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterVolumeNotification"
task="Sense_NetworkFilterVolumeNotification"
template="NetworkFilterVolumeNotification"
value="59"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_TroubleshootingModeNotification"
task="Sense_TroubleshootingModeNotification"
template="TroubleshootingModeNotification"
value="60"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_NetworkFilterTlsAlert"
task="Sense_NetworkFilterTlsAlert"
template="NetworkFilterTlsAlert"
value="61"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Rbm_RollbackCompleteEvent"
task="RbM_RollbackComplete"
template="RollbackCompleteData"
value="62"
version="0"
/>
<event
keywords="StartRundown"
level="win:Informational"
opcode="win:Start"
symbol="StartRundownStartEvent"
task="StartRundownTask"
template="StringPayload"
value="63"
version="0"
/>
<event
keywords="StartRundown"
level="win:Informational"
opcode="win:Stop"
symbol="StartRundownStopEvent"
task="StartRundownTask"
template="StringPayload"
value="64"
version="0"
/>
<event
keywords="EndRundown"
level="win:Informational"
opcode="win:Start"
symbol="EndRundownStartEvent"
task="EndRundownTask"
template="StringPayload"
value="65"
version="0"
/>
<event
keywords="EndRundown"
level="win:Informational"
opcode="win:Stop"
symbol="EndRundownStopEvent"
task="EndRundownTask"
template="StringPayload"
value="66"
version="0"
/>
<event
level="win:Informational"
opcode="win:Info"
symbol="Sense_TamperProtectionNotification"
task="Sense_TamperProtectionNotification"
template="TamperProtectionNotification"
value="67"
version="0"
/>
</events>
</provider>
</events>
</instrumentation>
<localization>
<resources culture="en-US">
<stringTable>
<string
id="Microsoft-Antimalware-Service.provider.name"
value="Microsoft-Antimalware-Service"
/>
</stringTable>
</resources>
</localization>
</assembly>