Created
October 20, 2017 20:54
-
-
Save mattifestation/015b8ec58e3296297096a88ba4a8d4b5 to your computer and use it in GitHub Desktop.
Updated CodeIntegrity provider event manifest for Win 10 1709
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events"> | |
| <instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"> | |
| <events> | |
| <provider name="Microsoft-Windows-CodeIntegrity" guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" resourceFileName="Microsoft-Windows-CodeIntegrity" messageFileName="Microsoft-Windows-CodeIntegrity" symbol="MicrosoftWindowsCodeIntegrity" source="Xml" > | |
| <keywords> | |
| </keywords> | |
| <tasks> | |
| <task name="CreateSection" message="$(string.task_CreateSection)" value="1"> | |
| > | |
| <opcodes> | |
| <opcode name="UnsignedDriverLoaded" message="$(string.opcode_CreateSectionUnsignedDriverLoaded)" value="101"/> | |
| <opcode name="PageHashNotFound" message="$(string.opcode_CreateSectionPageHashNotFound)" value="102"/> | |
| <opcode name="PageHashNotFound_DbgAttached" message="$(string.opcode_CreateSectionPageHashNotFound_DbgAttached)" value="103"/> | |
| <opcode name="FileHashNotFound" message="$(string.opcode_CreateSectionFileHashNotFound)" value="104"/> | |
| <opcode name="FileHashNotFound_DbgAttached" message="$(string.opcode_CreateSectionFileHashNotFound_DbgAttached)" value="105"/> | |
| <opcode name="RevokedDriverLoaded" message="$(string.opcode_CreateSectionRevokedDriverLoaded)" value="106"/> | |
| <opcode name="RevokedDriverLoadedInDebugger" message="$(string.opcode_CreateSectionRevokedDriverLoadedInDebugger)" value="107"/> | |
| <opcode name="RevokedDriverNotLoaded" message="$(string.opcode_CreateSectionRevokedDriverNotLoaded)" value="108"/> | |
| <opcode name="PolicyFailure" message="$(string.opcode_CreateSectionPolicyFailure)" value="111"/> | |
| <opcode name="UnsignedImageLoaded" message="$(string.opcode_CreateSectionUnsignedImageLoaded)" value="112"/> | |
| <opcode name="RevokedImageLoaded" message="$(string.opcode_CreateSectionRevokedImageLoaded)" value="113"/> | |
| <opcode name="RevokedImageLoadedInDebugger" message="$(string.opcode_CreateSectionRevokedImageLoadedInDebugger)" value="114"/> | |
| <opcode name="RevokedImageNotLoaded" message="$(string.opcode_CreateSectionRevokedImageNotLoaded)" value="115"/> | |
| <opcode name="SdlRequirement" message="$(string.opcode_CreateSectionSdlRequirement)" value="116"/> | |
| <opcode name="HvciUnalignedSection" message="$(string.opcode_CreateSectionHvciUnalignedSection)" value="122"/> | |
| <opcode name="HvciWritableExecutableSection" message="$(string.opcode_CreateSectionHvciWritableExecutableSection)" value="123"/> | |
| <opcode name="HvciAuditFailure" message="$(string.opcode_CreateSectionHvciAuditFailure)" value="128"/> | |
| <opcode name="SmartlockerVerbose" message="$(string.opcode_CreateSectionSmartlockerVerbose)" value="129"/> | |
| <opcode name="SignatureInformation" message="$(string.opcode_CreateSectionSignatureInformation)" value="130"/> | |
| </opcodes> | |
| </task> | |
| <task name="LoadCatalog" message="$(string.task_LoadCatalog)" value="2"> | |
| > | |
| <opcodes> | |
| <opcode name="Failed" message="$(string.opcode_LoadCatalogFailed)" value="100"/> | |
| </opcodes> | |
| </task> | |
| <task name="ReloadCatalogs" message="$(string.task_ReloadCatalogs)" value="3"/> | |
| <task name="ValidateFileHash" message="$(string.task_ValidateFileHash)" value="4"/> | |
| <task name="ValidatePageHash" message="$(string.task_ValidatePageHash)" value="5"> | |
| > | |
| <opcodes> | |
| <opcode name="HvciPageVerificationFailure" message="$(string.opcode_ValidatePageHashHvciPageVerificationFailure)" value="124"/> | |
| </opcodes> | |
| </task> | |
| <task name="PageHashFoundInCatalog" message="$(string.task_PageHashFoundInCatalog)" value="6"/> | |
| <task name="PageHashFoundInImageCertificate" message="$(string.task_PageHashFoundInImageCertificate)" value="7"/> | |
| <task name="FileHashFoundInCatalog" message="$(string.task_FileHashFoundInCatalog)" value="8"/> | |
| <task name="FileHashFoundInImageCertificate" message="$(string.task_FileHashFoundInImageCertificate)" value="9"/> | |
| <task name="LoadCatalogCache" message="$(string.task_LoadCatalogCache)" value="10"/> | |
| <task name="SaveCatalogCache" message="$(string.task_SaveCatalogCache)" value="11"> | |
| > | |
| <opcodes> | |
| <opcode name="UpdateCatalogCacheFailed" message="$(string.opcode_SaveCatalogCacheUpdateCatalogCacheFailed)" value="109"/> | |
| </opcodes> | |
| </task> | |
| <task name="ValidateImageHeader" message="$(string.task_ValidateImageHeader)" value="13"/> | |
| <task name="GetFileCache" message="$(string.task_GetFileCache)" value="14"/> | |
| <task name="SetFileCache" message="$(string.task_SetFileCache)" value="15"/> | |
| <task name="SetCatalogHint" message="$(string.task_SetCatalogHint)" value="16"/> | |
| <task name="GetCatalogHint" message="$(string.task_GetCatalogHint)" value="17"/> | |
| <task name="ValidateSIPolicy" message="$(string.task_ValidateSIPolicy)" value="18"> | |
| > | |
| <opcodes> | |
| <opcode name="PolicyFailure" message="$(string.opcode_ValidateSIPolicyPolicyFailure)" value="111"/> | |
| <opcode name="SiPolicyFailureIgnored" message="$(string.opcode_ValidateSIPolicySiPolicyFailureIgnored)" value="118"/> | |
| <opcode name="PolicyPerformance" message="$(string.opcode_ValidateSIPolicyPolicyPerformance)" value="125"/> | |
| </opcodes> | |
| </task> | |
| <task name="LoadWeakCryptoPolicies" message="$(string.task_LoadWeakCryptoPolicies)" value="19"> | |
| > | |
| <opcodes> | |
| <opcode name="LoadWeakCryptoRegistryValueFailed" message="$(string.opcode_LoadWeakCryptoPoliciesLoadWeakCryptoRegistryValueFailed)" value="119"/> | |
| <opcode name="LoadWeakCryptoRegistryPolicyFailed" message="$(string.opcode_LoadWeakCryptoPoliciesLoadWeakCryptoRegistryPolicyFailed)" value="120"/> | |
| <opcode name="LoadWeakCryptoPoliciesFailed" message="$(string.opcode_LoadWeakCryptoPoliciesLoadWeakCryptoPoliciesFailed)" value="121"/> | |
| </opcodes> | |
| </task> | |
| <task name="WhqlEnforcement" message="$(string.task_WhqlEnforcement)" value="20"> | |
| > | |
| <opcodes> | |
| <opcode name="WhqlFailure" message="$(string.opcode_WhqlEnforcementWhqlFailure)" value="126"/> | |
| <opcode name="WhqlSettings" message="$(string.opcode_WhqlEnforcementWhqlSettings)" value="127"/> | |
| </opcodes> | |
| </task> | |
| <task name="RefreshPolicyTask" message="$(string.task_RefreshPolicyTask)" value="21"> | |
| > | |
| <opcodes> | |
| <opcode name="RefreshPolicyOp" message="$(string.opcode_RefreshPolicyTaskRefreshPolicyOp)" value="131"/> | |
| </opcodes> | |
| </task> | |
| </tasks> | |
| <maps> | |
| <valueMap name="SigningLevels"> | |
| <map value="0x0" message="$(string.map_SigningLevelsUnchecked)"/> | |
| <map value="0x1" message="$(string.map_SigningLevelsUnsigned)"/> | |
| <map value="0x2" message="$(string.map_SigningLevelsEnterprise)"/> | |
| <map value="0x3" message="$(string.map_SigningLevelsCustom 1)"/> | |
| <map value="0x4" message="$(string.map_SigningLevelsAuthenticode)"/> | |
| <map value="0x5" message="$(string.map_SigningLevelsCustom 2)"/> | |
| <map value="0x6" message="$(string.map_SigningLevelsStore)"/> | |
| <map value="0x7" message="$(string.map_SigningLevelsCustom 3 / Antimalware)"/> | |
| <map value="0x8" message="$(string.map_SigningLevelsMicrosoft)"/> | |
| <map value="0x9" message="$(string.map_SigningLevelsCustom 4)"/> | |
| <map value="0xa" message="$(string.map_SigningLevelsCustom 5)"/> | |
| <map value="0xb" message="$(string.map_SigningLevelsDynamic Code Generation)"/> | |
| <map value="0xc" message="$(string.map_SigningLevelsWindows)"/> | |
| <map value="0xd" message="$(string.map_SigningLevelsWindows Protected Process Light)"/> | |
| <map value="0xe" message="$(string.map_SigningLevelsWindows TCB)"/> | |
| <map value="0xf" message="$(string.map_SigningLevelsCustom 6)"/> | |
| </valueMap> | |
| <valueMap name="SdlRequirementType"> | |
| <map value="0x0" message="$(string.map_SdlRequirementTypeother (see event data))"/> | |
| <map value="0x1" message="$(string.map_SdlRequirementTypeShared Sections)"/> | |
| </valueMap> | |
| <valueMap name="PolicyType"> | |
| <map value="0x0" message="$(string.map_PolicyTypeinvalid Code Integrity policy)"/> | |
| <map value="0x1" message="$(string.map_PolicyTypeenterprise Code Integrity policy)"/> | |
| <map value="0x2" message="$(string.map_PolicyTypeWindows revoke Code Integrity policy)"/> | |
| <map value="0x3" message="$(string.map_PolicyTypeSKU Code Integrity policy)"/> | |
| <map value="0x4" message="$(string.map_PolicyTypeenterprise update Code Integrity policy)"/> | |
| <map value="0x5" message="$(string.map_PolicyTypeWindows update revoke Code Integrity policy)"/> | |
| <map value="0x6" message="$(string.map_PolicyTypeSKU update Code Integrity policy)"/> | |
| <map value="0x7" message="$(string.map_PolicyTypeWindows lockdown Code Integrity policy)"/> | |
| <map value="0x8" message="$(string.map_PolicyTypeWindows update lockdown Code Integrity policy)"/> | |
| <map value="0x9" message="$(string.map_PolicyTypeAdvanced Threat Protection Code Integrity policy)"/> | |
| <map value="0xa" message="$(string.map_PolicyTypeAdvanced Threat Protection update Code Integrity policy)"/> | |
| <map value="0xb" message="$(string.map_PolicyTypeenterprise revoke Code Integrity policy)"/> | |
| <map value="0xc" message="$(string.map_PolicyTypeenterprise update revoke Code Integrity policy)"/> | |
| </valueMap> | |
| </maps> | |
| <events> | |
| <event value="3001" symbol="CreateSectionUnsignedDriverLoaded" version="0" task="CreateSection" opcode="UnsignedDriverLoaded" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3002" symbol="CreateSectionPageHashNotFound" version="0" task="CreateSection" opcode="PageHashNotFound" level="win:Error" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3003" symbol="CreateSectionPageHashNotFound_DbgAttached" version="0" task="CreateSection" opcode="PageHashNotFound_DbgAttached" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3004" symbol="CreateSectionFileHashNotFound" version="0" task="CreateSection" opcode="FileHashNotFound" level="win:Error" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3005" symbol="CreateSectionFileHashNotFound_DbgAttached" version="0" task="CreateSection" opcode="FileHashNotFound_DbgAttached" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3006" symbol="PageHashFoundInCatalog" version="0" task="PageHashFoundInCatalog" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3007" symbol="PageHashFoundInImageCertificate" version="0" task="PageHashFoundInImageCertificate" level="win:Informational" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3008" symbol="FileHashFoundInCatalog" version="0" task="FileHashFoundInCatalog" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3009" symbol="FileHashFoundInImageCertificate" version="0" task="FileHashFoundInImageCertificate" level="win:Informational" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3010" symbol="LoadCatalogFailed" version="0" task="LoadCatalog" opcode="Failed" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3010" symbol="LoadCatalogFailed_V1" version="1" task="LoadCatalog" opcode="Failed" level="win:Warning" template="CreateSectionHvciAuditFailureArgs"/> | |
| <event value="3011" symbol="LoadCatalogStop" version="0" task="LoadCatalog" opcode="win:Stop" level="win:Informational" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3012" symbol="LoadCatalogStart" version="0" task="LoadCatalog" opcode="win:Start" level="win:Informational" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3013" symbol="ReloadCatalogsStart" version="0" task="ReloadCatalogs" opcode="win:Start" level="win:Informational"/> | |
| <event value="3014" symbol="ReloadCatalogsStop" version="0" task="ReloadCatalogs" opcode="win:Stop" level="win:Informational" template="ReloadCatalogsStopArgs"/> | |
| <event value="3014" symbol="ReloadCatalogsStop_V1" version="1" task="ReloadCatalogs" opcode="win:Stop" level="win:Informational" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3015" symbol="ValidateFileHashStart" version="0" task="ValidateFileHash" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3016" symbol="ValidateFileHashStop" version="0" task="ValidateFileHash" opcode="win:Stop" level="win:Verbose" template="ReloadCatalogsStopArgs"/> | |
| <event value="3016" symbol="ValidateFileHashStop_V1" version="1" task="ValidateFileHash" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3017" symbol="ValidatePageHashStart" version="0" task="ValidatePageHash" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3018" symbol="ValidatePageHashStop" version="0" task="ValidatePageHash" opcode="win:Stop" level="win:Verbose" template="ReloadCatalogsStopArgs"/> | |
| <event value="3018" symbol="ValidatePageHashStop_V1" version="1" task="ValidatePageHash" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3019" symbol="LoadCatalogCacheStart" version="0" task="LoadCatalogCache" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3020" symbol="LoadCatalogCacheStop" version="0" task="LoadCatalogCache" opcode="win:Stop" level="win:Verbose" template="ReloadCatalogsStopArgs"/> | |
| <event value="3020" symbol="LoadCatalogCacheStop_V1" version="1" task="LoadCatalogCache" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3021" symbol="CreateSectionRevokedDriverLoaded" version="0" task="CreateSection" opcode="RevokedDriverLoaded" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3022" symbol="CreateSectionRevokedDriverLoadedInDebugger" version="0" task="CreateSection" opcode="RevokedDriverLoadedInDebugger" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3023" symbol="CreateSectionRevokedDriverNotLoaded" version="0" task="CreateSection" opcode="RevokedDriverNotLoaded" level="win:Error" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3024" symbol="SaveCatalogCacheUpdateCatalogCacheFailed" version="0" task="SaveCatalogCache" opcode="UpdateCatalogCacheFailed" level="win:Warning" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3025" symbol="CreateSectionUnsignedDriverLoaded3025" version="0" task="CreateSection" opcode="UnsignedDriverLoaded" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3026" symbol="LoadCatalogFailed3026" version="0" task="LoadCatalog" opcode="Failed" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3027" symbol="LoadCatalogCache" version="0" task="LoadCatalogCache" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3028" symbol="SaveCatalogCacheStart" version="0" task="SaveCatalogCache" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3029" symbol="SaveCatalogCacheStop_V1" version="1" task="SaveCatalogCache" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3030" symbol="SaveCatalogCache" version="0" task="SaveCatalogCache" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3032" symbol="CreateSectionRevokedImageLoaded" version="0" task="CreateSection" opcode="RevokedImageLoaded" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3033" symbol="CreateSectionPolicyFailure" version="0" task="CreateSection" opcode="PolicyFailure" level="win:Error" template="CreateSectionPolicyFailureArgs"/> | |
| <event value="3034" symbol="CreateSectionPolicyFailure3034" version="0" task="CreateSection" opcode="PolicyFailure" level="win:Warning" template="CreateSectionPolicyFailure3034Args"/> | |
| <event value="3035" symbol="CreateSectionRevokedImageLoadedInDebugger" version="0" task="CreateSection" opcode="RevokedImageLoadedInDebugger" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3036" symbol="CreateSectionRevokedImageNotLoaded" version="0" task="CreateSection" opcode="RevokedImageNotLoaded" level="win:Error" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3037" symbol="CreateSectionUnsignedImageLoaded" version="0" task="CreateSection" opcode="UnsignedImageLoaded" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3038" symbol="ValidateImageHeaderStart" version="0" task="ValidateImageHeader" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3038" symbol="ValidateImageHeaderStart_V1" version="1" task="ValidateImageHeader" opcode="win:Start" level="win:Verbose" template="ValidateImageHeaderStartArgs_V1"/> | |
| <event value="3039" symbol="ValidateImageHeaderStop_V1" version="1" task="ValidateImageHeader" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3040" symbol="GetFileCacheStart" version="0" task="GetFileCache" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3041" symbol="GetFileCacheStop_V2" version="2" task="GetFileCache" opcode="win:Stop" level="win:Verbose" template="SetFileCacheStop3043Args_V1"/> | |
| <event value="3042" symbol="SetFileCacheStart" version="0" task="SetFileCache" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3043" symbol="SetFileCacheStop3043_V1" version="1" task="SetFileCache" opcode="win:Stop" level="win:Verbose" template="SetFileCacheStop3043Args_V1"/> | |
| <event value="3050" symbol="GetFileCache" version="0" task="GetFileCache" level="win:Always" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3051" symbol="GetFileCache3051" version="0" task="GetFileCache" level="win:Always" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3052" symbol="GetFileCache3052" version="0" task="GetFileCache" level="win:Always" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3054" symbol="SetFileCacheStart3054" version="0" task="SetFileCache" opcode="win:Start" level="win:Verbose" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3055" symbol="SetFileCacheStop" version="0" task="SetFileCache" opcode="win:Stop" level="win:Verbose" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3057" symbol="GetFileCache3057" version="0" task="GetFileCache" level="win:Always" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3058" symbol="GetFileCache3058" version="0" task="GetFileCache" level="win:Always" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3059" symbol="SetCatalogHint" version="0" task="SetCatalogHint" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3060" symbol="GetCatalogHint" version="0" task="GetCatalogHint" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3061" symbol="SetCatalogHint3061" version="0" task="SetCatalogHint" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3062" symbol="GetCatalogHint3062" version="0" task="GetCatalogHint" level="win:Informational" template="PageHashFoundInCatalogArgs"/> | |
| <event value="3063" symbol="CreateSectionSdlRequirement" version="0" task="CreateSection" opcode="SdlRequirement" level="win:Error" template="CreateSectionSdlRequirementArgs"/> | |
| <event value="3064" symbol="CreateSection" version="0" task="CreateSection" level="win:Warning" template="CreateSectionArgs"/> | |
| <event value="3065" symbol="CreateSectionSdlRequirement3065" version="0" task="CreateSection" opcode="SdlRequirement" level="win:Informational" template="CreateSectionArgs"/> | |
| <event value="3066" symbol="CreateSectionPolicyFailure3066" version="0" task="CreateSection" opcode="PolicyFailure" level="win:Informational" template="CreateSectionPolicyFailure3034Args"/> | |
| <event value="3067" symbol="ValidateSIPolicySiPolicyFailureIgnored" version="0" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="CreateSectionPolicyFailure3034Args"/> | |
| <event value="3068" symbol="ValidateSIPolicyPolicyFailure" version="0" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="CreateSectionPolicyFailure3034Args"/> | |
| <event value="3069" symbol="LoadWeakCryptoPoliciesLoadWeakCryptoRegistryValueFailed" version="0" task="LoadWeakCryptoPolicies" opcode="LoadWeakCryptoRegistryValueFailed" level="win:Error" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3070" symbol="LoadWeakCryptoPoliciesLoadWeakCryptoRegistryPolicyFailed" version="0" task="LoadWeakCryptoPolicies" opcode="LoadWeakCryptoRegistryPolicyFailed" level="win:Error" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3071" symbol="LoadWeakCryptoPoliciesLoadWeakCryptoPoliciesFailed" version="0" task="LoadWeakCryptoPolicies" opcode="LoadWeakCryptoPoliciesFailed" level="win:Error" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3072" symbol="CreateSectionHvciUnalignedSection" version="0" task="CreateSection" opcode="HvciUnalignedSection" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3073" symbol="CreateSectionHvciWritableExecutableSection" version="0" task="CreateSection" opcode="HvciWritableExecutableSection" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3074" symbol="ValidatePageHashHvciPageVerificationFailure" version="0" task="ValidatePageHash" opcode="HvciPageVerificationFailure" level="win:Error" template="SaveCatalogCacheUpdateCatalogCacheFailedArgs"/> | |
| <event value="3075" symbol="ValidateSIPolicyPolicyPerformance" version="0" task="ValidateSIPolicy" opcode="PolicyPerformance" level="win:Informational" template="ValidateSIPolicyPolicyPerformanceArgs"/> | |
| <event value="3076" symbol="ValidateSIPolicySiPolicyFailureIgnored3076" version="0" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3076" symbol="ValidateSIPolicySiPolicyFailureIgnored3076_V1" version="1" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3076" symbol="ValidateSIPolicySiPolicyFailureIgnored3076_V2" version="2" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3077" symbol="ValidateSIPolicyPolicyFailure3077" version="0" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3077" symbol="ValidateSIPolicyPolicyFailure3077_V1" version="1" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3077" symbol="ValidateSIPolicyPolicyFailure3077_V2" version="2" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3078" symbol="ValidateSIPolicySiPolicyFailureIgnored3078" version="0" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3078" symbol="ValidateSIPolicySiPolicyFailureIgnored3078_V1" version="1" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3078" symbol="ValidateSIPolicySiPolicyFailureIgnored3078_V2" version="2" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3079" symbol="ValidateSIPolicyPolicyFailure3079" version="0" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3079" symbol="ValidateSIPolicyPolicyFailure3079_V1" version="1" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3079" symbol="ValidateSIPolicyPolicyFailure3079_V2" version="2" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080" version="0" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V1" version="1" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V2" version="2" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V3" version="3" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V4" version="4" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V5" version="5" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V6" version="6" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V7" version="7" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3080" symbol="ValidateSIPolicySiPolicyFailureIgnored3080_V8" version="8" task="ValidateSIPolicy" opcode="SiPolicyFailureIgnored" level="win:Informational" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081" version="0" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V1" version="1" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V2" version="2" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V3" version="3" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V4" version="4" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V5" version="5" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V6" version="6" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V7" version="7" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3081" symbol="ValidateSIPolicyPolicyFailure3081_V8" version="8" task="ValidateSIPolicy" opcode="PolicyFailure" level="win:Error" template="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"/> | |
| <event value="3082" symbol="WhqlEnforcementWhqlFailure" version="0" task="WhqlEnforcement" opcode="WhqlFailure" level="win:Informational" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3083" symbol="WhqlEnforcementWhqlFailure3083" version="0" task="WhqlEnforcement" opcode="WhqlFailure" level="win:Warning" template="CreateSectionUnsignedDriverLoadedArgs"/> | |
| <event value="3084" symbol="WhqlEnforcementWhqlSettings" version="0" task="WhqlEnforcement" opcode="WhqlSettings" level="win:Informational" template="WhqlEnforcementWhqlSettingsArgs"/> | |
| <event value="3085" symbol="WhqlEnforcementWhqlSettings3085" version="0" task="WhqlEnforcement" opcode="WhqlSettings" level="win:Informational" template="WhqlEnforcementWhqlSettingsArgs"/> | |
| <event value="3086" symbol="CreateSectionPolicyFailure3086" version="0" task="CreateSection" opcode="PolicyFailure" level="win:Error" template="CreateSectionPolicyFailure3034Args"/> | |
| <event value="3087" symbol="CreateSectionHvciAuditFailure" version="0" task="CreateSection" opcode="HvciAuditFailure" level="win:Warning" template="CreateSectionHvciAuditFailureArgs"/> | |
| <event value="3088" symbol="CreateSectionSmartlockerVerbose" version="0" task="CreateSection" opcode="SmartlockerVerbose" level="win:Verbose" template="CreateSectionSmartlockerVerboseArgs"/> | |
| <event value="3089" symbol="CreateSectionSignatureInformation" version="0" task="CreateSection" opcode="SignatureInformation" level="win:Informational" template="CreateSectionSignatureInformationArgs"/> | |
| <event value="3090" symbol="CreateSectionSmartlockerVerbose3090" version="0" task="CreateSection" opcode="SmartlockerVerbose" level="win:Informational" template="CreateSectionSmartlockerVerboseArgs"/> | |
| <event value="3091" symbol="CreateSectionSmartlockerVerbose3091" version="0" task="CreateSection" opcode="SmartlockerVerbose" level="win:Warning" template="CreateSectionSmartlockerVerboseArgs"/> | |
| <event value="3092" symbol="CreateSectionSmartlockerVerbose3092" version="0" task="CreateSection" opcode="SmartlockerVerbose" level="win:Error" template="CreateSectionSmartlockerVerboseArgs"/> | |
| <event value="3093" symbol="RefreshPolicyTaskRefreshPolicyOp" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3094" symbol="RefreshPolicyTaskRefreshPolicyOp3094" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Error" template="RefreshPolicyTaskRefreshPolicyOp3094Args"/> | |
| <event value="3095" symbol="RefreshPolicyTaskRefreshPolicyOp3095" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Warning" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3096" symbol="RefreshPolicyTaskRefreshPolicyOp3096" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3097" symbol="RefreshPolicyTaskRefreshPolicyOp3097" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Warning" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3098" symbol="RefreshPolicyTaskRefreshPolicyOp3098" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3099" symbol="RefreshPolicyTaskRefreshPolicyOp3099" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3100" symbol="RefreshPolicyTaskRefreshPolicyOp3100" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Error" template="RefreshPolicyTaskRefreshPolicyOpArgs"/> | |
| <event value="3101" symbol="RefreshPolicyTaskRefreshPolicyOp3101" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOp3101Args"/> | |
| <event value="3102" symbol="RefreshPolicyTaskRefreshPolicyOp3102" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOp3102Args"/> | |
| <event value="3103" symbol="RefreshPolicyTaskRefreshPolicyOp3103" version="0" task="RefreshPolicyTask" opcode="RefreshPolicyOp" level="win:Informational" template="RefreshPolicyTaskRefreshPolicyOp3103Args"/> | |
| </events> | |
| <templates> | |
| <template tid="CreateSectionUnsignedDriverLoadedArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| </template> | |
| <template tid="PageHashFoundInCatalogArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="CatalogNameLength" inType="win:UInt16"/> | |
| <data name="CatalogNameBuffer" inType="win:UnicodeString" length="CatalogNameLength"/> | |
| </template> | |
| <template tid="ReloadCatalogsStopArgs"> | |
| <data name="Status" inType="win:UInt32"/> | |
| </template> | |
| <template tid="SaveCatalogCacheUpdateCatalogCacheFailedArgs"> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="CreateSectionPolicyFailureArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessNameBuffer" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedPolicy" inType="win:UInt8" map="SigningLevels"/> | |
| <data name="ValidatedPolicy" inType="win:UInt8"/> | |
| <data name="Status" inType="win:UInt32"/> | |
| </template> | |
| <template tid="CreateSectionPolicyFailure3034Args"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessNameBuffer" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedPolicy" inType="win:UInt8"/> | |
| <data name="ValidatedPolicy" inType="win:UInt8"/> | |
| <data name="Status" inType="win:UInt32"/> | |
| </template> | |
| <template tid="CreateSectionSdlRequirementArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessNameBuffer" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequirementType" inType="win:UInt8" map="SdlRequirementType"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="CreateSectionArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessNameBuffer" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequirementType" inType="win:UInt8"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="ValidateSIPolicyPolicyPerformanceArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessNameBuffer" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedSigningLevel" inType="win:UInt8"/> | |
| <data name="ValidatedSigningLevel" inType="win:UInt8"/> | |
| <data name="ElapsedTime" inType="win:UInt64"/> | |
| <data name="PolicyElapsedTime" inType="win:UInt64"/> | |
| <data name="PercentageTime" inType="win:UInt32"/> | |
| </template> | |
| <template tid="ValidateSIPolicySiPolicyFailureIgnored3076Args"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileName" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessName" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedSigningLevel" inType="win:UInt8"/> | |
| <data name="ValidatedSigningLevel" inType="win:UInt8"/> | |
| <data name="Status" inType="win:UInt32"/> | |
| <data name="SHA1HashSize" inType="win:UInt32"/> | |
| <data name="SHA1Hash" inType="win:Binary" length="SHA1 Hash Size"/> | |
| <data name="SHA256HashSize" inType="win:UInt32"/> | |
| <data name="SHA256Hash" inType="win:Binary" length="SHA256 Hash Size"/> | |
| <data name="USN" inType="win:UInt64"/> | |
| <data name="SISigningScenario" inType="win:UInt32"/> | |
| </template> | |
| <template tid="WhqlEnforcementWhqlSettingsArgs"> | |
| <data name="Settings" inType="win:HexInt32"/> | |
| <data name="Exemption" inType="win:UInt8"/> | |
| </template> | |
| <template tid="CreateSectionHvciAuditFailureArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="CreateSectionSmartlockerVerboseArgs"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileName" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="StatusCode" inType="win:HexInt32"/> | |
| <data name="ManagedInstallerEnabled" inType="win:Boolean"/> | |
| <data name="PassesManagedInstaller" inType="win:Boolean"/> | |
| <data name="SmartlockerEnabled" inType="win:Boolean"/> | |
| <data name="PassesSmartlocker" inType="win:Boolean"/> | |
| <data name="DefenderTrust" inType="win:Int32"/> | |
| <data name="AuditEnabled" inType="win:Boolean"/> | |
| <data name="PolicyNameLength" inType="win:UInt16"/> | |
| <data name="PolicyName" inType="win:UnicodeString" length="PolicyNameLength"/> | |
| <data name="PolicyIDLength" inType="win:UInt16"/> | |
| <data name="PolicyID" inType="win:UnicodeString" length="PolicyIDLength"/> | |
| </template> | |
| <template tid="CreateSectionSignatureInformationArgs"> | |
| <data name="TotalSignatureCount" inType="win:UInt32"/> | |
| <data name="Signature" inType="win:UInt32"/> | |
| <data name="HashSize" inType="win:UInt32"/> | |
| <data name="Hash" inType="win:Binary" length="Hash Size"/> | |
| <data name="SignatureType" inType="win:UInt8"/> | |
| <data name="ValidatedSigningLevel" inType="win:UInt8"/> | |
| <data name="VerificationError" inType="win:UInt8"/> | |
| <data name="Flags" inType="win:UInt32"/> | |
| <data name="PolicyBits" inType="win:UInt32"/> | |
| <data name="NotValidBefore" inType="win:FILETIME"/> | |
| <data name="NotValidAfter" inType="win:FILETIME"/> | |
| <data name="PublisherNameLength" inType="win:UInt16"/> | |
| <data name="PublisherName" inType="win:UnicodeString" length="PublisherNameLength"/> | |
| <data name="IssuerNameLength" inType="win:UInt16"/> | |
| <data name="IssuerName" inType="win:UnicodeString" length="IssuerNameLength"/> | |
| </template> | |
| <template tid="RefreshPolicyTaskRefreshPolicyOpArgs"> | |
| <data name="PolicyNameLength" inType="win:UInt16"/> | |
| <data name="PolicyNameBuffer" inType="win:UnicodeString" length="PolicyNameLength"/> | |
| <data name="PolicyIdLength" inType="win:UInt16"/> | |
| <data name="PolicyIdBuffer" inType="win:UnicodeString" length="PolicyIdLength"/> | |
| <data name="TypeOfPolicy" inType="win:UInt32"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| <data name="Options" inType="win:HexInt32"/> | |
| <data name="PolicyHashSize" inType="win:UInt32"/> | |
| <data name="PolicyHash" inType="win:Binary" length="PolicyHashSize"/> | |
| </template> | |
| <template tid="RefreshPolicyTaskRefreshPolicyOp3094Args"> | |
| <data name="PolicyNameLength" inType="win:UInt16"/> | |
| <data name="PolicyNameBuffer" inType="win:UnicodeString" length="PolicyNameLength"/> | |
| <data name="PolicyIdLength" inType="win:UInt16"/> | |
| <data name="PolicyIdBuffer" inType="win:UnicodeString" length="PolicyIdLength"/> | |
| <data name="TypeOfPolicy" inType="win:UInt32" map="PolicyType"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| <data name="Options" inType="win:HexInt32"/> | |
| <data name="PolicyHashSize" inType="win:UInt32"/> | |
| <data name="PolicyHash" inType="win:Binary" length="PolicyHashSize"/> | |
| </template> | |
| <template tid="RefreshPolicyTaskRefreshPolicyOp3101Args"> | |
| <data name="NumberOfPolicies" inType="win:UInt32"/> | |
| </template> | |
| <template tid="RefreshPolicyTaskRefreshPolicyOp3102Args"> | |
| <data name="NumberOfPolicies" inType="win:UInt32"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="RefreshPolicyTaskRefreshPolicyOp3103Args"> | |
| <data name="PolicyType" inType="win:UInt32"/> | |
| <data name="Status" inType="win:HexInt32"/> | |
| </template> | |
| <template tid="ValidateImageHeaderStartArgs_V1"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileNameBuffer" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="SecureRequired" inType="win:HexInt32"/> | |
| <data name="RequestedSigningLevel" inType="win:UInt8"/> | |
| </template> | |
| <template tid="SetFileCacheStop3043Args_V1"> | |
| <data name="Status" inType="win:HexInt32"/> | |
| <data name="CachedFlags" inType="win:HexInt32"/> | |
| <data name="CacheSource" inType="win:UInt8"/> | |
| <data name="CachedPolicy" inType="win:UInt8"/> | |
| </template> | |
| <template tid="ValidateSIPolicySiPolicyFailureIgnored3076Args_V1"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileName" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessName" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedSigningLevel" inType="win:UInt8"/> | |
| <data name="ValidatedSigningLevel" inType="win:UInt8"/> | |
| <data name="Status" inType="win:UInt32"/> | |
| <data name="SHA1HashSize" inType="win:UInt32"/> | |
| <data name="SHA1Hash" inType="win:Binary" length="SHA1 Hash Size"/> | |
| <data name="SHA256HashSize" inType="win:UInt32"/> | |
| <data name="SHA256Hash" inType="win:Binary" length="SHA256 Hash Size"/> | |
| <data name="USN" inType="win:UInt64"/> | |
| <data name="SISigningScenario" inType="win:UInt32"/> | |
| <data name="PolicyNameLength" inType="win:UInt16"/> | |
| <data name="PolicyName" inType="win:UnicodeString" length="PolicyNameLength"/> | |
| <data name="PolicyIDLength" inType="win:UInt16"/> | |
| <data name="PolicyID" inType="win:UnicodeString" length="PolicyIDLength"/> | |
| </template> | |
| <template tid="ValidateSIPolicySiPolicyFailureIgnored3076Args_V2"> | |
| <data name="FileNameLength" inType="win:UInt16"/> | |
| <data name="FileName" inType="win:UnicodeString" length="FileNameLength"/> | |
| <data name="ProcessNameLength" inType="win:UInt16"/> | |
| <data name="ProcessName" inType="win:UnicodeString" length="ProcessNameLength"/> | |
| <data name="RequestedSigningLevel" inType="win:UInt8"/> | |
| <data name="ValidatedSigningLevel" inType="win:UInt8"/> | |
| <data name="Status" inType="win:UInt32"/> | |
| <data name="SHA1HashSize" inType="win:UInt32"/> | |
| <data name="SHA1Hash" inType="win:Binary" length="SHA1 Hash Size"/> | |
| <data name="SHA256HashSize" inType="win:UInt32"/> | |
| <data name="SHA256Hash" inType="win:Binary" length="SHA256 Hash Size"/> | |
| <data name="USN" inType="win:UInt64"/> | |
| <data name="SISigningScenario" inType="win:UInt32"/> | |
| <data name="PolicyNameLength" inType="win:UInt16"/> | |
| <data name="PolicyName" inType="win:UnicodeString" length="PolicyNameLength"/> | |
| <data name="PolicyIDLength" inType="win:UInt16"/> | |
| <data name="PolicyID" inType="win:UnicodeString" length="PolicyIDLength"/> | |
| <data name="PolicyHashSize" inType="win:UInt32"/> | |
| <data name="PolicyHash" inType="win:Binary" length="PolicyHashSize"/> | |
| </template> | |
| </templates> | |
| </provider> | |
| </events> | |
| </instrumentation> | |
| <localization> | |
| <resources culture="en-US"> | |
| <stringTable> | |
| <string id="task_CreateSection" value="CreateSection"/> | |
| <string id="opcode_CreateSectionUnsignedDriverLoaded" value="UnsignedDriverLoaded"/> | |
| <string id="opcode_CreateSectionPageHashNotFound" value="PageHashNotFound"/> | |
| <string id="opcode_CreateSectionPageHashNotFound_DbgAttached" value="PageHashNotFound_DbgAttached"/> | |
| <string id="opcode_CreateSectionFileHashNotFound" value="FileHashNotFound"/> | |
| <string id="opcode_CreateSectionFileHashNotFound_DbgAttached" value="FileHashNotFound_DbgAttached"/> | |
| <string id="opcode_CreateSectionRevokedDriverLoaded" value="RevokedDriverLoaded"/> | |
| <string id="opcode_CreateSectionRevokedDriverLoadedInDebugger" value="RevokedDriverLoadedInDebugger"/> | |
| <string id="opcode_CreateSectionRevokedDriverNotLoaded" value="RevokedDriverNotLoaded"/> | |
| <string id="opcode_CreateSectionPolicyFailure" value="PolicyFailure"/> | |
| <string id="opcode_CreateSectionUnsignedImageLoaded" value="UnsignedImageLoaded"/> | |
| <string id="opcode_CreateSectionRevokedImageLoaded" value="RevokedImageLoaded"/> | |
| <string id="opcode_CreateSectionRevokedImageLoadedInDebugger" value="RevokedImageLoadedInDebugger"/> | |
| <string id="opcode_CreateSectionRevokedImageNotLoaded" value="RevokedImageNotLoaded"/> | |
| <string id="opcode_CreateSectionSdlRequirement" value="SdlRequirement"/> | |
| <string id="opcode_CreateSectionHvciUnalignedSection" value="HvciUnalignedSection"/> | |
| <string id="opcode_CreateSectionHvciWritableExecutableSection" value="HvciWritableExecutableSection"/> | |
| <string id="opcode_CreateSectionHvciAuditFailure" value="HvciAuditFailure"/> | |
| <string id="opcode_CreateSectionSmartlockerVerbose" value="SmartlockerVerbose"/> | |
| <string id="opcode_CreateSectionSignatureInformation" value="SignatureInformation"/> | |
| <string id="task_LoadCatalog" value="LoadCatalog"/> | |
| <string id="opcode_LoadCatalogFailed" value="Failed"/> | |
| <string id="task_ReloadCatalogs" value="ReloadCatalogs"/> | |
| <string id="task_ValidateFileHash" value="ValidateFileHash"/> | |
| <string id="task_ValidatePageHash" value="ValidatePageHash"/> | |
| <string id="opcode_ValidatePageHashHvciPageVerificationFailure" value="HvciPageVerificationFailure"/> | |
| <string id="task_PageHashFoundInCatalog" value="PageHashFoundInCatalog"/> | |
| <string id="task_PageHashFoundInImageCertificate" value="PageHashFoundInImageCertificate"/> | |
| <string id="task_FileHashFoundInCatalog" value="FileHashFoundInCatalog"/> | |
| <string id="task_FileHashFoundInImageCertificate" value="FileHashFoundInImageCertificate"/> | |
| <string id="task_LoadCatalogCache" value="LoadCatalogCache"/> | |
| <string id="task_SaveCatalogCache" value="SaveCatalogCache"/> | |
| <string id="opcode_SaveCatalogCacheUpdateCatalogCacheFailed" value="UpdateCatalogCacheFailed"/> | |
| <string id="task_ValidateImageHeader" value="ValidateImageHeader"/> | |
| <string id="task_GetFileCache" value="GetFileCache"/> | |
| <string id="task_SetFileCache" value="SetFileCache"/> | |
| <string id="task_SetCatalogHint" value="SetCatalogHint"/> | |
| <string id="task_GetCatalogHint" value="GetCatalogHint"/> | |
| <string id="task_ValidateSIPolicy" value="ValidateSIPolicy"/> | |
| <string id="opcode_ValidateSIPolicyPolicyFailure" value="PolicyFailure"/> | |
| <string id="opcode_ValidateSIPolicySiPolicyFailureIgnored" value="SiPolicyFailureIgnored"/> | |
| <string id="opcode_ValidateSIPolicyPolicyPerformance" value="PolicyPerformance"/> | |
| <string id="task_LoadWeakCryptoPolicies" value="LoadWeakCryptoPolicies"/> | |
| <string id="opcode_LoadWeakCryptoPoliciesLoadWeakCryptoRegistryValueFailed" value="LoadWeakCryptoRegistryValueFailed"/> | |
| <string id="opcode_LoadWeakCryptoPoliciesLoadWeakCryptoRegistryPolicyFailed" value="LoadWeakCryptoRegistryPolicyFailed"/> | |
| <string id="opcode_LoadWeakCryptoPoliciesLoadWeakCryptoPoliciesFailed" value="LoadWeakCryptoPoliciesFailed"/> | |
| <string id="task_WhqlEnforcement" value="WhqlEnforcement"/> | |
| <string id="opcode_WhqlEnforcementWhqlFailure" value="WhqlFailure"/> | |
| <string id="opcode_WhqlEnforcementWhqlSettings" value="WhqlSettings"/> | |
| <string id="task_RefreshPolicyTask" value="RefreshPolicyTask"/> | |
| <string id="opcode_RefreshPolicyTaskRefreshPolicyOp" value="RefreshPolicyOp"/> | |
| <string id="map_SigningLevelsUnchecked" value="Unchecked"/> | |
| <string id="map_SigningLevelsUnsigned" value="Unsigned"/> | |
| <string id="map_SigningLevelsEnterprise" value="Enterprise"/> | |
| <string id="map_SigningLevelsCustom 1" value="Custom 1"/> | |
| <string id="map_SigningLevelsAuthenticode" value="Authenticode"/> | |
| <string id="map_SigningLevelsCustom 2" value="Custom 2"/> | |
| <string id="map_SigningLevelsStore" value="Store"/> | |
| <string id="map_SigningLevelsCustom 3 / Antimalware" value="Custom 3 / Antimalware"/> | |
| <string id="map_SigningLevelsMicrosoft" value="Microsoft"/> | |
| <string id="map_SigningLevelsCustom 4" value="Custom 4"/> | |
| <string id="map_SigningLevelsCustom 5" value="Custom 5"/> | |
| <string id="map_SigningLevelsDynamic Code Generation" value="Dynamic Code Generation"/> | |
| <string id="map_SigningLevelsWindows" value="Windows"/> | |
| <string id="map_SigningLevelsWindows Protected Process Light" value="Windows Protected Process Light"/> | |
| <string id="map_SigningLevelsWindows TCB" value="Windows TCB"/> | |
| <string id="map_SigningLevelsCustom 6" value="Custom 6"/> | |
| <string id="map_SdlRequirementTypeother (see event data)" value="other (see event data)"/> | |
| <string id="map_SdlRequirementTypeShared Sections" value="Shared Sections"/> | |
| <string id="map_PolicyTypeinvalid Code Integrity policy" value="invalid Code Integrity policy"/> | |
| <string id="map_PolicyTypeenterprise Code Integrity policy" value="enterprise Code Integrity policy"/> | |
| <string id="map_PolicyTypeWindows revoke Code Integrity policy" value="Windows revoke Code Integrity policy"/> | |
| <string id="map_PolicyTypeSKU Code Integrity policy" value="SKU Code Integrity policy"/> | |
| <string id="map_PolicyTypeenterprise update Code Integrity policy" value="enterprise update Code Integrity policy"/> | |
| <string id="map_PolicyTypeWindows update revoke Code Integrity policy" value="Windows update revoke Code Integrity policy"/> | |
| <string id="map_PolicyTypeSKU update Code Integrity policy" value="SKU update Code Integrity policy"/> | |
| <string id="map_PolicyTypeWindows lockdown Code Integrity policy" value="Windows lockdown Code Integrity policy"/> | |
| <string id="map_PolicyTypeWindows update lockdown Code Integrity policy" value="Windows update lockdown Code Integrity policy"/> | |
| <string id="map_PolicyTypeAdvanced Threat Protection Code Integrity policy" value="Advanced Threat Protection Code Integrity policy"/> | |
| <string id="map_PolicyTypeAdvanced Threat Protection update Code Integrity policy" value="Advanced Threat Protection update Code Integrity policy"/> | |
| <string id="map_PolicyTypeenterprise revoke Code Integrity policy" value="enterprise revoke Code Integrity policy"/> | |
| <string id="map_PolicyTypeenterprise update revoke Code Integrity policy" value="enterprise update revoke Code Integrity policy"/> | |
| </stringTable> | |
| </resources> | |
| </localization> | |
| </instrumentationManifest> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment