deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into repo_sync_working_branch

Browse Source
This commit is contained in:
Stephanie Savell 2023-02-28 11:14:17 -06:00 committed by GitHub
commit 20a4765c45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 715 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
View File

@ -2164,7 +2164,7 @@ The following fields are available:
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an enterprise Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
- **SystemCenterID** The Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier
@ -5030,12 +5030,27 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic
This event sends details collected for a specific application on the source device. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
- **AhaVersion** The binary version of the App Health Analyzer tool.
- **ApplicationErrors** The count of application errors from the event log.
- **Bitness** The architecture type of the application (16 Bit or 32 bit or 64 bit).
- **device_level** Various JRE/JAVA versions installed on a particular device.
- **ExtendedProperties** Attribute used for aggregating all other attributes under this event type.
- **Jar** Flag to determine if an app has a Java JAR file dependency.
- **Jre** Flag to determine if an app has JRE framework dependency.
- **Jre_version** JRE versions an app has declared framework dependency for.
- **Name** Name of the application.
- **NonDPIAware** Flag to determine if an app is non-DPI aware.
- **NumBinaries** Count of all binaries (.sys,.dll,.ini) from application install location.
- **RequiresAdmin** Flag to determine if an app requests admin privileges for execution.
- **RequiresAdminv2** Additional flag to determine if an app requests admin privileges for execution.
- **RequiresUIAccess** Flag to determine if an app is based on UI features for accessibility.
- **VB6** Flag to determine if an app is based on VB6 framework.
- **VB6v2** Additional flag to determine if an app is based on VB6 framework.
- **Version** Version of the application.
- **VersionCheck** Flag to determine if an app has a static dependency on OS version.
- **VersionCheckv2** Additional flag to determine if an app has a static dependency on OS version.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd

83
windows/privacy/required-diagnostic-events-fields-windows-11-22H2.md
View File

@ -36,10 +36,6 @@ You can learn more about Windows functional and diagnostic data through these ar
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
## Appraiser events
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount
@ -1288,7 +1284,6 @@ The following fields are available:
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
## Component-based servicing events
### CbsServicingProvider.CbsCapabilitySessionFinalize
@ -1715,6 +1710,18 @@ The following fields are available:
## Holographic events
### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicSpaceCreated
This event indicates the state of Windows holographic scene. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **AppSessionGuid** GUID made up of process ID and is used as a correlation vector for process instances in the telemetry backend.
- **IsForCompositor** True/False to indicate whether the holographic space is for compositor process.
- **Source** An enumeration indicating the source of the log.
- **WindowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated
This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. The data collected with this event is used to keep Windows performing properly.
@ -2196,6 +2203,33 @@ The following fields are available:
- **resultCode** HR result of the cancellation.
## Other events
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Entered
This event sends data indicating the start of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
### Microsoft.Windows.Analog.HydrogenCompositor.ExclusiveMode_Leave
This event sends data indicating the end of augmented reality application experience. The data collected with this event is used to keep Windows performing properly.
The following fields are available:
- **EventHistory** Unique number of event history.
- **ExternalComponentState** State of external component.
- **LastEvent** Unique number of last event.
- **SessionID** Unique value for each attempt.
- **TargetAsId** The sequence number for the process.
- **windowInstanceId** Unique value for each window instance.
## Privacy consent logging events
### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted
@ -2405,6 +2439,22 @@ The following fields are available:
## Update events
### Update360Telemetry.FellBackToDownloadingAllPackageFiles
This event indicates whether a failure occurred during Missing File List generation and is applicable to Quality Update downloads.
The following fields are available:
- **ErrorCode** Error code returned during Missing File List generation.
- **FlightId** Unique ID for each flight.
- **ObjectId** Unique ID for each flight.
- **Package** Name of the package for which Missing File List generation failed and we fell back to downloading all package files.
- **RelatedCV** Correlation vector value generated from the latest USO scan.
- **ScenarioId** Indicates the update scenario.
- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases).
- **UpdateId** Unique ID for each Update.
### Update360Telemetry.UpdateAgentDownloadRequest
This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The data collected with this event is used to help keep Windows secure and up to date.
@ -3323,6 +3373,29 @@ The following fields are available:
This event is derived event results for the LaunchPageDuration scenario.
### Microsoft.Windows.Update.WUClient.DownloadPaused
This event is fired when the Download stage is paused.
The following fields are available:
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
- **CallerName** Name of application making the Windows Update request. Used to identify context of request.
- **ClassificationId** Classification identifier of the update content.
- **DownloadPriority** Indicates the priority of the download activity.
- **EventType** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc.
- **FlightId** Secondary status code for certain scenarios where StatusCode was not specific enough.
- **HandlerInfo** Blob of Handler related information.
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.).
- **Props** Commit Props {MergedUpdate}
- **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content.
- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one.
- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc).
- **UpdateId** Identifier associated with the specific piece of content.
- **UusVersion** The version of the Update Undocked Stack.
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSExit
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS) exits. The data collected with this event is used to help keep Windows up to date and performing properly.

81
windows/privacy/required-windows-11-diagnostic-events-and-fields.md
View File

@ -1918,6 +1918,10 @@ The following fields are available:
- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure.
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciAlreadyEnabled
Fires when HVCI is already enabled so no need to continue auto-enablement.
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
@ -2160,6 +2164,7 @@ The following fields are available:
- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts.
- **xid** A list of base10-encoded XBOX User IDs.
## Common data fields
### Ms.Device.DeviceInventoryChange
@ -2174,6 +2179,7 @@ The following fields are available:
- **objectType** Indicates the object type that the event applies to.
- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object.
## Component-based servicing events
### CbsServicingProvider.CbsCapabilityEnumeration
@ -3032,6 +3038,18 @@ The following fields are available:
- **Version** The version number of the program.
### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd
This event represents what drivers an application installs. The data collected with this event is used to keep Windows performing properly.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **InventoryVersion** The version of the inventory component
- **ProgramIds** The unique program identifier the driver is associated with
### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync
The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. The data collected with this event is used to keep Windows performing properly.
@ -3420,12 +3438,6 @@ This event sends details collected for a specific application on the source devi
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
This event provides basic information about active memory slots on the device.
@ -3758,6 +3770,17 @@ The following fields are available:
## Migration events
### Microsoft.Windows.MigrationCore.MigObjectCountDLSys
This event is used to indicate object count for system paths during different phases of Windows feature update.
The following fields are available:
- **migDiagSession->CString** Indicates the phase of the update.
- **objectCount** Number of files being tracked for the corresponding phase of the update.
- **sfInfo.Name** This indicates well know folder location path (Ex: PUBLIC_downloads etc.)
### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr
This event returns data to track the count of the migration objects across various phases during feature update. The data collected with this event is used to help keep Windows secure and to track data loss scenarios.
@ -6143,6 +6166,26 @@ The following fields are available:
- **updateId** Unique identifier for each update.
### Microsoft.Windows.Update.NotificationUx.RebootScheduled
This event sends basic information for scheduling a device restart to install security updates. It's used to help keep Windows secure and up-to-date by indicating when a reboot is scheduled by the system or a user for a security, quality, or feature update.
The following fields are available:
- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device.
- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot.
- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action.
- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours.
- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically).
- **rebootState** The current state of the restart.
- **rebootUsingSmartScheduler** Indicates whether the reboot is scheduled by smart scheduler.
- **revisionNumber** Revision number of the update that is getting installed with this restart.
- **scheduledRebootTime** Time of the scheduled restart.
- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time.
- **updateId** ID of the update that is getting installed with this restart.
- **wuDeviceid** Unique device ID used by Windows Update.
### Microsoft.Windows.Update.Orchestrator.Client.BizCriticalStoreAppInstallResult
This event returns the result after installing a business critical store application. The data collected with this event is used to help keep Windows secure and up to date.
@ -6231,7 +6274,6 @@ The following fields are available:
- **uptimeMinutes** Duration USO for up for in the current boot session.
- **wilActivity** Wil Activity related information.
### Microsoft.Windows.Update.WUClientExt.UUSLoadModuleFailed
This is the UUSLoadModule failed event and is used to track the failure of loading an undocked component. The data collected with this event is used to help keep Windows up to date and secure.
@ -6345,6 +6387,27 @@ The following fields are available:
- **WuId** Unique ID for the Windows Update client.
### Mitigation360Telemetry.MitigationCustom.CryptcatsvcRebuild
This event sends data specific to the CryptcatsvcRebuild mitigation used for OS Updates. The data collected with this event is used to help keep Windows up to date.
The following fields are available:
- **ClientId** In the Windows Update scenario, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value.
- **FlightId** The unique identifier for each flight.
- **InstanceId** Unique GUID that identifies each instances of setuphost.exe.
- **MitigationNeeded** Information on whether the mitigation was needed.
- **MitigationScenario** The update scenario in which the mitigation was executed.
- **RelatedCV** Correlation vector value generated from the latest USO scan.
- **Result** HResult of this operation.
- **ScenarioId** ID indicating the mitigation scenario.
- **ScenarioSupported** Indicates whether the scenario was supported.
- **ServiceDisabled** Information on whether the service was disabled.
- **SessionId** Unique value for each update attempt.
- **UpdateId** Unique ID for each Update.
- **WuId** Unique ID for the Windows Update client.
### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints
This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. The data collected with this event is used to help keep Windows secure and up to date.
@ -6468,7 +6531,7 @@ The following fields are available:
- **TargetUserFreeSpace** The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
- **UpdateScratchFinalUsedSpace** The used space in the scratch reserve.
- **UpdateScratchInitialUsedSpace** The utilization of the scratch reserve after initialization.
- **UpdateScratchReserveFinalSize** The utilization of the scratch reserve after initialization.
- **UpdateScratchReserveFinalSize** The final size of the scratch reserve.
- **UpdateScratchReserveInitialSize** The size of the scratch reserve after initialization.
@ -6511,8 +6574,6 @@ The following fields are available:
This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. The data collected with this event is used to help keep Windows secure and up to date.
### Microsoft.Windows.UpdateReserveManager.TurnOffReserves
This event is sent when the Update Reserve Manager turns off reserve functionality for certain operations. The data collected with this event is used to help keep Windows secure and up to date.

552
windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md
View File

@ -1227,8 +1227,8 @@ The following fields are available:
- **CpuStepping** Cpu stepping.
- **CpuVendor** Cpu vendor.
- **PlatformId** CPU platform identifier.
- **ProcessorName** OEM processor name.
- **ProductName** OEM product name.
- **ProcessorName** The name of the processor.
- **ProductName** The name of the product.
- **SysReqOverride** Appraiser decision about system requirements override.
@ -2474,6 +2474,7 @@ The following fields are available:
- **wilActivity** Contains the thread ID used to match the begin and end events, and for the end event also a HResult indicating sucess or failure.
### Microsoft.Windows.Security.CodeIntegrity.HVCISysprep.HvciScanGetResultFailed
Fires when driver scanning fails to get results.
@ -3113,6 +3114,290 @@ The following fields are available:
## Direct to update events
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure
This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run
- **ClientID** Client ID being run
- **CoordinatorVersion** Coordinator version of DTU
- **CV** Correlation vector
- **hResult** HRESULT of the failure
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess
This event indicates that the Coordinator Cleanup call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run
- **ClientID** Client ID being run
- **CoordinatorVersion** Coordinator version of DTU
- **CV** Correlation vector
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess
This event indicates that the Coordinator Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess
This event indicates that the Coordinator Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess
This event indicates that the Coordinator Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure
This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack
This event indicates that the Coordinator's progress callback has been called. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **DeployPhase** Current Deploy Phase.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator WaitForRebootUi call.
The following fields are available:
- **CampaignID** Campaign ID being run.
- **ClientID** Client ID being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess
This event indicates that the Coordinator WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicability call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run
- **ClientID** Client ID being run
- **CoordinatorVersion** Coordinator version of DTU
- **CV** Correlation vector
- **CV_new** New correlation vector
- **hResult** HRESULT of the failure
### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess
This event indicates that the Handler CheckApplicability call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **ApplicabilityResult** The result code indicating whether the update is applicable.
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **CV_new** New correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckIfCoordinatorMinApplicableVersion call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run
- **ClientID** Client ID being run
- **CoordinatorVersion** Coordinator version of DTU
- **CV** Correlation vector
- **hResult** HRESULT of the failure
### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess
This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **CV_new** New correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess
This event indicates that the Handler Commit call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.run
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **CV_new** New correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded
This event indicates that the Handler Download and Extract cab returned a value indicating that the cab has already been downloaded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** Campaign ID being run
- **ClientID** Client ID being run
- **CoordinatorVersion** Coordinator version of DTU
- **CV** Correlation vector
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure
This event indicates that the Handler Download and Extract cab call failed. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **DownloadAndExtractCabFunction_failureReason** Reason why the update download and extract process failed.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess
This event indicates that the Handler Download and Extract cab call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
@ -3125,6 +3410,193 @@ The following fields are available:
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess
This event indicates that the Handler Download call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extract.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess
This event indicates that the Handler Initialize call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extraction.
### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **hResult** HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess
This event indicates that the Coordinator Install call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the update campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure
This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** The ID of the campaigning being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
- **hResult** The HRESULT of the failure.
### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess
This event indicates that the Handler WaitForRebootUi call succeeded. The data collected with this event is used to help keep Windows secure and up to date.
The following fields are available:
- **CampaignID** ID of the campaign being run.
- **ClientID** ID of the client receiving the update.
- **CoordinatorVersion** Coordinator version of Direct to Update.
- **CV** Correlation vector.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXEnteringState
This event indicates that DTUNotificationUX has started processing a workflow state. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CoordinatorVersion** The coordinator version of Direct To Update.
- **CV** Correlation vector.
- **State** State of the workflow.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXEvaluationError
This event indicates that Applicability DLL failed on a test. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **FailedTest** The enumeration code of the test that failed.
- **HRESULT** An error (if any) that occurred.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXExitingState
This event indicates that DTUNotificationUX has stopped processing a workflow state. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **HRESULT** Error (if any) that occurred.
- **NextState** Next workflow state we will enter.
- **State** The state of the workflow.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXFinalAcceptDialogDisplayed
This event indicates that the Final Accept dialog has been shown. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **EnterpriseAttribution** If true, the user is told that the enterprise managed the reboot.
- **HRESULT** Error (if any) that occurred.
- **UserResponse** The enumeration code indicating the user response to a dialog.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXFirstAcceptDialogDisplayed
This event indicates that the First Accept dialog has been shown. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
- **EnterpriseAttribution** If true, the user is told that the enterprise managed the reboot.
- **HRESULT** Error (if any) that occurred.
- **UserResponse** Enumeration code indicating the user response to a dialog.
### Microsoft.Windows.DirectToUpdate.DTUNotificationUXLaunch
This event indicates that DTUNotificationUX has launched. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **CampaignID** The ID of the campaign being run.
- **ClientID** The ID of the client being run.
- **CommandLine** Command line passed to DTUNotificationUX.
- **CoordinatorVersion** Coordinator version of DTU.
- **CV** Correlation vector.
## DISM events
### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU
@ -3727,6 +4199,35 @@ The following fields are available:
- **devinv** The file version of the Device inventory component.
### Microsoft.Windows.Inventory.Core.FileSigningInfoAdd
This event enumerates the signatures of files, either driver packages or application executables. For driver packages, this data is collected on demand via Telecommand to limit it only to unrecognized driver packages, saving time for the client and space on the server. For applications, this data is collected for up to 10 random executables on a system. The data collected with this event is used to keep Windows performing properly.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **CatalogSigners** Signers from catalog. Each signer starts with Chain.
- **DigestAlgorithm** The pseudonymizing (hashing) algorithm used when the file or package was signed.
- **DriverPackageStrongName** Optional. Available only if FileSigningInfo is collected on a driver package.
- **EmbeddedSigners** Embedded signers. Each signer starts with Chain.
- **FileName** The file name of the file whose signatures are listed.
- **FileType** Either exe or sys, depending on if a driver package or application executable.
- **InventoryVersion** The version of the inventory file generating the events.
- **Thumbprint** Comma separated hash of the leaf node of each signer. Semicolon is used to separate CatalogSigners from EmbeddedSigners. There will always be a trailing comma.
### Microsoft.Windows.Inventory.Core.FileSigningInfoStartSync
The FileSigningInfoStartSync event indicates that a new set of FileSigningInfoAdd events will be sent.
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
The following fields are available:
- **InventoryVersion** The version of the inventory binary generating the events.
### Microsoft.Windows.Inventory.Core.InventoryAcpiPhatHealthRecordAdd
This event sends basic metadata about ACPI PHAT Health Record structure on the machine. The data collected with this event is used to help keep Windows up to date.
@ -4215,12 +4716,6 @@ This event sends details collected for a specific application on the source devi
### Microsoft.Windows.Inventory.General.AppHealthStaticStartSync
This event indicates the beginning of a series of AppHealthStaticAdd events. The data collected with this event is used to keep Windows performing properly.
### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd
This event provides basic information about active memory slots on the device.
@ -4571,12 +5066,12 @@ The following fields are available:
- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'.
- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'.
- **appPingEventDoneBeforeOOBEComplete** Indicates whether the install or update was completed before Windows Out of the Box Experience ends. 1 means event completed before OOBE finishes; 0 means event was not completed before OOBE finishes; -1 means the field does not apply.
- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. E.g. Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z
- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) E.g. HIT from proxy.domain.tld, MISS from proxy.local
- **appPingEventDownloadMetricsCdnAzureRefOriginShield** Provides a unique reference string that identifies a request served by Azure Front Door. It's used to search access logs and is critical for troubleshooting. For example, Ref A: E172B39D19774147B0EFCC8E3E823D9D Ref B: BL2EDGE0215 Ref C: 2021-05-11T22:25:48Z.
- **appPingEventDownloadMetricsCdnCache** Corresponds to the result, whether the proxy has served the result from cache (HIT for yes, and MISS for no) For example, HIT from proxy.domain.tld, MISS from proxy.local.
- **appPingEventDownloadMetricsCdnCCC** ISO 2 character country code that matches to the country updated binaries are delivered from. E.g.: US.
- **appPingEventDownloadMetricsCdnCID** Numeric value used to internally track the origins of the updated binaries. For example, 2.
- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. E.g. Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z
- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. E.g. CP=\"CAO PSA OUR\"
- **appPingEventDownloadMetricsCdnMSEdgeRef** Used to help correlate client-to-AFD (Azure Front Door) conversations. For example, Ref A: E2476A9592DF426A934098C0C2EAD3AB Ref B: DM2EDGE0307 Ref C: 2022-01-13T22:08:31Z.
- **appPingEventDownloadMetricsCdnP3P** Electronic privacy statement: CAO = collects contact-and-other, PSA = for pseudo-analysis, OUR = data received by us only. Helps identify the existence of transparent intermediaries (proxies) that can create noise in legitimate error detection. For example, CP=\"CAO PSA OUR\".
- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'.
- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''.
- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'.
@ -8737,6 +9232,16 @@ The following fields are available:
- **ResultId** The final result of the interaction campaign.
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSDownloadAndExtractCabResult
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) attempted DownloadAndExtractCab.
The following fields are available:
- **failureReason** The failure reason returned by DownloadAndExtractCab.
- **hrResult** Error encountered (if any) during download and extract CAB step.
### Microsoft.Windows.WindowsUpdate.RUXIM.ICSEvaluateInteractionCampaign
This event is generated when the RUXIM Interaction Campaign Scheduler (RUXIMICS.EXE) finishes processing an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@ -8784,6 +9289,27 @@ This event is sent when RUXIM begins checking with OneSettings to retrieve any U
### Microsoft.Windows.WindowsUpdate.RUXIM.IHBeginPresentation
This event is generated when RUXIM is about to present an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **InteractionCampaignID** GUID identifying interaction campaign being presented.
### Microsoft.Windows.WindowsUpdate.RUXIM.IHEndPresentation
This event is generated when Interaction Handler completes presenting an interaction campaign to the user. The data collected with this event is used to help keep Windows up to date and performing properly.
The following fields are available:
- **hrPresentation** Error, if any, occurring during the presentation.
- **InteractionCampaignID** GUID identifying the interaction campaign being presented.
- **ResultId** Result generated by the presentation.
- **WasCompleted** True if the interaction campaign is now considered complete.
### Microsoft.Windows.WindowsUpdate.RUXIM.IHEvaluateAndPresent
This event is generated when the RUXIM Interaction Handler finishes evaluating, and possibly presenting an interaction campaign. The data collected with this event is used to help keep Windows up to date and performing properly.
@ -9023,7 +9549,7 @@ The following fields are available:
- **TargetUserFreeSpace** The target user free space that was passed into the reserve manager to determine reserve sizing post upgrade.
- **UpdateScratchFinalUsedSpace** The used space in the scratch reserve.
- **UpdateScratchInitialUsedSpace** The utilization of the scratch reserve after initialization.
- **UpdateScratchReserveFinalSize** The utilization of the scratch reserve after initialization.
- **UpdateScratchReserveFinalSize** The final size of the scratch reserve.
- **UpdateScratchReserveInitialSize** The size of the scratch reserve after initialization.