From 4bedcfb302ceabaf4a3496c0e8729d243eed83a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 6 Nov 2020 11:46:13 -0800
Subject: [PATCH] Update event-error-codes.md

---
 .../event-error-codes.md                      | 70 +++++++++----------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
index b9b993006e..a2b75300ee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md
@@ -1,7 +1,7 @@
 ---
 title: Review events and errors using Event Viewer
-description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender ATP service.
-keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender Advanced Threat Protection service, cannot start, broken, can't start
+description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Microsoft Defender for Endpoint service.
+keywords: troubleshoot, event viewer, log summary, failure code, failed, Microsoft Defender for Endpoint service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -28,7 +28,7 @@ ms.date: 05/21/2018
 
 - Event Viewer
 
-- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual devices.
 
@@ -58,39 +58,39 @@ For example, if devices are not appearing in the **Devices list**, you might nee
 </tr>
 <tr>
 <td>1</td>
-<td>Defender for Endpoint service started (Version <code>variable</code>).</td>
+<td>Microsoft Defender for Endpoint service started (Version <code>variable</code>).</td>
 <td>Occurs during system start up, shut down, and during onbboarding.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>2</td>
-<td>Defender for Endpoint service shutdown.</td>
+<td>Microsoft Defender for Endpoint service shutdown.</td>
 <td>Occurs when the device is shut down or offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>3</td>
-<td>Defender for Endpoint service failed to start. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to start. Failure code: <code>variable</code>.</td>
 <td>Service did not start.</td>
 <td>Review other messages to determine possible cause and troubleshooting steps.</td>
 </tr>
 <tr>
 <td>4</td>
-<td>Defender for Endpoint service contacted the server at <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service contacted the server at <code>variable</code>.</td>
 <td>Variable = URL of the Defender for Endpoint processing servers.<br>
 This URL will match that seen in the Firewall or network activity.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>5</td>
-<td>Defender for Endpoint service failed to connect to the server at <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to connect to the server at <code>variable</code>.</td>
 <td>Variable = URL of the Defender for Endpoint processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
 <td>Check the connection to the URL. See <a href="configure-proxy-internet.md" data-raw-source="[Configure proxy and Internet connectivity](configure-proxy-internet.md)">Configure proxy and Internet connectivity</a>.</td>
 </tr>
 <tr>
 <td>6</td>
-<td>Defender for Endpoint service is not onboarded and no onboarding parameters were found.</td>
+<td>Microsoft Defender for Endpoint service is not onboarded and no onboarding parameters were found.</td>
 <td>The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Onboarding must be run before starting the service.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -98,14 +98,14 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>7</td>
-<td>Defender for Endpoint service failed to read the onboarding parameters. Failure: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to read the onboarding parameters. Failure: <code>variable</code>.</td>
 <td>Variable = detailed error description. The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>8</td>
-<td>Defender for Endpoint service failed to clean its configuration. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to clean its configuration. Failure code: <code>variable</code>.</td>
 <td><b>During onboarding:</b> The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> <b>During offboarding:</b> The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
  </td>
 <td><b>Onboarding:</b> No action required. <br><br> <b>Offboarding:</b> Reboot the system.<br>
@@ -113,14 +113,14 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>9</td>
-<td>Defender for Endpoint service failed to change its start type. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to change its start type. Failure code: <code>variable</code>.</td>
 <td><b>During onboarding:</b> The device did not onboard correctly and will not be reporting to the portal. <br><br><b>During offboarding:</b> Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
 </tr>
 <tr>
 <td>10</td>
-<td>Defender for Endpoint service failed to persist the onboarding information. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to persist the onboarding information. Failure code: <code>variable</code>.</td>
 <td>The device did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.</td>
@@ -134,26 +134,26 @@ It may take several hours for the device to appear in the portal.</td>
 </tr>
 <tr>
 <td>12</td>
-<td>Defender for Endpoint failed to apply the default configuration.</td>
+<td>Microsoft Defender for Endpoint failed to apply the default configuration.</td>
 <td>Service was unable to apply the default configuration.</td>
 <td>This error should resolve after a short period of time.</td>
 </tr>
 <tr>
 <td>13</td>
-<td>Defender for Endpoint device ID calculated: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint device ID calculated: <code>variable</code>.</td>
 <td>Normal operating process.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>15</td>
-<td>Defender for Endpoint cannot start command channel with URL: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint cannot start command channel with URL: <code>variable</code>.</td>
 <td>Variable = URL of the Defender for Endpoint processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
 <td>Check the connection to the URL. See <a href="configure-proxy-internet.md" data-raw-source="[Configure proxy and Internet connectivity](configure-proxy-internet.md)">Configure proxy and Internet connectivity</a>.</td>
 </tr>
 <tr>
 <td>17</td>
-<td>Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. Failure code: <code>variable</code>.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy" data-raw-source="[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)">Ensure the diagnostic data service is enabled</a>.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -180,7 +180,7 @@ If this error persists after a system restart, ensure all Windows updates have f
 </tr>
 <tr>
 <td>25</td>
-<td>Defender for Endpoint service failed to reset health status in the registry. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to reset health status in the registry. Failure code: <code>variable</code>.</td>
 <td>The device did not onboard correctly.
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -188,7 +188,7 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>26</td>
-<td>Defender for Endpoint service failed to set the onboarding status in the registry. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to set the onboarding status in the registry. Failure code: <code>variable</code>.</td>
 <td>The device did not onboard correctly.<br>
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -196,7 +196,7 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>27</td>
-<td>Defender for Endpoint service failed to enable SENSE aware mode in Microsoft Defender Antivirus. Onboarding process failed. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to enable SENSE aware mode in Microsoft Defender Antivirus. Onboarding process failed. Failure code: <code>variable</code>.</td>
 <td>Normally, Microsoft Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Defender for Endpoint.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a>.<br>
@@ -218,7 +218,7 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>30</td>
-<td>Defender for Endpoint service failed to disable SENSE aware mode in Microsoft Defender Antivirus. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to disable SENSE aware mode in Microsoft Defender Antivirus. Failure code: <code>variable</code>.</td>
 <td>Normally, Microsoft Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Defender for Endpoint.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 devices](configure-endpoints.md)">Onboard Windows 10 devices</a><br>
@@ -226,26 +226,26 @@ Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
 <td>31</td>
-<td>Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. Failure code: <code>variable</code>.</td>
 <td>An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-the-diagnostic-data-service-is-enabled" data-raw-source="[Check for errors with the Windows telemetry service](troubleshoot-onboarding.md#ensure-the-diagnostic-data-service-is-enabled)">Check for errors with the Windows telemetry service</a>.</td>
 </tr>
 <tr>
 <td>32</td>
-<td>Defender for Endpoint service failed to request to stop itself after offboarding process. Failure code: %1</td>
+<td>Microsoft Defender for Endpoint service failed to request to stop itself after offboarding process. Failure code: %1</td>
 <td>An error occurred during offboarding.</td>
 <td>Reboot the device.</td>
 </tr>
 <tr>
 <td>33</td>
-<td>Defender for Endpoint service failed to persist SENSE GUID. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to persist SENSE GUID. Failure code: <code>variable</code>.</td>
 <td>A unique identifier is used to represent each device that is reporting to the portal.<br>
 If the identifier does not persist, the same device might appear twice in the portal.</td>
 <td>Check registry permissions on the device to ensure the service can update the registry.</td>
 </tr>
 <tr>
 <td>34</td>
-<td>Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: <code>variable</code>.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td><a href="troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy" data-raw-source="[Ensure the diagnostic data service is enabled](troubleshoot-onboarding.md#ensure-that-microsoft-defender-antivirus-is-not-disabled-by-a-policy)">Ensure the diagnostic data service is enabled</a>.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -253,56 +253,56 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tr>
 <tr>
 <td>35</td>
-<td>Defender for Endpoint service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: <code>variable</code>.</td>
 <td>An error occurred with the Windows telemetry service during offboarding. The offboarding process continues.
 </td>
 <td>Check for errors with the Windows diagnostic data service.</td>
 </tr>
 <tr>
 <td>36</td>
-<td>Defender for Endpoint Connected User Experiences and Telemetry service registration succeeded. Completion code: <code>variable</code>.</td>
+<td>Microsoft Defender for Endpoint Connected User Experiences and Telemetry service registration succeeded. Completion code: <code>variable</code>.</td>
 <td>Registering Defender for Endpoint with the Connected User Experiences and Telemetry service completed successfully.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>37</td>
-<td>Defender for Endpoint A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
+<td>Microsoft Defender for Endpoint A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
 <td>The device has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>38</td>
-<td>Network connection is identified as low. Defender for Endpoint will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>Network connection is identified as low. Microsoft Defender for Endpoint will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
 <td>The device is using a metered/paid network and will be contacting the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>39</td>
-<td>Network connection is identified as normal. Defender for Endpoint will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>Network connection is identified as normal. Microsoft Defender for Endpoint will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
 <td>The device is not using a metered/paid connection and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>40</td>
-<td>Battery state is identified as low. Defender for Endpoint will contact the server every %1 minutes. Battery state: %2.</td>
+<td>Battery state is identified as low. Microsoft Defender for Endpoint will contact the server every %1 minutes. Battery state: %2.</td>
 <td>The device has low battery level and will contact the server less frequently.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>41</td>
-<td>Battery state is identified as normal. Defender for Endpoint will contact the server every %1 minutes. Battery state: %2.</td>
+<td>Battery state is identified as normal. Microsoft Defender for Endpoint will contact the server every %1 minutes. Battery state: %2.</td>
 <td>The device doesn’t have low battery level and will contact the server as usual.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>42</td>
-<td>Defender for Endpoint WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4</td>
+<td>Microsoft Defender for Endpoint WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4</td>
 <td>Internal error. The service failed to start.</td>
 <td>If this error persists, contact Support.</td>
 </tr>
 <tr>
 <td>43</td>
-<td>Defender for Endpoint WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5</td>
+<td>Microsoft Defender for Endpoint WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5</td>
 <td>Internal error. The service failed to start.</td>
 <td>If this error persists, contact Support.</td>
 </tr>
@@ -340,7 +340,7 @@ See <a href="configure-endpoints.md" data-raw-source="[Onboard Windows 10 device
 </tbody>
 </table>
 
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-eventerrorcodes-belowfoldlink)
 
 ## Related topics
 - [Onboard Windows 10 devices](configure-endpoints.md)