deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
448d4609d53a824310a481b47d34ff4fe9263e4d
windows-itpro-docs/windows/security/threat-protection/auditing/event-1100.md
Paolo Matarazzo ff98d60ced bulk metadata updates
2022-12-16 11:11:00 -05:00

2.1 KiB
Raw Blame History

title, description, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date, ms.reviewer, manager, ms.author, ms.technology, ms.topic
title description ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority author ms.date ms.reviewer manager ms.author ms.technology ms.topic
1100(S) The event logging service has shut down. (Windows 10) Describes security event 1100(S) The event logging service has shut down. security windows-client deploy library none vinaypamnani-msft 09/07/2021 aaroncz vinpa itpro-security reference

1100(S): The event logging service has shut down.

Event 1100 illustration

Subcategory: Other Events

Event Description:

This event generates every time Windows Event Log service has shut down.

It also generates during normal system shutdown.

This event doesnt generate during emergency system reset.

Note

  For recommendations, see Security Monitoring Recommendations for this event.


Event XML:

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
 <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" /> 
 <EventID>1100</EventID> 
 <Version>0</Version> 
 <Level>4</Level> 
 <Task>103</Task> 
 <Opcode>0</Opcode> 
 <Keywords>0x4020000000000000</Keywords> 
 <TimeCreated SystemTime="2015-10-15T07:02:20.010585400Z" /> 
 <EventRecordID>1048124</EventRecordID> 
 <Correlation /> 
 <Execution ProcessID="820" ThreadID="964" /> 
 <Channel>Security</Channel> 
 <Computer>DC01.contoso.local</Computer> 
 <Security /> 
 </System>
- <UserData>
 <ServiceShutdown xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog" /> 
 </UserData>
 </Event>

Required Server Roles: None.

Minimum OS Version: Windows Server 2008, Windows Vista.

Event Versions: 0.

Security Monitoring Recommendations

For 1100(S): The event logging service has shut down.

  • With this event, you can track system shutdowns and restarts.

  • This event also can be a sign of malicious action when someone tried to shut down the Log Service to cover his or her activity.