Search and explore common Windows Event IDs with descriptions and investigation notes
Showing 96 of 96 events
An account was successfully logged on
An account failed to log on
An account was logged off
User initiated logoff
A logon was attempted using explicit credentials
A handle to an object was requested
A registry value was modified
An operation was performed on an object
An attempt was made to access an object
Permissions on an object were changed
Special privileges assigned to new logon
A privileged service was called
An operation was attempted on a privileged object
A new process has been created
A process has exited
A service was installed in the system
A scheduled task was created
A scheduled task was deleted
A scheduled task was enabled
A scheduled task was disabled
A scheduled task was updated
A token right was adjusted
A user account was created
A user account was enabled
An attempt was made to change an account's password
An attempt was made to reset an account's password
A user account was disabled
A user account was deleted
A member was added to a security-enabled global group
A member was removed from a security-enabled global group
A member was added to a security-enabled local group
A member was removed from a security-enabled local group
A user account was locked out
A computer account was created
A computer account was changed
A computer account was deleted
A member was added to a security-enabled universal group
A member was removed from a security-enabled universal group
A Kerberos authentication ticket (TGT) was requested
A Kerberos service ticket was requested
Kerberos pre-authentication failed
The domain controller attempted to validate credentials (NTLM)
A user's local group membership was enumerated
A security-enabled local group membership was enumerated
The workstation was locked
The workstation was unlocked
A rule was added to the Windows Firewall exception list
A rule was modified in the Windows Firewall exception list
A rule was deleted from the Windows Firewall exception list
A Windows Firewall setting has changed
Windows Firewall has changed the active profile
The system has rebooted without cleanly shutting down first
Windows Error Reporting — fault bucket created
The process has initiated the shutdown or restart of the computer
The Event Log service was started
The Event Log service was stopped
The previous system shutdown was unexpected
Windows version information logged at boot
System uptime in seconds
Service start timeout — a dependent service failed to start
A service hung on starting
A service terminated with an error
A service terminated with a service-specific error
A boot-start or system-start driver failed to load
A service terminated unexpectedly
A service terminated unexpectedly (repeated)
A service was sent a start/stop control
A service entered the running or stopped state
Service startup type was changed
A new service was installed in the system
Application crashed — faulting application error
Windows Error Reporting — fault bucket for application crash
Application hang detected
Remote Desktop Services: Session logon succeeded
Remote Desktop Services: Shell start notification received
Remote Desktop Services: Session logoff succeeded
Remote Desktop Services: Session has been disconnected
Remote Desktop Services: Session reconnection succeeded
Remote Desktop Services: User authentication succeeded
Windows Defender has detected malware or other potentially unwanted software
Windows Defender has taken action to protect this machine from malware
Antimalware real-time protection scan started
Antimalware real-time protection scan finished
Real-time protection is disabled
Real-time protection configuration changed
Antimalware platform configuration changed
Task registered (created or updated)
Task registration failed
Task registration updated
Task registration deleted
Task action started
Task action completed
Group Policy settings for the user were processed successfully
No changes were detected to user Group Policy settings
Group Policy settings for the computer were processed successfully
No changes were detected to computer Group Policy settings