Microsoft-Windows-ManagementTools-TaskManagerProvider
51 events across 3 channels
Event ID 1000: Provider load start: arg0.
#Event ID 1001: Provider load stop: arg0.
#Event ID 1002: Provider load error: arg0.
#Event ID 1003: Provider unload start: arg0.
#Event ID 1004: Provider unload stop: arg0.
#Event ID 1005: Provider unload error: arg0.
#Event ID 1100: Start SetIntervalSeconds method: arg0.
#Event ID 1101: Stop SetIntervalSeconds method: arg0.
#Event ID 1102: Error SetIntervalSeconds: arg1, arg0.
#Event ID 1105: Error force refresh data: arg1, arg0.
#Event ID 1106: Start Enumerate MSFT_MTTaskManager instances.
#Description
Start Enumerate MSFT_MTTaskManager instances.
Message #
Event ID 1107: Stop Enumerate MSFT_MTTaskManager instances.
#Description
Stop Enumerate MSFT_MTTaskManager instances.
Message #
Event ID 1108: Error Enumerate MSFT_MTTaskManager instances: arg1, arg0.
#Event ID 1109: Start Enumerate MSFT_MTProcess instances.
#Description
Start Enumerate MSFT_MTProcess instances.
Message #
Event ID 1110: Stop Enumerate MSFT_MTProcess instances.
#Description
Stop Enumerate MSFT_MTProcess instances.
Message #
Event ID 1111: Error Enumerate MSFT_MTProcess instances: arg1, arg0.
#Event ID 1112: Start Enumerate MSFT_MTProcessorSummary instances.
#Description
Start Enumerate MSFT_MTProcessorSummary instances.
Message #
Event ID 1113: Stop Enumerate MSFT_MTProcessorSummary instances.
#Description
Stop Enumerate MSFT_MTProcessorSummary instances.
Message #
Event ID 1114: Error Enumerate MSFT_MTProcessorSummary instances: arg1, arg0.
#Event ID 1115: Start Enumerate MSFT_MTLogicalProcessor instances.
#Description
Start Enumerate MSFT_MTLogicalProcessor instances.
Message #
Event ID 1116: Stop Enumerate MSFT_MTLogicalProcessor instances.
#Description
Stop Enumerate MSFT_MTLogicalProcessor instances.
Message #
Event ID 1117: Error Enumerate MSFT_MTLogicalProcessor instances: arg1, arg0.
#Event ID 1118: Start Enumerate MSFT_MTMemorySummary instances.
#Description
Start Enumerate MSFT_MTMemorySummary instances.
Message #
Event ID 1119: Stop Enumerate MSFT_MTMemorySummary instances.
#Description
Stop Enumerate MSFT_MTMemorySummary instances.
Message #
Event ID 1120: Error Enumerate MSFT_MTMemorySummary instances: arg1, arg0.
#Event ID 1121: Start Enumerate MSFT_MTDisk instances.
#Description
Start Enumerate MSFT_MTDisk instances.
Message #
Event ID 1122: Stop Enumerate MSFT_MTDisk instances.
#Description
Stop Enumerate MSFT_MTDisk instances.
Message #
Event ID 1123: Error Enumerate MSFT_MTDisk instances: arg1, arg0.
#Event ID 1124: Start Enumerate MSFT_MTNetworkAdapter instances.
#Description
Start Enumerate MSFT_MTNetworkAdapter instances.
Message #
Event ID 1125: Stop Enumerate MSFT_MTNetworkAdapter instances.
#Description
Stop Enumerate MSFT_MTNetworkAdapter instances.
Message #
Event ID 1126: Error Enumerate MSFT_MTNetworkAdapter instances: arg1, arg0.
#Event ID 1200: Error initialized data collection: arg1, arg0.
#Event ID 1201: Error collect data: arg1, arg0.
#Event ID 1202: Start initializing data collection.
#Description
Start initializing data collection.
Message #
Event ID 1203: Stop initializing data collection.
#Description
Stop initializing data collection.
Message #
Event ID 1204: Start collect data: arg0.
#Event ID 1205: Stop collect data: arg0.
#Event ID 1300: Start Delete Process instance: arg0.
#Event ID 1301: Stop Delete Process instance: arg0.
#Event ID 1302: Error Delete MSFT_MTProcess instance: arg1, arg0.
#Event ID 1303: Start creating process dump: arg0.
#Event ID 1304: Stop creating process dump: arg0.
#Event ID 1305: Error creating process dump: arg1, arg0.
#Event ID 1306: Start creating process: arg0.
#Event ID 1307: Stop creating process: arg0.
#Event ID 1308: Error creating process: arg1, arg0.
#Event ID 1309: No path or executable specified: arg0.
#Event ID 1400: Process update statistics: PID:PID, Index:Index, Duration:Duration, CycleDuration:CycleDuration, Total:Total, CyclesTotal:CyclesTotal, CpuCount:CpuCount, OldCpuTime:OldCpuTime, OldCycleTime:OldCycl...
#Description
Process update statistics: PID:PID, Index:Index, Duration:Duration, CycleDuration:CycleDuration, Total:Total, CyclesTotal:CyclesTotal, CpuCount:CpuCount, OldCpuTime:OldCpuTime, OldCycleTime:OldCycleTime, OldWorkingSet:OldWorkingSet, OldPageFaults:OldPageFaults, NewUserTime:NewUserTime, NewKernelTime:NewKernelTime, NewWorkingSet:NewWorkingSet, NewPageFaults:NewPageFaults, NewCycleTime:NewCycleTime.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | |
Index UInt16 | |
Duration UInt64 | |
CycleDuration UInt64 | |
Total Double | |
CyclesTotal Double | |
CpuCount Int16 | |
OldCpuTime UInt64 | |
OldCycleTime UInt64 | |
OldWorkingSet UInt64 | |
OldPageFaults UInt32 | |
NewUserTime Int64 | |
NewKernelTime Int64 | |
NewWorkingSet UInt64 | |
NewPageFaults UInt32 | |
NewCycleTime UInt64 |
Event ID 1401: Failed to open handle for process ID arg0.
#Provenance
Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.
ETW provider GUID ff562e6c-15d5-4727-a837-1bc1df33ed7d
Defined in mttmprov.dll, which carries the event manifest.
Observed on:
- WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.1, captured 2026-06-02