Microsoft-Windows-MPS-SRV

277 events across 1 channel

Event	Title	Channel	Sample
101	StartServiceStart	Diagnostic	N
102	StartServiceStop	Diagnostic	N
103	StopServiceStart	Diagnostic	N
104	StopServiceStop	Diagnostic	N
105	Audit_InitializeStart	Diagnostic	N
106	Audit_InitializeStop	Diagnostic	N
107	Audit_ShutdownStart	Diagnostic	N
108	Audit_ShutdownStop	Diagnostic	N
113	AuthApps_InitializeStart	Diagnostic	N
114	AuthApps_InitializeStop	Diagnostic	N
115	AuthApps_ShutdownStart	Diagnostic	N
116	AuthApps_ShutdownStop	Diagnostic	N
117	Notify_InitializeStart	Diagnostic	N
118	Notify_InitializeStop	Diagnostic	N
119	Notify_ShutdownStart	Diagnostic	N
120	Notify_ShutdownStop	Diagnostic	N
121	DynPorts_InitializeStart	Diagnostic	N
122	DynPorts_InitializeStop	Diagnostic	N
123	DynPorts_ShutdownStart	Diagnostic	N
124	DynPorts_ShutdownStop	Diagnostic	N
125	ChangeSource_InitializeStart	Diagnostic	N
126	ChangeSource_InitializeStop	Diagnostic	N
127	ChangeSource_ShutdownStart	Diagnostic	N
128	ChangeSource_ShutdownStop	Diagnostic	N
129	Writer_InitializeStart	Diagnostic	N
130	Writer_InitializeStop	Diagnostic	N
131	Writer_ShutdownStart	Diagnostic	N
132	Writer_ShutdownStop	Diagnostic	N
133	Logger_InitializeStart	Diagnostic	N
134	Logger_InitializeStop	Diagnostic	N
135	Logger_ShutdownStart	Diagnostic	N
136	Logger_ShutdownStop	Diagnostic	N
137	DynDataNLA1stPhase_InitializeStart	Diagnostic	N
138	DynDataNLA1stPhase_InitializeStop	Diagnostic	N
139	DynDataNLA1stPhase_ShutdownStart	Diagnostic	N
140	DynDataNLA1stPhase_ShutdownStop	Diagnostic	N
141	ProfileMgr_InitializeStart	Diagnostic	N
142	ProfileMgr_InitializeStop	Diagnostic	N
143	ProfileMgr_ShutdownStart	Diagnostic	N
144	ProfileMgr_ShutdownStop	Diagnostic	N
145	Upcall2ndPhase_InitializeStart	Diagnostic	N
146	Upcall2ndPhase_InitializeStop	Diagnostic	N
147	Upcall2ndPhase_ShutdownStart	Diagnostic	N
148	Upcall2ndPhase_ShutdownStop	Diagnostic	N
149	RpcAPIs_InitializeStart	Diagnostic	N
150	RpcAPIs_InitializeStop	Diagnostic	N
151	RpcAPIs_ShutdownStart	Diagnostic	N
152	RpcAPIs_ShutdownStop	Diagnostic	N
153	ResrcIndicationAPIs_InitializeStart	Diagnostic	N
154	ResrcIndicationAPIs_InitializeStop	Diagnostic	N
155	ResrcIndicationAPIs_ShutdownStart	Diagnostic	N
156	ResrcIndicationAPIs_ShutdownStop	Diagnostic	N
157	GPMon_InitializeStart	Diagnostic	N
158	GPMon_InitializeStop	Diagnostic	N
159	GPMon_ShutdownStart	Diagnostic	N
160	GPMon_ShutdownStop	Diagnostic	N
161	DynDataNLA2ndPhase_InitializeStart	Diagnostic	N
162	DynDataNLA2ndPhase_InitializeStop	Diagnostic	N
163	DynDataNLA2ndPhase_ShutdownStart	Diagnostic	N
164	DynDataNLA2ndPhase_ShutdownStop	Diagnostic	N
165	ServiceSignalReadyStart	Diagnostic	N
166	ServiceSignalReadyStop	Diagnostic	N
167	Empty_ShutdownStart	Diagnostic	N
168	Empty_ShutdownStop	Diagnostic	N
169	Products_InitializeStart	Diagnostic	N
170	Products_InitializeStop	Diagnostic	N
171	Products_ShutdownStart	Diagnostic	N
172	Products_ShutdownStop	Diagnostic	N
173	HttpProxy_InitializeStart	Diagnostic	N
174	HttpProxy_InitializeStop	Diagnostic	N
175	HttpProxy_ShutdownStart	Diagnostic	N
176	HttpProxy_ShutdownStop	Diagnostic	N
177	AdhSitesSubnets_InitializeStart	Diagnostic	N
178	AdhSitesSubnets_InitializeStop	Diagnostic	N
179	AdhSitesSubnets_ShutdownStart	Diagnostic	N
180	AdhSitesSubnets_ShutdownStop	Diagnostic	N
181	Moneis_InitializeStart	Diagnostic	N
182	Moneis_InitializeStop	Diagnostic	N
183	Moneis_ShutdownStart	Diagnostic	N
184	Moneis_ShutdownStop	Diagnostic	N
185	MoneisRegistrationApiPhase2_InitializeStart	Diagnostic	N
186	MoneisRegistrationApiPhase2_InitializeStop	Diagnostic	N
187	MoneisRegistrationApiPhase2_ShutdownStart	Diagnostic	N
188	MoneisRegistrationApiPhase2_ShutdownStop	Diagnostic	N
189	DynDataNLA0thPhase_InitializeStart	Diagnostic	N
190	DynDataNLA0thPhase_InitializeStop	Diagnostic	N
191	DynDataNLA0thPhase_ShutdownStart	Diagnostic	N
192	DynDataNLA0thPhase_ShutdownStop	Diagnostic	N
193	CallbacksFromBfe_InitializeStart	Diagnostic	N
194	CallbacksFromBfe_InitializeStop	Diagnostic	N
195	CallbacksFromBfe_ShutdownStart	Diagnostic	N
196	CallbacksFromBfe_ShutdownStop	Diagnostic	N
200	MPS_SVC_API_RestoreDefaultsStart	Diagnostic	N
201	MPS_SVC_API_RestoreDefaultsStop	Diagnostic	N
202	MPS_SVC_API_EnumFirewallRulesStart	Diagnostic	N
203	MPS_SVC_API_EnumFirewallRulesStop	Diagnostic	N
204	MPS_SVC_API_DeleteFirewallRuleStart	Diagnostic	N
205	MPS_SVC_API_DeleteFirewallRuleStop	Diagnostic	N
206	MPS_SVC_API_DeleteAllFirewallRulesStart	Diagnostic	N
207	MPS_SVC_API_DeleteAllFirewallRulesStop	Diagnostic	N
208	MPS_SVC_API_AddFirewallRuleStart	Diagnostic	N
209	MPS_SVC_API_AddFirewallRuleStop	Diagnostic	N
210	MPS_SVC_API_SetFirewallRuleStart	Diagnostic	N
211	MPS_SVC_API_SetFirewallRuleStop	Diagnostic	N
212	MPS_SVC_API_GetConfigStart	Diagnostic	N
213	MPS_SVC_API_GetConfigStop	Diagnostic	N
214	MPS_SVC_API_SetConfigStart	Diagnostic	N
215	MPS_SVC_API_SetConfigStop	Diagnostic	N
216	MPS_SVC_API_GetGlobalConfigStart	Diagnostic	N
217	MPS_SVC_API_GetGlobalConfigStop	Diagnostic	N
218	MPS_SVC_API_SetGlobalConfigStart	Diagnostic	N
219	MPS_SVC_API_SetGlobalConfigStop	Diagnostic	N
220	MPS_SVC_API_OpenPolicyStoreStart	Diagnostic	N
221	MPS_SVC_API_OpenPolicyStoreStop	Diagnostic	N
222	MPS_SVC_API_ClosePolicyStoreStart	Diagnostic	N
223	MPS_SVC_API_ClosePolicyStoreStop	Diagnostic	N
224	MPS_SVC_API_AddConnectionSecurityRuleStart	Diagnostic	N
225	MPS_SVC_API_AddConnectionSecurityRuleStop	Diagnostic	N
226	MPS_SVC_API_SetConnectionSecurityRuleStart	Diagnostic	N
227	MPS_SVC_API_SetConnectionSecurityRuleStop	Diagnostic	N
228	MPS_SVC_API_DeleteConnectionSecurityRuleStart	Diagnostic	N
229	MPS_SVC_API_DeleteConnectionSecurityRuleStop	Diagnostic	N
230	MPS_SVC_API_DeleteAllConnectionSecurityRulesStart	Diagnostic	N
231	MPS_SVC_API_DeleteAllConnectionSecurityRulesStop	Diagnostic	N
232	MPS_SVC_API_EnumConnectionSecurityRulesStart	Diagnostic	N
233	MPS_SVC_API_EnumConnectionSecurityRulesStop	Diagnostic	N
234	MPS_SVC_API_AddAuthenticationSetStart	Diagnostic	N
235	MPS_SVC_API_AddAuthenticationSetStop	Diagnostic	N
236	MPS_SVC_API_DeleteAuthenticationSetStart	Diagnostic	N
237	MPS_SVC_API_DeleteAuthenticationSetStop	Diagnostic	N
238	MPS_SVC_API_SetAuthenticationSetStart	Diagnostic	N
239	MPS_SVC_API_SetAuthenticationSetStop	Diagnostic	N
240	MPS_SVC_API_DeleteAllAuthenticationSetsStart	Diagnostic	N
241	MPS_SVC_API_DeleteAllAuthenticationSetsStop	Diagnostic	N
242	MPS_SVC_API_EnumAuthenticationSetsStart	Diagnostic	N
243	MPS_SVC_API_EnumAuthenticationSetsStop	Diagnostic	N
244	MPS_SVC_API_AddCryptoSetStart	Diagnostic	N
245	MPS_SVC_API_AddCryptoSetStop	Diagnostic	N
246	MPS_SVC_API_SetCryptoSetStart	Diagnostic	N
247	MPS_SVC_API_SetCryptoSetStop	Diagnostic	N
248	MPS_SVC_API_DeleteCryptoSetStart	Diagnostic	N
249	MPS_SVC_API_DeleteCryptoSetStop	Diagnostic	N
250	MPS_SVC_API_DeleteAllCryptoSetsStart	Diagnostic	N
251	MPS_SVC_API_DeleteAllCryptoSetsStop	Diagnostic	N
252	MPS_SVC_API_EnumCryptoSetsStart	Diagnostic	N
253	MPS_SVC_API_EnumCryptoSetsStop	Diagnostic	N
254	MPS_SVC_API_EnumPhase1SAsStart	Diagnostic	N
255	MPS_SVC_API_EnumPhase1SAsStop	Diagnostic	N
256	MPS_SVC_API_DeletePhase1SAsStart	Diagnostic	N
257	MPS_SVC_API_DeletePhase1SAsStop	Diagnostic	N
258	MPS_SVC_API_EnumPhase2SAsStart	Diagnostic	N
259	MPS_SVC_API_EnumPhase2SAsStop	Diagnostic	N
260	MPS_SVC_API_DeletePhase2SAsStart	Diagnostic	N
261	MPS_SVC_API_DeletePhase2SAsStop	Diagnostic	N
262	MPS_SVC_API_NotifyUnsupportedAttemptStart	Diagnostic	N
263	MPS_SVC_API_NotifyUnsupportedAttemptStop	Diagnostic	N
264	MPS_SVC_API_RegisterProductStart	Diagnostic	N
265	MPS_SVC_API_RegisterProductStop	Diagnostic	N
266	MPS_SVC_API_UnregisterProductStart	Diagnostic	N
267	MPS_SVC_API_UnregisterProductStop	Diagnostic	N
268	MPS_SVC_API_EnumProductsStart	Diagnostic	N
269	MPS_SVC_API_EnumProductsStop	Diagnostic	N
270	MPS_SVC_API_AddMainModeRuleStart	Diagnostic	N
271	MPS_SVC_API_AddMainModeRuleStop	Diagnostic	N
272	MPS_SVC_API_SetMainModeRuleStart	Diagnostic	N
273	MPS_SVC_API_SetMainModeRuleStop	Diagnostic	N
274	MPS_SVC_API_DeleteMainModeRuleStart	Diagnostic	N
275	MPS_SVC_API_DeleteMainModeRuleStop	Diagnostic	N
276	MPS_SVC_API_DeleteAllMainModeRulesStart	Diagnostic	N
277	MPS_SVC_API_DeleteAllMainModeRulesStop	Diagnostic	N
278	MPS_SVC_API_EnumMainModeRulesStart	Diagnostic	N
279	MPS_SVC_API_EnumMainModeRulesStop	Diagnostic	N
280	MPS_SVC_API_QueryFirewallRulesStart	Diagnostic	N
281	MPS_SVC_API_QueryFirewallRules	Diagnostic	Y
282	MPS_SVC_API_QueryConnectionSecurityRulesStart	Diagnostic	N
283	MPS_SVC_API_QueryConnectionSecurityRulesStop	Diagnostic	N
284	MPS_SVC_API_QueryMainModeRulesStart	Diagnostic	N
285	MPS_SVC_API_QueryMainModeRulesStop	Diagnostic	N
286	MPS_SVC_API_QueryAuthenticationSetsStart	Diagnostic	N
287	MPS_SVC_API_QueryAuthenticationSetsStop	Diagnostic	N
288	MPS_SVC_API_QueryCryptoSetsStart	Diagnostic	N
289	MPS_SVC_API_QueryCryptoSetsStop	Diagnostic	N
290	DynamicKeywordMgr_InitializeStart	Diagnostic	N
291	DynamicKeywordMgr_InitializeStop	Diagnostic	N
292	DynamicKeywordMgr_ShutdownStart	Diagnostic	N
293	DynamicKeywordMgr_ShutdownStop	Diagnostic	N
294	TenantRestrictions_InitializeStart	Diagnostic	N
295	TenantRestrictions_InitializeStop	Diagnostic	N
296	TenantRestrictions_ShutdownStart	Diagnostic	N
297	TenantRestrictions_ShutdownStop	Diagnostic	N
301	MPS_SVC_BFE_EngineOpenStart	Diagnostic	N
302	MPS_SVC_BFE_EngineOpenStop	Diagnostic	N
303	MPS_SVC_BFE_EngineCloseStart	Diagnostic	N
304	MPS_SVC_BFE_EngineCloseStop	Diagnostic	N
305	MPS_SVC_BFE_TransactionBeginStart	Diagnostic	N
306	MPS_SVC_BFE_TransactionBeginStop	Diagnostic	N
307	MPS_SVC_BFE_TransactionAbortStart	Diagnostic	N
308	MPS_SVC_BFE_TransactionAbortStop	Diagnostic	N
309	MPS_SVC_BFE_TransactionCommitStart	Diagnostic	N
310	MPS_SVC_BFE_TransactionCommitStop	Diagnostic	N
311	MPS_SVC_BFE_ProviderAddStart	Diagnostic	N
312	MPS_SVC_BFE_ProviderAddStop	Diagnostic	N
313	MPS_SVC_BFE_SublayerAddStart	Diagnostic	N
314	MPS_SVC_BFE_SublayerAddStop	Diagnostic	N
315	MPS_SVC_BFE_FilterAddStart	Diagnostic	N
316	MPS_SVC_BFE_FilterAddStop	Diagnostic	N
317	MPS_SVC_BFE_FilterDeleteByKeyStart	Diagnostic	N
318	MPS_SVC_BFE_FilterDeleteByKeyStop	Diagnostic	N
319	MPS_SVC_BFE_FilterDeleteByIdStart	Diagnostic	N
320	MPS_SVC_BFE_FilterDeleteByIdStop	Diagnostic	N
400	GPPolicyUpdateStart	Diagnostic	N
401	GPPolicyUpdateStop	Diagnostic	N
501	PlumberPolicyBeginStart	Diagnostic	N
502	PlumberPolicyCommitStop	Diagnostic	N
503	PlumberPolicyAbortStop	Diagnostic	N
504	MPS_SVC_API_AddDynamicKeywordAddressStop	Diagnostic	N
505	MPS_SVC_API_AddDynamicKeywordAddressStop505	Diagnostic	N
506	MPS_SVC_API_DeleteDynamicKeywordAddressStop	Diagnostic	N
507	MPS_SVC_API_DeleteDynamicKeywordAddressStop507	Diagnostic	N
508	MPS_SVC_API_EnumDynamicKeywordAddressesStop	Diagnostic	N
509	MPS_SVC_API_EnumDynamicKeywordAddressesStop509	Diagnostic	N
510	MPS_CLNT_API_FreeDynamicKeywordAddressesStop	Diagnostic	N
511	MPS_CLNT_API_FreeDynamicKeywordAddressesStop511	Diagnostic	N
512	MPS_SVC_API_UpdateDynamicKeywordAddressStop	Diagnostic	N
513	MPS_SVC_API_UpdateDynamicKeywordAddressStop513	Diagnostic	N
514	MPS_SVC_API_GetRulePlumbStatusFromRuleIDStop	Diagnostic	N
515	MPS_SVC_API_GetRulePlumbStatusFromRuleIDStop515	Diagnostic	N
516	HyperVMgr_InitializeStart	Diagnostic	N
517	HyperVMgr_InitializeStop	Diagnostic	N
518	HyperVMgr_ShutdownStart	Diagnostic	N
519	HyperVMgr_ShutdownStop	Diagnostic	N
520	MPS_SVC_API_CreateHyperVPort0Start	Diagnostic	N
521	MPS_SVC_API_CreateHyperVPort0Stop	Diagnostic	N
522	MPS_SVC_API_SetHyperVPort0Start	Diagnostic	N
523	MPS_SVC_API_SetHyperVPort0Stop	Diagnostic	N
524	MPS_SVC_API_DeleteHyperVPort0Start	Diagnostic	N
525	MPS_SVC_API_DeleteHyperVPort0Stop	Diagnostic	N
526	MPS_SVC_API_EnumHyperVPorts0Start	Diagnostic	N
527	MPS_SVC_API_EnumHyperVPorts0Stop	Diagnostic	N
528	MPS_SVC_API_GetHyperVVMConfig0Start	Diagnostic	N
529	MPS_SVC_API_GetHyperVVMConfig0Stop	Diagnostic	N
530	MPS_SVC_API_SetHyperVVMConfig0Start	Diagnostic	N
531	MPS_SVC_API_SetHyperVVMConfig0Stop	Diagnostic	N
532	MPS_SVC_API_AddHyperVRule0Start	Diagnostic	N
533	MPS_SVC_API_AddHyperVRule0Stop	Diagnostic	N
534	MPS_SVC_API_SetHyperVRule0Start	Diagnostic	N
535	MPS_SVC_API_SetHyperVRule0Stop	Diagnostic	N
536	MPS_SVC_API_DeleteHyperVRule0Start	Diagnostic	N
537	MPS_SVC_API_DeleteHyperVRule0Stop	Diagnostic	N
538	MPS_SVC_API_EnumHyperVRules0Start	Diagnostic	N
539	MPS_SVC_API_EnumHyperVRules0Stop	Diagnostic	N
540	MPS_SVC_API_RegisterHyperVVMCreator0Start	Diagnostic	N
541	MPS_SVC_API_RegisterHyperVVMCreator0Stop	Diagnostic	N
542	MPS_SVC_API_UnregisterHyperVVMCreator0Start	Diagnostic	N
543	MPS_SVC_API_UnregisterHyperVVMCreator0Stop	Diagnostic	N
544	MPS_SVC_API_EnumHyperVVMCreators0Start	Diagnostic	N
545	MPS_SVC_API_EnumHyperVVMCreators0Stop	Diagnostic	N
546	MPS_SVC_API_GetHyperVProfileConfig0Start	Diagnostic	N
547	MPS_SVC_API_GetHyperVProfileConfig0Stop	Diagnostic	N
548	MPS_SVC_API_SetHyperVProfileConfig0Start	Diagnostic	N
549	MPS_SVC_API_SetHyperVProfileConfig0Stop	Diagnostic	N
550	MPS_SVC_API_CreateHyperVPort1Start	Diagnostic	N
551	MPS_SVC_API_CreateHyperVPort1Stop	Diagnostic	N
552	MPS_SVC_API_SetHyperVPort1Start	Diagnostic	N
553	MPS_SVC_API_SetHyperVPort1Stop	Diagnostic	N
554	MPS_SVC_API_EnumHyperVPorts1Start	Diagnostic	N
555	MPS_SVC_API_EnumHyperVPorts1Stop	Diagnostic	N
556	MPS_SVC_API_AddHyperVRule1Start	Diagnostic	N
557	MPS_SVC_API_AddHyperVRule1Stop	Diagnostic	N
558	MPS_SVC_API_SetHyperVRule1Start	Diagnostic	N
559	MPS_SVC_API_SetHyperVRule1Stop	Diagnostic	N
560	MPS_SVC_API_EnumHyperVRules1Start	Diagnostic	N
561	MPS_SVC_API_EnumHyperVRules1Stop	Diagnostic	N
562	HyperVMgrPhase0_InitializeStart	Diagnostic	N
563	HyperVMgrPhase0_InitializeStop	Diagnostic	N
564	HyperVMgrPhase0_ShutdownStart	Diagnostic	N
565	HyperVMgrPhase0_ShutdownStop	Diagnostic	N

Event ID 101: StartServiceStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: StartService
Opcode: Start

Event ID 102: StartServiceStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: StartService
Opcode: Stop

Event ID 103: StopServiceStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: StopService
Opcode: Start

Event ID 104: StopServiceStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: StopService
Opcode: Stop

Event ID 105: Audit_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Audit_Initialize
Opcode: Start

Event ID 106: Audit_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Audit_Initialize
Opcode: Stop

Event ID 107: Audit_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Audit_Shutdown
Opcode: Start

Event ID 108: Audit_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Audit_Shutdown
Opcode: Stop

Event ID 113: AuthApps_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AuthApps_Initialize
Opcode: Start

Event ID 114: AuthApps_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AuthApps_Initialize
Opcode: Stop

Event ID 115: AuthApps_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AuthApps_Shutdown
Opcode: Start

Event ID 116: AuthApps_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AuthApps_Shutdown
Opcode: Stop

Event ID 117: Notify_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Notify_Initialize
Opcode: Start

Event ID 118: Notify_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Notify_Initialize
Opcode: Stop

Event ID 119: Notify_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Notify_Shutdown
Opcode: Start

Event ID 120: Notify_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Notify_Shutdown
Opcode: Stop

Event ID 121: DynPorts_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynPorts_Initialize
Opcode: Start

Event ID 122: DynPorts_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynPorts_Initialize
Opcode: Stop

Event ID 123: DynPorts_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynPorts_Shutdown
Opcode: Start

Event ID 124: DynPorts_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynPorts_Shutdown
Opcode: Stop

Event ID 125: ChangeSource_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ChangeSource_Initialize
Opcode: Start

Event ID 126: ChangeSource_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ChangeSource_Initialize
Opcode: Stop

Event ID 127: ChangeSource_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ChangeSource_Shutdown
Opcode: Start

Event ID 128: ChangeSource_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ChangeSource_Shutdown
Opcode: Stop

Event ID 129: Writer_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Writer_Initialize
Opcode: Start

Event ID 130: Writer_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Writer_Initialize
Opcode: Stop

Event ID 131: Writer_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Writer_Shutdown
Opcode: Start

Event ID 132: Writer_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Writer_Shutdown
Opcode: Stop

Event ID 133: Logger_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Logger_Initialize
Opcode: Start

Event ID 134: Logger_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Logger_Initialize
Opcode: Stop

Event ID 135: Logger_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Logger_Shutdown
Opcode: Start

Event ID 136: Logger_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Logger_Shutdown
Opcode: Stop

Event ID 137: DynDataNLA1stPhase_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA1stPhase_Initialize
Opcode: Start

Event ID 138: DynDataNLA1stPhase_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA1stPhase_Initialize
Opcode: Stop

Event ID 139: DynDataNLA1stPhase_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA1stPhase_Shutdown
Opcode: Start

Event ID 140: DynDataNLA1stPhase_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA1stPhase_Shutdown
Opcode: Stop

Event ID 141: ProfileMgr_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ProfileMgr_Initialize
Opcode: Start

Event ID 142: ProfileMgr_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ProfileMgr_Initialize
Opcode: Stop

Event ID 143: ProfileMgr_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ProfileMgr_Shutdown
Opcode: Start

Event ID 144: ProfileMgr_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ProfileMgr_Shutdown
Opcode: Stop

Event ID 145: Upcall2ndPhase_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Upcall2ndPhase_Initialize
Opcode: Start

Event ID 146: Upcall2ndPhase_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Upcall2ndPhase_Initialize
Opcode: Stop

Event ID 147: Upcall2ndPhase_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Upcall2ndPhase_Shutdown
Opcode: Start

Event ID 148: Upcall2ndPhase_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Upcall2ndPhase_Shutdown
Opcode: Stop

Event ID 149: RpcAPIs_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: RpcAPIs_Initialize
Opcode: Start

Event ID 150: RpcAPIs_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: RpcAPIs_Initialize
Opcode: Stop

Event ID 151: RpcAPIs_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: RpcAPIs_Shutdown
Opcode: Start

Event ID 152: RpcAPIs_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: RpcAPIs_Shutdown
Opcode: Stop

Event ID 153: ResrcIndicationAPIs_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ResrcIndicationAPIs_Initialize
Opcode: Start

Event ID 154: ResrcIndicationAPIs_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ResrcIndicationAPIs_Initialize
Opcode: Stop

Event ID 155: ResrcIndicationAPIs_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ResrcIndicationAPIs_Shutdown
Opcode: Start

Event ID 156: ResrcIndicationAPIs_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ResrcIndicationAPIs_Shutdown
Opcode: Stop

Event ID 157: GPMon_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPMon_Initialize
Opcode: Start

Event ID 158: GPMon_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPMon_Initialize
Opcode: Stop

Event ID 159: GPMon_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPMon_Shutdown
Opcode: Start

Event ID 160: GPMon_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPMon_Shutdown
Opcode: Stop

Event ID 161: DynDataNLA2ndPhase_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA2ndPhase_Initialize
Opcode: Start

Event ID 162: DynDataNLA2ndPhase_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA2ndPhase_Initialize
Opcode: Stop

Event ID 163: DynDataNLA2ndPhase_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA2ndPhase_Shutdown
Opcode: Start

Event ID 164: DynDataNLA2ndPhase_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA2ndPhase_Shutdown
Opcode: Stop

Event ID 165: ServiceSignalReadyStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ServiceSignalReady
Opcode: Start

Event ID 166: ServiceSignalReadyStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: ServiceSignalReady
Opcode: Stop

Event ID 167: Empty_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Empty_Shutdown
Opcode: Start

Event ID 168: Empty_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Empty_Shutdown
Opcode: Stop

Event ID 169: Products_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Products_Initialize
Opcode: Start

Event ID 170: Products_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Products_Initialize
Opcode: Stop

Event ID 171: Products_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Products_Shutdown
Opcode: Start

Event ID 172: Products_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Products_Shutdown
Opcode: Stop

Event ID 173: HttpProxy_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HttpProxy_Initialize
Opcode: Start

Event ID 174: HttpProxy_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HttpProxy_Initialize
Opcode: Stop

Event ID 175: HttpProxy_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HttpProxy_Shutdown
Opcode: Start

Event ID 176: HttpProxy_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HttpProxy_Shutdown
Opcode: Stop

Event ID 177: AdhSitesSubnets_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AdhSitesSubnets_Initialize
Opcode: Start

Event ID 178: AdhSitesSubnets_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AdhSitesSubnets_Initialize
Opcode: Stop

Event ID 179: AdhSitesSubnets_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AdhSitesSubnets_Shutdown
Opcode: Start

Event ID 180: AdhSitesSubnets_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: AdhSitesSubnets_Shutdown
Opcode: Stop

Event ID 181: Moneis_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Moneis_Initialize
Opcode: Start

Event ID 182: Moneis_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Moneis_Initialize
Opcode: Stop

Event ID 183: Moneis_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Moneis_Shutdown
Opcode: Start

Event ID 184: Moneis_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: Moneis_Shutdown
Opcode: Stop

Event ID 185: MoneisRegistrationApiPhase2_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MoneisRegistrationApiPhase2_Initialize
Opcode: Start

Event ID 186: MoneisRegistrationApiPhase2_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MoneisRegistrationApiPhase2_Initialize
Opcode: Stop

Event ID 187: MoneisRegistrationApiPhase2_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MoneisRegistrationApiPhase2_Shutdown
Opcode: Start

Event ID 188: MoneisRegistrationApiPhase2_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MoneisRegistrationApiPhase2_Shutdown
Opcode: Stop

Event ID 189: DynDataNLA0thPhase_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA0thPhase_Initialize
Opcode: Start

Event ID 190: DynDataNLA0thPhase_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA0thPhase_Initialize
Opcode: Stop

Event ID 191: DynDataNLA0thPhase_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA0thPhase_Shutdown
Opcode: Start

Event ID 192: DynDataNLA0thPhase_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynDataNLA0thPhase_Shutdown
Opcode: Stop

Event ID 193: CallbacksFromBfe_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: CallbacksFromBfe_Initialize
Opcode: Start

Event ID 194: CallbacksFromBfe_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: CallbacksFromBfe_Initialize
Opcode: Stop

Event ID 195: CallbacksFromBfe_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: CallbacksFromBfe_Shutdown
Opcode: Start

Event ID 196: CallbacksFromBfe_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: CallbacksFromBfe_Shutdown
Opcode: Stop

Event ID 200: MPS_SVC_API_RestoreDefaultsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RestoreDefaults
Opcode: Start

Event ID 201: MPS_SVC_API_RestoreDefaultsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RestoreDefaults
Opcode: Stop

Event ID 202: MPS_SVC_API_EnumFirewallRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumFirewallRules
Opcode: Start

Event ID 203: MPS_SVC_API_EnumFirewallRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumFirewallRules
Opcode: Stop

Event ID 204: MPS_SVC_API_DeleteFirewallRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteFirewallRule
Opcode: Start

Event ID 205: MPS_SVC_API_DeleteFirewallRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteFirewallRule
Opcode: Stop

Event ID 206: MPS_SVC_API_DeleteAllFirewallRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllFirewallRules
Opcode: Start

Event ID 207: MPS_SVC_API_DeleteAllFirewallRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllFirewallRules
Opcode: Stop

Event ID 208: MPS_SVC_API_AddFirewallRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddFirewallRule
Opcode: Start

Event ID 209: MPS_SVC_API_AddFirewallRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddFirewallRule
Opcode: Stop

Event ID 210: MPS_SVC_API_SetFirewallRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetFirewallRule
Opcode: Start

Event ID 211: MPS_SVC_API_SetFirewallRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetFirewallRule
Opcode: Stop

Event ID 212: MPS_SVC_API_GetConfigStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetConfig
Opcode: Start

Event ID 213: MPS_SVC_API_GetConfigStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetConfig
Opcode: Stop

Event ID 214: MPS_SVC_API_SetConfigStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetConfig
Opcode: Start

Event ID 215: MPS_SVC_API_SetConfigStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetConfig
Opcode: Stop

Event ID 216: MPS_SVC_API_GetGlobalConfigStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetGlobalConfig
Opcode: Start

Event ID 217: MPS_SVC_API_GetGlobalConfigStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetGlobalConfig
Opcode: Stop

Event ID 218: MPS_SVC_API_SetGlobalConfigStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetGlobalConfig
Opcode: Start

Event ID 219: MPS_SVC_API_SetGlobalConfigStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetGlobalConfig
Opcode: Stop

Event ID 220: MPS_SVC_API_OpenPolicyStoreStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_OpenPolicyStore
Opcode: Start

Event ID 221: MPS_SVC_API_OpenPolicyStoreStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_OpenPolicyStore
Opcode: Stop

Event ID 222: MPS_SVC_API_ClosePolicyStoreStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_ClosePolicyStore
Opcode: Start

Event ID 223: MPS_SVC_API_ClosePolicyStoreStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_ClosePolicyStore
Opcode: Stop

Event ID 224: MPS_SVC_API_AddConnectionSecurityRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddConnectionSecurityRule
Opcode: Start

Event ID 225: MPS_SVC_API_AddConnectionSecurityRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddConnectionSecurityRule
Opcode: Stop

Event ID 226: MPS_SVC_API_SetConnectionSecurityRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetConnectionSecurityRule
Opcode: Start

Event ID 227: MPS_SVC_API_SetConnectionSecurityRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetConnectionSecurityRule
Opcode: Stop

Event ID 228: MPS_SVC_API_DeleteConnectionSecurityRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteConnectionSecurityRule
Opcode: Start

Event ID 229: MPS_SVC_API_DeleteConnectionSecurityRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteConnectionSecurityRule
Opcode: Stop

Event ID 230: MPS_SVC_API_DeleteAllConnectionSecurityRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllConnectionSecurityRules
Opcode: Start

Event ID 231: MPS_SVC_API_DeleteAllConnectionSecurityRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllConnectionSecurityRules
Opcode: Stop

Event ID 232: MPS_SVC_API_EnumConnectionSecurityRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumConnectionSecurityRules
Opcode: Start

Event ID 233: MPS_SVC_API_EnumConnectionSecurityRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumConnectionSecurityRules
Opcode: Stop

Event ID 234: MPS_SVC_API_AddAuthenticationSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddAuthenticationSet
Opcode: Start

Event ID 235: MPS_SVC_API_AddAuthenticationSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddAuthenticationSet
Opcode: Stop

Event ID 236: MPS_SVC_API_DeleteAuthenticationSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAuthenticationSet
Opcode: Start

Event ID 237: MPS_SVC_API_DeleteAuthenticationSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAuthenticationSet
Opcode: Stop

Event ID 238: MPS_SVC_API_SetAuthenticationSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetAuthenticationSet
Opcode: Start

Event ID 239: MPS_SVC_API_SetAuthenticationSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetAuthenticationSet
Opcode: Stop

Event ID 240: MPS_SVC_API_DeleteAllAuthenticationSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllAuthenticationSets
Opcode: Start

Event ID 241: MPS_SVC_API_DeleteAllAuthenticationSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllAuthenticationSets
Opcode: Stop

Event ID 242: MPS_SVC_API_EnumAuthenticationSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumAuthenticationSets
Opcode: Start

Event ID 243: MPS_SVC_API_EnumAuthenticationSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumAuthenticationSets
Opcode: Stop

Event ID 244: MPS_SVC_API_AddCryptoSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddCryptoSet
Opcode: Start

Event ID 245: MPS_SVC_API_AddCryptoSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddCryptoSet
Opcode: Stop

Event ID 246: MPS_SVC_API_SetCryptoSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetCryptoSet
Opcode: Start

Event ID 247: MPS_SVC_API_SetCryptoSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetCryptoSet
Opcode: Stop

Event ID 248: MPS_SVC_API_DeleteCryptoSetStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteCryptoSet
Opcode: Start

Event ID 249: MPS_SVC_API_DeleteCryptoSetStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteCryptoSet
Opcode: Stop

Event ID 250: MPS_SVC_API_DeleteAllCryptoSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllCryptoSets
Opcode: Start

Event ID 251: MPS_SVC_API_DeleteAllCryptoSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllCryptoSets
Opcode: Stop

Event ID 252: MPS_SVC_API_EnumCryptoSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumCryptoSets
Opcode: Start

Event ID 253: MPS_SVC_API_EnumCryptoSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumCryptoSets
Opcode: Stop

Event ID 254: MPS_SVC_API_EnumPhase1SAsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumPhase1SAs
Opcode: Start

Event ID 255: MPS_SVC_API_EnumPhase1SAsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumPhase1SAs
Opcode: Stop

Event ID 256: MPS_SVC_API_DeletePhase1SAsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeletePhase1SAs
Opcode: Start

Event ID 257: MPS_SVC_API_DeletePhase1SAsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeletePhase1SAs
Opcode: Stop

Event ID 258: MPS_SVC_API_EnumPhase2SAsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumPhase2SAs
Opcode: Start

Event ID 259: MPS_SVC_API_EnumPhase2SAsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumPhase2SAs
Opcode: Stop

Event ID 260: MPS_SVC_API_DeletePhase2SAsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeletePhase2SAs
Opcode: Start

Event ID 261: MPS_SVC_API_DeletePhase2SAsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeletePhase2SAs
Opcode: Stop

Event ID 262: MPS_SVC_API_NotifyUnsupportedAttemptStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_NotifyUnsupportedAttempt
Opcode: Start

Event ID 263: MPS_SVC_API_NotifyUnsupportedAttemptStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_NotifyUnsupportedAttempt
Opcode: Stop

Event ID 264: MPS_SVC_API_RegisterProductStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RegisterProduct
Opcode: Start

Event ID 265: MPS_SVC_API_RegisterProductStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RegisterProduct
Opcode: Stop

Event ID 266: MPS_SVC_API_UnregisterProductStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UnregisterProduct
Opcode: Start

Event ID 267: MPS_SVC_API_UnregisterProductStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UnregisterProduct
Opcode: Stop

Event ID 268: MPS_SVC_API_EnumProductsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumProducts
Opcode: Start

Event ID 269: MPS_SVC_API_EnumProductsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumProducts
Opcode: Stop

Event ID 270: MPS_SVC_API_AddMainModeRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddMainModeRule
Opcode: Start

Event ID 271: MPS_SVC_API_AddMainModeRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddMainModeRule
Opcode: Stop

Event ID 272: MPS_SVC_API_SetMainModeRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetMainModeRule
Opcode: Start

Event ID 273: MPS_SVC_API_SetMainModeRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetMainModeRule
Opcode: Stop

Event ID 274: MPS_SVC_API_DeleteMainModeRuleStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteMainModeRule
Opcode: Start

Event ID 275: MPS_SVC_API_DeleteMainModeRuleStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteMainModeRule
Opcode: Stop

Event ID 276: MPS_SVC_API_DeleteAllMainModeRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllMainModeRules
Opcode: Start

Event ID 277: MPS_SVC_API_DeleteAllMainModeRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteAllMainModeRules
Opcode: Stop

Event ID 278: MPS_SVC_API_EnumMainModeRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumMainModeRules
Opcode: Start

Event ID 279: MPS_SVC_API_EnumMainModeRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumMainModeRules
Opcode: Stop

Event ID 280: MPS_SVC_API_QueryFirewallRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryFirewallRules
Opcode: Start

Event ID 281: MPS_SVC_API_QueryFirewallRules

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Level: Informational
Task: MPS_SVC_API_QueryFirewallRules
Opcode: Stop

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-MPS-SRV",
    "guid": "{5444519F-2484-45A2-991E-953E4B54C8E0}",
    "event_source_name": "",
    "event_id": 281,
    "version": 0,
    "level": 4,
    "task": 279,
    "opcode": 2,
    "keywords": "0x0000000000010000",
    "time_created": "2026-06-02T05:58:43.577+00:00",
    "event_record_id": 0,
    "correlation": {},
    "execution": {
      "process_id": 1520,
      "thread_id": 13852
    },
    "channel": "ETW Trace",
    "computer": "DESKTOP-FF3N5XK",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {},
  "message": "MPS_SVC_API_QueryFirewallRules"
}

Event ID 282: MPS_SVC_API_QueryConnectionSecurityRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryConnectionSecurityRules
Opcode: Start

Event ID 283: MPS_SVC_API_QueryConnectionSecurityRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryConnectionSecurityRules
Opcode: Stop

Event ID 284: MPS_SVC_API_QueryMainModeRulesStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryMainModeRules
Opcode: Start

Event ID 285: MPS_SVC_API_QueryMainModeRulesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryMainModeRules
Opcode: Stop

Event ID 286: MPS_SVC_API_QueryAuthenticationSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryAuthenticationSets
Opcode: Start

Event ID 287: MPS_SVC_API_QueryAuthenticationSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryAuthenticationSets
Opcode: Stop

Event ID 288: MPS_SVC_API_QueryCryptoSetsStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryCryptoSets
Opcode: Start

Event ID 289: MPS_SVC_API_QueryCryptoSetsStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_QueryCryptoSets
Opcode: Stop

Event ID 290: DynamicKeywordMgr_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynamicKeywordMgr_Initialize
Opcode: Start

Event ID 291: DynamicKeywordMgr_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynamicKeywordMgr_Initialize
Opcode: Stop

Event ID 292: DynamicKeywordMgr_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynamicKeywordMgr_Shutdown
Opcode: Start

Event ID 293: DynamicKeywordMgr_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: DynamicKeywordMgr_Shutdown
Opcode: Stop

Event ID 294: TenantRestrictions_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: TenantRestrictions_Initialize
Opcode: Start

Event ID 295: TenantRestrictions_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: TenantRestrictions_Initialize
Opcode: Stop

Event ID 296: TenantRestrictions_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: TenantRestrictions_Shutdown
Opcode: Start

Event ID 297: TenantRestrictions_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: TenantRestrictions_Shutdown
Opcode: Stop

Event ID 301: MPS_SVC_BFE_EngineOpenStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_EngineOpen
Opcode: Start

Event ID 302: MPS_SVC_BFE_EngineOpenStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_EngineOpen
Opcode: Stop

Event ID 303: MPS_SVC_BFE_EngineCloseStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_EngineClose
Opcode: Start

Event ID 304: MPS_SVC_BFE_EngineCloseStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_EngineClose
Opcode: Stop

Event ID 305: MPS_SVC_BFE_TransactionBeginStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionBegin
Opcode: Start

Event ID 306: MPS_SVC_BFE_TransactionBeginStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionBegin
Opcode: Stop

Event ID 307: MPS_SVC_BFE_TransactionAbortStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionAbort
Opcode: Start

Event ID 308: MPS_SVC_BFE_TransactionAbortStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionAbort
Opcode: Stop

Event ID 309: MPS_SVC_BFE_TransactionCommitStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionCommit
Opcode: Start

Event ID 310: MPS_SVC_BFE_TransactionCommitStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_TransactionCommit
Opcode: Stop

Event ID 311: MPS_SVC_BFE_ProviderAddStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_ProviderAdd
Opcode: Start

Event ID 312: MPS_SVC_BFE_ProviderAddStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_ProviderAdd
Opcode: Stop

Event ID 313: MPS_SVC_BFE_SublayerAddStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_SublayerAdd
Opcode: Start

Event ID 314: MPS_SVC_BFE_SublayerAddStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_SublayerAdd
Opcode: Stop

Event ID 315: MPS_SVC_BFE_FilterAddStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterAdd
Opcode: Start

Event ID 316: MPS_SVC_BFE_FilterAddStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterAdd
Opcode: Stop

Event ID 317: MPS_SVC_BFE_FilterDeleteByKeyStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterDeleteByKey
Opcode: Start

Event ID 318: MPS_SVC_BFE_FilterDeleteByKeyStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterDeleteByKey
Opcode: Stop

Event ID 319: MPS_SVC_BFE_FilterDeleteByIdStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterDeleteById
Opcode: Start

Event ID 320: MPS_SVC_BFE_FilterDeleteByIdStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_BFE_FilterDeleteById
Opcode: Stop

Event ID 400: GPPolicyUpdateStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPPolicyUpdate
Opcode: Start

Event ID 401: GPPolicyUpdateStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: GPPolicyUpdate
Opcode: Stop

Event ID 501: PlumberPolicyBeginStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: PlumberPolicyBegin
Opcode: Start

Event ID 502: PlumberPolicyCommitStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: PlumberPolicyCommit
Opcode: Stop

Event ID 503: PlumberPolicyAbortStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: PlumberPolicyAbort
Opcode: Stop

Event ID 504: MPS_SVC_API_AddDynamicKeywordAddressStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddDynamicKeywordAddress
Opcode: Stop

Event ID 505: MPS_SVC_API_AddDynamicKeywordAddressStop505

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddDynamicKeywordAddress
Opcode: Stop

Event ID 506: MPS_SVC_API_DeleteDynamicKeywordAddressStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteDynamicKeywordAddress
Opcode: Stop

Event ID 507: MPS_SVC_API_DeleteDynamicKeywordAddressStop507

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteDynamicKeywordAddress
Opcode: Stop

Event ID 508: MPS_SVC_API_EnumDynamicKeywordAddressesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumDynamicKeywordAddresses
Opcode: Stop

Event ID 509: MPS_SVC_API_EnumDynamicKeywordAddressesStop509

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumDynamicKeywordAddresses
Opcode: Stop

Event ID 510: MPS_CLNT_API_FreeDynamicKeywordAddressesStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_CLNT_API_FreeDynamicKeywordAddresses
Opcode: Stop

Event ID 511: MPS_CLNT_API_FreeDynamicKeywordAddressesStop511

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_CLNT_API_FreeDynamicKeywordAddresses
Opcode: Stop

Event ID 512: MPS_SVC_API_UpdateDynamicKeywordAddressStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UpdateDynamicKeywordAddress
Opcode: Stop

Event ID 513: MPS_SVC_API_UpdateDynamicKeywordAddressStop513

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UpdateDynamicKeywordAddress
Opcode: Stop

Event ID 514: MPS_SVC_API_GetRulePlumbStatusFromRuleIDStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetRulePlumbStatusFromRuleID
Opcode: Stop

Event ID 515: MPS_SVC_API_GetRulePlumbStatusFromRuleIDStop515

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetRulePlumbStatusFromRuleID
Opcode: Stop

Event ID 516: HyperVMgr_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgr_Initialize
Opcode: Start

Event ID 517: HyperVMgr_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgr_Initialize
Opcode: Stop

Event ID 518: HyperVMgr_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgr_Shutdown
Opcode: Start

Event ID 519: HyperVMgr_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgr_Shutdown
Opcode: Stop

Event ID 520: MPS_SVC_API_CreateHyperVPort0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_CreateHyperVPort0
Opcode: Start

Event ID 521: MPS_SVC_API_CreateHyperVPort0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_CreateHyperVPort0
Opcode: Stop

Event ID 522: MPS_SVC_API_SetHyperVPort0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVPort0
Opcode: Start

Event ID 523: MPS_SVC_API_SetHyperVPort0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVPort0
Opcode: Stop

Event ID 524: MPS_SVC_API_DeleteHyperVPort0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteHyperVPort0
Opcode: Start

Event ID 525: MPS_SVC_API_DeleteHyperVPort0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteHyperVPort0
Opcode: Stop

Event ID 526: MPS_SVC_API_EnumHyperVPorts0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVPorts0
Opcode: Start

Event ID 527: MPS_SVC_API_EnumHyperVPorts0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVPorts0
Opcode: Stop

Event ID 528: MPS_SVC_API_GetHyperVVMConfig0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetHyperVVMConfig0
Opcode: Start

Event ID 529: MPS_SVC_API_GetHyperVVMConfig0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetHyperVVMConfig0
Opcode: Stop

Event ID 530: MPS_SVC_API_SetHyperVVMConfig0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVVMConfig0
Opcode: Start

Event ID 531: MPS_SVC_API_SetHyperVVMConfig0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVVMConfig0
Opcode: Stop

Event ID 532: MPS_SVC_API_AddHyperVRule0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddHyperVRule0
Opcode: Start

Event ID 533: MPS_SVC_API_AddHyperVRule0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddHyperVRule0
Opcode: Stop

Event ID 534: MPS_SVC_API_SetHyperVRule0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVRule0
Opcode: Start

Event ID 535: MPS_SVC_API_SetHyperVRule0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVRule0
Opcode: Stop

Event ID 536: MPS_SVC_API_DeleteHyperVRule0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteHyperVRule0
Opcode: Start

Event ID 537: MPS_SVC_API_DeleteHyperVRule0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_DeleteHyperVRule0
Opcode: Stop

Event ID 538: MPS_SVC_API_EnumHyperVRules0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVRules0
Opcode: Start

Event ID 539: MPS_SVC_API_EnumHyperVRules0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVRules0
Opcode: Stop

Event ID 540: MPS_SVC_API_RegisterHyperVVMCreator0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RegisterHyperVVMCreator0
Opcode: Start

Event ID 541: MPS_SVC_API_RegisterHyperVVMCreator0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_RegisterHyperVVMCreator0
Opcode: Stop

Event ID 542: MPS_SVC_API_UnregisterHyperVVMCreator0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UnregisterHyperVVMCreator0
Opcode: Start

Event ID 543: MPS_SVC_API_UnregisterHyperVVMCreator0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_UnregisterHyperVVMCreator0
Opcode: Stop

Event ID 544: MPS_SVC_API_EnumHyperVVMCreators0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVVMCreators0
Opcode: Start

Event ID 545: MPS_SVC_API_EnumHyperVVMCreators0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVVMCreators0
Opcode: Stop

Event ID 546: MPS_SVC_API_GetHyperVProfileConfig0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetHyperVProfileConfig0
Opcode: Start

Event ID 547: MPS_SVC_API_GetHyperVProfileConfig0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_GetHyperVProfileConfig0
Opcode: Stop

Event ID 548: MPS_SVC_API_SetHyperVProfileConfig0Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVProfileConfig0
Opcode: Start

Event ID 549: MPS_SVC_API_SetHyperVProfileConfig0Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVProfileConfig0
Opcode: Stop

Event ID 550: MPS_SVC_API_CreateHyperVPort1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_CreateHyperVPort1
Opcode: Start

Event ID 551: MPS_SVC_API_CreateHyperVPort1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_CreateHyperVPort1
Opcode: Stop

Event ID 552: MPS_SVC_API_SetHyperVPort1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVPort1
Opcode: Start

Event ID 553: MPS_SVC_API_SetHyperVPort1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVPort1
Opcode: Stop

Event ID 554: MPS_SVC_API_EnumHyperVPorts1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVPorts1
Opcode: Start

Event ID 555: MPS_SVC_API_EnumHyperVPorts1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVPorts1
Opcode: Stop

Event ID 556: MPS_SVC_API_AddHyperVRule1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddHyperVRule1
Opcode: Start

Event ID 557: MPS_SVC_API_AddHyperVRule1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_AddHyperVRule1
Opcode: Stop

Event ID 558: MPS_SVC_API_SetHyperVRule1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVRule1
Opcode: Start

Event ID 559: MPS_SVC_API_SetHyperVRule1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_SetHyperVRule1
Opcode: Stop

Event ID 560: MPS_SVC_API_EnumHyperVRules1Start

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVRules1
Opcode: Start

Event ID 561: MPS_SVC_API_EnumHyperVRules1Stop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: MPS_SVC_API_EnumHyperVRules1
Opcode: Stop

Event ID 562: HyperVMgrPhase0_InitializeStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgrPhase0_Initialize
Opcode: Start

Event ID 563: HyperVMgrPhase0_InitializeStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgrPhase0_Initialize
Opcode: Stop

Event ID 564: HyperVMgrPhase0_ShutdownStart

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgrPhase0_Shutdown
Opcode: Start

Event ID 565: HyperVMgrPhase0_ShutdownStop

Provider: Microsoft-Windows-MPS-SRV
Channel: Diagnostic
Task: HyperVMgrPhase0_Shutdown
Opcode: Stop

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID {5444519F-2484-45A2-991E-953E4B54C8E0}

Defined in mpssvc.dll, which carries the event manifest.

Observed on:

Win11-26200.6584, sample captured from a live trace, binary version 10.0.26100.4768, captured 2026-06-02
WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.3328, captured 2026-06-02
Win11-26200.6584, schema read from the registered manifest, binary version 10.0.26100.4768, captured 2026-06-02

`j` / `k`	Scroll down / up
`d` / `u`	Half-page down / up
`gg` / `G`	Top / bottom
`h` / `l`	History back / forward
`f`	Follow link (`Shift` = new tab)
`/`	Focus search
`?`	Toggle this help
`↑` / `↓`	Navigate search results
`Enter`	Open highlighted result
`Esc`	Close results / dialog

`type:`	`events` / `rules` / `providers`
`vendor:`	`sigma` / `elastic` / `splunk` / `kusto` / `chronicle` (vendor name alone also works: `sigma:`, `kql:`, `secops:`…)
`tactic:`	TA-id, slug, or name: `credential_access`, `TA0006`
`technique:`	technique or sub-technique ID: `T1003`, `T1003.001` (alias `tech:`)
`severity:`	`critical` / `high` / `medium` / `low` / `informational` (alias `sev:`)
`risk_score`	Numeric comparison on the Elastic risk score (0 to 100): `risk_score>50`, `risk_score<=20`, `risk_score=99` (alias `risk`; Elastic rules only)
`stages:`	Rules with exactly N pipeline stages
`correlation:`	`single_event` / `sequence` / `alternatives` / `alternatives_cross_log` / `all_required` / `correlated`
`with:`	Co-occurrence event-id; stacks (`with:4624 with:4769`) to require all, while a comma list in one occurrence (`with:4624,4769`) is an either-or group. Implies multi-event
`like:`	Structural neighbors of a rule slug (equivalents + subsumption stricter / broader): `like:comsvcs_lsass_memory_dump-splunk-sysmon`
`groupby:`	Entity-grouping substring match against `group_by_keys`: `groupby:user`, `groupby:host`
`uses:`	Rules whose predicate tree touches the field (any kind, any value): `uses:CommandLine`
`excludes:`	Rules with top-level `not()` clauses on the field (FP whitelists): `excludes:ParentImage`
`field:` / `value:`	Predicate search; narrows rule cards to those with a matching leaf and drives the indicator tier. Unquoted = substring, wildcards allowed (`value:mimikatz`)
`indicator:`	Shorthand for `field:F value:V`: `indicator:Image=*\powershell.exe`
`kind:`	Filter by predicate kind. Narrows rule cards to those carrying a matching predicate leaf (`vendor:elastic kind:cidr_match`) and drives the indicator tier: `contains` / `starts_with` / `ends_with` / `regex` / `cidr` / `eq` / `in` … (operator aliases `op:`/`match:`)
`has:` / `no:`	`sample`, `field`, `notes`, `refs`, `trace`, `thirdparty`, `rule`, `pattern`, `timewindow`, `threshold`, `newterms`, `sigma`/`elastic`/`splunk`/`kusto`/`chronicle`
`-op:val`	Exclude matches; works on most operators but not `type:`/`like:`/`has:`/`no:` (use `no:<flag>` to exclude a rule flag): `tactic:execution -vendor:splunk`. Standalone `-kind:`/`-field:`/`-value:` drop every rule carrying a matching predicate leaf (`type:rules -kind:is_null`)
`field:"…"` / `value:"…"`	Quoted value = anchored exact match (also allows spaces): `value:"net user"`
`a,b`	Comma = OR inside one operator (`vendor:sigma,elastic`, `severity:high,critical`); repeating a facet merges the same way. `field:`/`value:` never split (literal commas)
`vendors:` / `stage:`	Singular and plural spellings fold to the canonical operator and value: `tactics:` = `tactic:`, `type:event` = `type:events`, `correlation:sequences` = `correlation:sequence`, `has:thresholds` = `has:threshold`
`"quoted phrase"`	Exact-match a multi-word phrase (free text)