Microsoft-Windows-WindowsUpdateClient
69 events across 3 channels
Event ID 16: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the...
#Description
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Message #
Event ID 17: Installation Ready: The following updates are downloaded and ready for installation.
#Description
Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions: updatelist
Message #
Fields #
| Name | Description |
|---|---|
updatelist UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 17,
"version": 0,
"level": 4,
"task": 2,
"opcode": 12,
"keywords": 9223372036854775828,
"time_created": "2016-09-20T12:50:52.357570Z",
"event_record_id": 8223,
"correlation": {},
"execution": {
"process_id": 908,
"thread_id": 3440
},
"channel": "System",
"computer": "IE10Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"user_data": {
"updatelist": {
"#attributes": {
"xmlns:auto-ns3": "http://schemas.microsoft.com/win/2004/08/events",
"xmlns": "http://manifests.microsoft.com/win/2004/08/windows/eventlog"
},
"#text": "\n- Definition Update for Windows Defender - KB915597 (Definition 1.227.2715.0)"
}
}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 18: Installation Ready: The following updates are downloaded and ready for installation.
#Description
Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on schedinstalldate at schedinstalltime: updatelist.
Message #
Fields #
| Name | Description |
|---|---|
schedinstalldate UnicodeString | |
schedinstalltime UnicodeString | |
updatelist UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 18,
"version": 0,
"level": 4,
"task": 2,
"opcode": 12,
"keywords": 9223372036854775828,
"time_created": "2013-10-23T16:30:45.848500Z",
"event_record_id": 427,
"correlation": {},
"execution": {
"process_id": 916,
"thread_id": 1220
},
"channel": "System",
"computer": "IE8Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"schedinstalldate": "Thursday, October 24, 2013",
"schedinstalltime": "3:00 AM",
"updatelist": "\n- Security Update for Windows 7 (KB979309)"
}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 19: Installation Successful: Windows successfully installed the following update: updateTitle.
#Description
Installation Successful: Windows successfully installed the following update: updateTitle.
Message #
Fields #
| Name | Description |
|---|---|
updateTitle UnicodeString | |
updateGuid GUID | |
updateRevisionNumber UInt32 | |
serviceGuid GUID |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "{945A8954-C147-4ACD-923F-40C45405A658}",
"event_source_name": "",
"event_id": 19,
"version": 1,
"level": 4,
"task": 1,
"opcode": 13,
"keywords": -9223372036854775784,
"time_created": "2026-06-13T14:05:11.7053840+00:00",
"event_record_id": 2756,
"correlation": {},
"execution": {
"process_id": 2528,
"thread_id": 9412
},
"channel": "System",
"computer": "telemetry-W11-d.cell-d.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateTitle": "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.453.73.0) - Current Channel (Broad)",
"updateGuid": "{e41d15c2-c706-4faf-8383-9112bdcb9267}",
"updateRevisionNumber": "200",
"serviceGuid": "{9482f4b4-e343-43b6-b170-9a65bc822c77}"
},
"message": "Installation Successful: Windows successfully installed the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.453.73.0) - Current Channel (Broad)"
}
Event ID 20: Installation Failure: Windows failed to install the following update with error errorCode: updateTitle.
#Description
Installation Failure: Windows failed to install the following update with error errorCode: updateTitle.
Message #
Fields #
| Name | Description |
|---|---|
errorCode HexInt32 | |
updateTitle UnicodeString | |
updateGuid GUID | |
updateRevisionNumber UInt32 | |
serviceGuid GUID |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "{945A8954-C147-4ACD-923F-40C45405A658}",
"event_source_name": "",
"event_id": 20,
"version": 1,
"level": 2,
"task": 1,
"opcode": 13,
"keywords": -9223372036854775768,
"time_created": "2026-06-13T04:12:47.3062623+00:00",
"event_record_id": 1982,
"correlation": {
"ActivityID": "{F1D29B44-EF89-0001-11F9-D4F189EFDC01}"
},
"execution": {
"process_id": 9352,
"thread_id": 5272
},
"channel": "System",
"computer": "telemetry-W11-d.cell-d.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"errorCode": "0x80073d02",
"updateTitle": "9MSSGKG348SP-MicrosoftWindows.Client.WebExperience",
"updateGuid": "{6cfae217-28ff-4d71-9d9b-ebbc16a3041c}",
"updateRevisionNumber": "1",
"serviceGuid": "{855e8a7c-ecb4-4ca3-b045-1dfa50104289}"
},
"message": "Installation Failure: Windows failed to install the following update with error 0x80073D02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience."
}
Event ID 21: Restart Required: To complete the installation of the following updates, the computer must be restarted.
#Description
Restart Required: To complete the installation of the following updates, the computer must be restarted. Until this computer has been restarted, Windows cannot search for or download new updates: updatelist.
Message #
Fields #
| Name | Description |
|---|---|
updatelist UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 21,
"version": 0,
"level": 4,
"task": 2,
"opcode": 15,
"keywords": 9223372036854775872,
"time_created": "2013-10-23T17:27:37.645375Z",
"event_record_id": 832,
"correlation": {},
"execution": {
"process_id": 916,
"thread_id": 700
},
"channel": "System",
"computer": "IE8Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"user_data": {
"updatelist": {
"#attributes": {
"xmlns:auto-ns3": "http://schemas.microsoft.com/win/2004/08/events",
"xmlns": "http://manifests.microsoft.com/win/2004/08/windows/eventlog"
},
"#text": "\n- Update for Windows 7 (KB2502285)\n- Security Update for Windows 7 (KB2790113)\n- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2604114)\n- Update for Windows 7 (KB2779562)\n- Update for Windows 7 (KB2387530)\n- Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2756920)\n- Update for Windows 7 (KB2541014)\n- Update for Windows 7 (KB2533552)\n- Security Update for Windows 7 (KB2691442)\n- Security Update for Windows 7 (KB979688)\n- Update for Windows 7 (KB979538)\n- Security Update for Windows 7 (KB2511455)\n- Security Update for Windows 7 (KB2506212)\n- Security Update for Windows 7 (KB979309)\n- Update for Windows 7 (KB2748349)\n- Security Update for Windows 7 (KB2658846)\n- Update for Rights Management Services Client for Windows 7 (KB979099)\n- Update for Windows 7 (KB2640148)\n- Security Update for Windows 7 (KB2442962)\n- Security Update for Windows 7 (KB2281679)\n- Security Update for Windows 7 (KB2712808)\n- Update for Windows 7 (KB2467023)\n- Update f"
}
}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 22: Restart Required: To complete the installation of the following updates, the computer will be restarted within restarttime minutes: updatelist.
#Description
Restart Required: To complete the installation of the following updates, the computer will be restarted within restarttime minutes: updatelist.
Message #
Fields #
| Name | Description |
|---|---|
restarttime UnicodeString | |
updatelist UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 22,
"version": 0,
"level": 4,
"task": 2,
"opcode": 15,
"keywords": 9223372036854775872,
"time_created": "2016-08-20T16:04:47.930031Z",
"event_record_id": 6399,
"correlation": {},
"execution": {
"process_id": 876,
"thread_id": 1932
},
"channel": "System",
"computer": "IE10Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"restarttime": "15",
"updatelist": "\n- Security Update for Windows 7 (KB3042058)"
}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 23: Uninstallation Successful: Windows successfully uninstalled the following update: updateTitle.
#Event ID 24: Uninstallation Failure: Windows failed to uninstall the following update with error errorCode: updatelist.
#Event ID 25: Windows Update failed to check for updates with error errorCode.
#Description
Windows Update failed to check for updates with error errorCode.
Message #
Fields #
| Name | Description |
|---|---|
errorCode HexInt32 | |
serviceGuid GUID |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "{945A8954-C147-4ACD-923F-40C45405A658}",
"event_source_name": "",
"event_id": 25,
"version": 1,
"level": 2,
"task": 1,
"opcode": 11,
"keywords": 4611686018427387938,
"time_created": "2026-04-07T16:59:03.2662863+00:00",
"event_record_id": 419,
"correlation": {},
"execution": {
"process_id": 15900,
"thread_id": 16060
},
"channel": "Microsoft-Windows-WindowsUpdateClient/Operational",
"computer": "JD-WIN11-22H2-1.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"errorCode": "0x80240438",
"serviceGuid": "{9482f4b4-e343-43b6-b170-9a65bc822c77}"
},
"message": "Windows Update failed to check for updates with error 0x80240438."
}
Event ID 26: Windows Update successfully found updateCount updates.
#Description
Windows Update successfully found updateCount updates.
Message #
Fields #
| Name | Description |
|---|---|
updateCount UInt32 | |
serviceGuid GUID |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 26,
"version": 1,
"level": 4,
"task": 1,
"opcode": 11,
"keywords": 4611686018427387922,
"time_created": "2023-11-06T01:39:17.045430+00:00",
"event_record_id": 59,
"correlation": {},
"execution": {
"process_id": 18812,
"thread_id": 21064
},
"channel": "Microsoft-Windows-WindowsUpdateClient/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateCount": 2,
"serviceGuid": "855E8A7C-ECB4-4CA3-B045-1DFA50104289"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 27: Automatic Updates is now paused.
#Description
Automatic Updates is now paused.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 27,
"version": 0,
"level": 4,
"task": 1,
"opcode": 16,
"keywords": 9223372036854775936,
"time_created": "2013-10-23T17:27:37.707875Z",
"event_record_id": 833,
"correlation": {},
"execution": {
"process_id": 916,
"thread_id": 700
},
"channel": "System",
"computer": "IE8Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 28: Automatic Updates is now resumed.
#Description
Automatic Updates is now resumed.
Message #
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 28,
"version": 0,
"level": 4,
"task": 1,
"opcode": 16,
"keywords": 9223372036854775936,
"time_created": "2014-11-25T22:35:30.778875Z",
"event_record_id": 3655,
"correlation": {},
"execution": {
"process_id": 840,
"thread_id": 1460
},
"channel": "System",
"computer": "IE8Win7",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {}
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 29: Windows Update lost connectivity.
#Description
Windows Update lost connectivity.
Message #
Event ID 30: Windows Update established connectivity.
#Description
Windows Update established connectivity.
Message #
Event ID 31: Windows Update failed to download an update.
#Description
Windows Update failed to download an update.
Message #
Fields #
| Name | Description |
|---|---|
updateTitle UnicodeString | |
errorCode HexInt32 | |
updateGuid GUID | |
updateRevisionNumber UInt32 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 31,
"version": 1,
"level": 2,
"task": 1,
"opcode": 12,
"keywords": 4611686018427387940,
"time_created": "2022-04-07T08:33:16.220136+00:00",
"event_record_id": 14,
"correlation": {},
"execution": {
"process_id": 4864,
"thread_id": 3684
},
"channel": "Microsoft-Windows-WindowsUpdateClient/Operational",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateTitle": "2022-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5011558)",
"errorCode": "0xc1900401",
"updateGuid": "B5CA12E1-1491-494D-9A17-229D1C97ED05",
"updateRevisionNumber": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 32: Windows Update cannot connect to the server.
#Event ID 33: Windows Update was unable to connect to proxy server serverName because valid credentials (user name and password) were required, but were either not avail...
#Description
Windows Update was unable to connect to proxy server serverName because valid credentials (user name and password) were required, but were either not available or were incorrect. Please check your proxy credentials, and then try searching again for updates.
Message #
Fields #
| Name | Description |
|---|---|
serverName UnicodeString |
Event ID 34: The Windows Update Client Core component failed to install a self-update with error errorCode.
#Event ID 35: The Windows Update Client Auxillary component failed to install a self-update with error errorCode.
#Event ID 36: The Windows Update Client Core component was successfully updated from version version1 to version version2.
#Event ID 37: The Windows Update Client Auxillary was successfully updated from version version1 to version version2.
#Event ID 38: Windows Update received a service stop request.
#Description
Windows Update received a service stop request.
Message #
Event ID 39: Windows Update received a service shutdown request.
#Description
Windows Update received a service shutdown request.
Message #
Event ID 40: An update was detected.
#Event ID 41: An update was downloaded.
#Description
An update was downloaded.
Message #
Fields #
| Name | Description |
|---|---|
updateTitle UnicodeString | |
updateGuid GUID | |
updateRevisionNumber UInt32 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "945A8954-C147-4ACD-923F-40C45405A658",
"event_source_name": "",
"event_id": 41,
"version": 1,
"level": 4,
"task": 1,
"opcode": 12,
"keywords": 4611686018427387924,
"time_created": "2023-11-06T01:42:12.437587+00:00",
"event_record_id": 61,
"correlation": {},
"execution": {
"process_id": 18812,
"thread_id": 21064
},
"channel": "Microsoft-Windows-WindowsUpdateClient/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateTitle": "9NCBCSZSJRSB-SpotifyAB.SpotifyMusic",
"updateGuid": "D8A73235-4C83-49DE-B455-6ED151F874F8",
"updateRevisionNumber": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 42: There has been a change in the health of Windows Update.
#Event ID 43: Installation Started: Windows has started installing the following update: updateTitle.
#Description
Installation Started: Windows has started installing the following update: updateTitle.
Message #
Fields #
| Name | Description |
|---|---|
updateTitle UnicodeString | |
updateGuid GUID | |
updateRevisionNumber UInt32 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "{945A8954-C147-4ACD-923F-40C45405A658}",
"event_source_name": "",
"event_id": 43,
"version": 1,
"level": 4,
"task": 1,
"opcode": 13,
"keywords": -9223372036854767608,
"time_created": "2026-06-13T14:04:46.7070212+00:00",
"event_record_id": 2755,
"correlation": {},
"execution": {
"process_id": 2528,
"thread_id": 9412
},
"channel": "System",
"computer": "telemetry-W11-d.cell-d.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateTitle": "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.453.73.0) - Current Channel (Broad)",
"updateGuid": "{e41d15c2-c706-4faf-8383-9112bdcb9267}",
"updateRevisionNumber": "200"
},
"message": "Installation Started: Windows has started installing the following update: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.453.73.0) - Current Channel (Broad)"
}
Event ID 44: Windows Update started downloading an update.
#Description
Windows Update started downloading an update.
Message #
Fields #
| Name | Description |
|---|---|
updateTitle UnicodeString | |
updateGuid GUID | |
updateRevisionNumber UInt32 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-WindowsUpdateClient",
"guid": "{945A8954-C147-4ACD-923F-40C45405A658}",
"event_source_name": "",
"event_id": 44,
"version": 1,
"level": 4,
"task": 1,
"opcode": 12,
"keywords": -9223372036854767612,
"time_created": "2026-06-13T14:04:46.7069855+00:00",
"event_record_id": 2754,
"correlation": {},
"execution": {
"process_id": 2528,
"thread_id": 9412
},
"channel": "System",
"computer": "telemetry-W11-d.cell-d.ludus.domain",
"security": {
"user_id": "S-1-5-18"
}
},
"event_data": {
"updateTitle": "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.453.73.0) - Current Channel (Broad)",
"updateGuid": "{e41d15c2-c706-4faf-8383-9112bdcb9267}",
"updateRevisionNumber": "200"
},
"message": "Windows Update started downloading an update."
}
Event ID 102: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
clientVersion UInt32 |
Event ID 104: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
updateId UnicodeString | |
bytesTransferred UInt32 |
Event ID 106: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
callerAppName UnicodeString | |
updateId UnicodeString | |
packedInstallData UInt32 | |
handlerResultCode UInt32 |
Event ID 107: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
resultCode UInt32 |
Event ID 108: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
clientVersion UInt32 |
Event ID 109: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
updateId UnicodeString | |
bytesTransferred UInt32 | |
resultCode UInt32 |
Event ID 110: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
updateId UnicodeString | |
bytesTransferred UInt32 |
Event ID 111: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
callerAppName UnicodeString | |
updateId UnicodeString | |
packedInstallData UInt32 | |
handlerResultCode UInt32 |
Event ID 112: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
callerAppName UnicodeString | |
updateId UnicodeString | |
packedInstallData UInt32 | |
handlerResultCode UInt32 |
Event ID 113: Agent
#Event ID 114: Agent
#Event ID 115: Agent
#Event ID 116: Agent
#Event ID 118: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
updateId UnicodeString | |
bytesTransferred UInt32 |
Event ID 120: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
clientVersion UInt32 |
Event ID 121: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
resultCode UInt32 |
Event ID 123: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
callerAppName UnicodeString | |
updateId UnicodeString | |
packedInstallData UInt32 | |
handlerResultCode UInt32 |
Event ID 124: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
updateGuid GUID | |
callerAppName UnicodeString | |
updateId UnicodeString | |
packedInstallData UInt32 | |
handlerResultCode UInt32 |
Event ID 126: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
clientVersion UInt32 |
Event ID 127: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
CallInternalId UInt32 | |
callerAppName UnicodeString | |
searchCriteria UnicodeString | |
packedScanData UInt32 | |
resultCode UInt32 |
Event ID 209: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
pdcActivationId UInt32 | |
description UnicodeString | |
accessType UInt8 | |
isInteractiveOrAPIDriven Boolean | |
stopIdleTimer Boolean | |
networkRefCount UInt32 | |
systemRefCount UInt32 |
Event ID 210: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
pdcActivationId UInt32 | |
description UnicodeString | |
accessType UInt8 | |
isInteractiveOrAPIDriven Boolean | |
stopIdleTimer Boolean | |
networkRefCount UInt32 | |
systemRefCount UInt32 |
Event ID 211: Windows Update Agent
#Fields #
| Name | Description |
|---|---|
pdcActivationId UInt32 | |
description UnicodeString | |
accessType UInt8 | |
isInteractiveOrAPIDriven Boolean | |
stopIdleTimer Boolean | |
networkRefCount UInt32 | |
systemRefCount UInt32 |
Event ID 212: Revert Successful: Windows successfully reverted the following update: updateTitle.
#Event ID 213: Revert Failure: Windows failed to revert the following update with error errorCode: updatelist.
#Event ID 214: Revert Started: Windows has started reverting the following update: updateTitle.
#Event ID 215: Uninstallation started: Windows has started uninstallnig the following update: updateTitle.
#Event ID 216: Commit Successful: Windows successfully committed the following update: updateTitle.
#Event ID 217: Commit Failure: Windows failed to commit the following update with error errorCode: updatelist.
#Event ID 218: Commit Started: Windows has started committing the following update: updateTitle.
#Provenance
Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.
ETW provider GUID 945a8954-c147-4acd-923f-40c45405a658
Defined in wuaueng.dll, which carries the event manifest.
Observed on:
- WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.1, captured 2026-06-02
- Win11-26200.6584, schema read from the registered manifest, binary version 1450.2508.4042.0, captured 2026-06-02