Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 14/09/2024 23:56:52
Event ID: 8198
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SRV.domain.local
Description:
License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="49152">8198</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:56:52.1896625Z" />
<EventRecordID>1724</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security />
</System>
<EventData>
<Data>hr=0x8007139F</Data>
<Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/09/2024 23:57:04
Event ID: 24
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: SRV.domain.local
Description:
Event provider SessionBrokerTargetEventProvider attempted to register query "select * FROM Win32_SessionBrokerTargetEvent" whose target class "Win32_SessionBrokerTargetEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" />
<EventID>24</EventID>
<Version>2</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:57:04.5852888Z" />
<EventRecordID>1725</EventRecordID>
<Correlation ActivityID="{315b9d2e-06f9-0017-c4a2-5b31f906db01}" />
<Execution ProcessID="2484" ThreadID="1100" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
<EventProvider>SessionBrokerTargetEventProvider</EventProvider>
<Query>select * FROM Win32_SessionBrokerTargetEvent</Query>
<Class>Win32_SessionBrokerTargetEvent</Class>
<Namespace>//./root/CIMV2</Namespace>
</data_0x8000003F>
</UserData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 14/09/2024 23:57:17
Event ID: 1003
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SRV.domain.local
Description:
The Software Protection service has completed licensing status check.
Application Id=55c92734-d682-4d71-983e-d6ec3f16059f
Licensing Status=
1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])]
13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="16384">1003</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:57:17.8126126Z" />
<EventRecordID>1727</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security />
</System>
<EventData>
<Data>55c92734-d682-4d71-983e-d6ec3f16059f</Data>
<Data>
1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])]
13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 14/09/2024 23:57:17
Event ID: 8198
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SRV.domain.local
Description:
License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="49152">8198</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:57:17.8438687Z" />
<EventRecordID>1728</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security />
</System>
<EventData>
<Data>hr=0x8007139F</Data>
<Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/09/2024 23:57:46
Event ID: 63
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: SRV.domain.local
Description:
A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" />
<EventID>63</EventID>
<Version>2</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:57:46.5788417Z" />
<EventRecordID>1729</EventRecordID>
<Correlation />
<Execution ProcessID="2484" ThreadID="6860" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
<Provider>DMWmiBridgeProv</Provider>
<Namespace>root\cimv2\mdm\dmmap</Namespace>
</data_0x8000003F>
</UserData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 14/09/2024 23:58:09
Event ID: 16384
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SRV.domain.local
Description:
Successfully scheduled Software Protection service for re-start at 2024-09-15T22:56:09Z. Reason: RulesEngine.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="16384">16384</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2024-09-14T22:58:09.6407378Z" />
<EventRecordID>1783</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SRV.domain.local</Computer>
<Security />
</System>
<EventData>
<Data>2024-09-15T22:56:09Z</Data>
<Data>RulesEngine</Data>
</EventData>
</Event>
