Reset Password · PC & Mac Help and Assistance

Welcome Guest! To enable all features please Login or Register

Posted by: DogMan - 15 September 2024 13:30:24
Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:56:52 Event ID: 8198 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SRV.domain.local Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="49152">8198</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:56:52.1896625Z" /> <EventRecordID>1724</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>hr=0x8007139F</Data> <Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-WMI Date: 14/09/2024 23:57:04 Event ID: 24 Task Category: None Level: Error Keywords: User: SYSTEM Computer: SRV.domain.local Description: Event provider SessionBrokerTargetEventProvider attempted to register query "select * FROM Win32_SessionBrokerTargetEvent" whose target class "Win32_SessionBrokerTargetEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" /> <EventID>24</EventID> <Version>2</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:04.5852888Z" /> <EventRecordID>1725</EventRecordID> <Correlation ActivityID="{315b9d2e-06f9-0017-c4a2-5b31f906db01}" /> <Execution ProcessID="2484" ThreadID="1100" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI"> <EventProvider>SessionBrokerTargetEventProvider</EventProvider> <Query>select * FROM Win32_SessionBrokerTargetEvent</Query> <Class>Win32_SessionBrokerTargetEvent</Class> <Namespace>//./root/CIMV2</Namespace> </data_0x8000003F> </UserData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:57:17 Event ID: 1003 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SRV.domain.local Description: The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])] 13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1003</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:17.8126126Z" /> <EventRecordID>1727</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>55c92734-d682-4d71-983e-d6ec3f16059f</Data> <Data> 1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])] 13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] </Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:57:17 Event ID: 8198 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SRV.domain.local Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="49152">8198</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:17.8438687Z" /> <EventRecordID>1728</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>hr=0x8007139F</Data> <Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-WMI Date: 14/09/2024 23:57:46 Event ID: 63 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: SRV.domain.local Description: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" /> <EventID>63</EventID> <Version>2</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:46.5788417Z" /> <EventRecordID>1729</EventRecordID> <Correlation /> <Execution ProcessID="2484" ThreadID="6860" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI"> <Provider>DMWmiBridgeProv</Provider> <Namespace>root\cimv2\mdm\dmmap</Namespace> </data_0x8000003F> </UserData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:58:09 Event ID: 16384 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SRV.domain.local Description: Successfully scheduled Software Protection service for re-start at 2024-09-15T22:56:09Z. Reason: RulesEngine. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">16384</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:58:09.6407378Z" /> <EventRecordID>1783</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>2024-09-15T22:56:09Z</Data> <Data>RulesEngine</Data> </EventData> </Event>[/code]

Posted by: DogMan - 15 September 2024 13:30:24

Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:56:52 Event ID: 8198 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SRV.domain.local Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="49152">8198</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:56:52.1896625Z" /> <EventRecordID>1724</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>hr=0x8007139F</Data> <Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-WMI Date: 14/09/2024 23:57:04 Event ID: 24 Task Category: None Level: Error Keywords: User: SYSTEM Computer: SRV.domain.local Description: Event provider SessionBrokerTargetEventProvider attempted to register query "select * FROM Win32_SessionBrokerTargetEvent" whose target class "Win32_SessionBrokerTargetEvent" in //./root/CIMV2 namespace does not exist. The query will be ignored. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" /> <EventID>24</EventID> <Version>2</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:04.5852888Z" /> <EventRecordID>1725</EventRecordID> <Correlation ActivityID="{315b9d2e-06f9-0017-c4a2-5b31f906db01}" /> <Execution ProcessID="2484" ThreadID="1100" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI"> <EventProvider>SessionBrokerTargetEventProvider</EventProvider> <Query>select * FROM Win32_SessionBrokerTargetEvent</Query> <Class>Win32_SessionBrokerTargetEvent</Class> <Namespace>//./root/CIMV2</Namespace> </data_0x8000003F> </UserData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:57:17 Event ID: 1003 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SRV.domain.local Description: The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status= 1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])] 13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">1003</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:17.8126126Z" /> <EventRecordID>1727</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>55c92734-d682-4d71-983e-d6ec3f16059f</Data> <Data> 1: 1ea11e95-b7b5-49f8-b3b8-164805630e84, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 2: 22105925-48c3-4ff4-a294-f654bb27e390, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 3: 27c4e172-0f4c-4a2d-86f0-ebfd77a583ce, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 4: 3f1a0b3b-cefc-48e4-8502-53299ec06146, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 5: 661f7658-7035-4b4c-9f35-010682943ec2, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 6: 6bad0243-1c35-46b2-b8e6-7a853e37413f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 7: 716317e3-9177-41f8-a772-361050bb1b7f, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 8: 82fcf64d-f9dd-4411-9c79-f2eed16d4eb8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 9: 84e331f6-4279-48c4-ab10-b75139181351, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 10: 8f97e374-1be6-46d5-bb24-61f9d6400caf, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 11: 929d118a-4950-4d06-9ff1-ecd794f7d740, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 12: 9bd77860-9b31-4b7b-96ad-2564017315bf, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0 msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F056)])] 13: b1c68fb2-b632-47a2-8719-488cc128b728, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 14: ce624156-a391-4585-93f9-7fb37405fbda, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 15: e73aabfa-12bc-4705-b551-2dd076bebc7d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] 16: ffa0a98f-b13f-4433-91f4-8aff126ed407, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )] </Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:57:17 Event ID: 8198 Task Category: None Level: Error Keywords: Classic User: N/A Computer: SRV.domain.local Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="49152">8198</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:17.8438687Z" /> <EventRecordID>1728</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>hr=0x8007139F</Data> <Data>RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9bd77860-9b31-4b7b-96ad-2564017315bf;NotificationInterval=1440;Trigger=NetworkAvailable</Data> </EventData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-WMI Date: 14/09/2024 23:57:46 Event ID: 63 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: SRV.domain.local Description: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" /> <EventID>63</EventID> <Version>2</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:57:46.5788417Z" /> <EventRecordID>1729</EventRecordID> <Correlation /> <Execution ProcessID="2484" ThreadID="6860" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI"> <Provider>DMWmiBridgeProv</Provider> <Namespace>root\cimv2\mdm\dmmap</Namespace> </data_0x8000003F> </UserData> </Event>[/code] Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 14/09/2024 23:58:09 Event ID: 16384 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SRV.domain.local Description: Successfully scheduled Software Protection service for re-start at 2024-09-15T22:56:09Z. Reason: RulesEngine. Event Xml: [code=markup]<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> <EventID Qualifiers="16384">16384</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2024-09-14T22:58:09.6407378Z" /> <EventRecordID>1783</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SRV.domain.local</Computer> <Security /> </System> <EventData> <Data>2024-09-15T22:56:09Z</Data> <Data>RulesEngine</Data> </EventData> </Event>[/code]

Important Information: