Elastic Windows Event Explorer


Publisher - Microsoft-Windows-CodeIntegrity

Event ID 3075

Message:

Code Integrity determined that process (%{ProcessNameBuffer}) spent %{ElapsedTime} and %{PolicyElapsedTime} microseconds for Code Integrity check and policy check to load %{FileNameBuffer} with validated %{ValidatedSigningLevel} signing level. For all components without EA cache, Code Integrity spent about %{PercentageTime}‰ more time when policy enforced.

Event Data:

# Name In Type
Out Type
1 FileNameLength win:UInt16 xs:unsignedShort
2 FileNameBuffer win:UnicodeString xs:string
3 ProcessNameLength win:UInt16 xs:unsignedShort
4 ProcessNameBuffer win:UnicodeString xs:string
5 RequestedSigningLevel win:UInt8 xs:unsignedByte
6 ValidatedSigningLevel win:UInt8 xs:unsignedByte
7 ElapsedTime win:UInt64 xs:unsignedLong
8 PolicyElapsedTime win:UInt64 xs:unsignedLong
9 PercentageTime win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: KX6QKHRF6IO5A