Elastic Windows Event Explorer


Publisher - Microsoft-Windows-UAC-FileVirtualization

Event ID 5004

Message:

Access was denied to delete file "%{FileNameBuffer}"

Event Data:

# Name In Type
Out Type
1 Flags win:UInt32 win:HexInt32
2 SidLength win:UInt32 xs:unsignedInt
3 Sid win:SID xs:string
4 FileNameLength win:UInt16 xs:unsignedShort
5 FileNameBuffer win:UnicodeString xs:string
6 ProcessImageNameLength win:UInt16 xs:unsignedShort
7 ProcessImageNameBuffer win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: TKYZN6VTMEC3M