Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1013 Source: MsiInstaller

Source
Level
Description
=====================================================
Exception code: <error code> <error description>
Module: <path to dll file>
Function: 0x63542670
=====================================================

Registers: <register values>
Flags: <values>

Call stack: <stack>.
Comments
 
- Error code: C0000005 (ACCESS_VIOLATION) - See ME818793 for a hotfix applicable to Microsoft Visio 2002.
The error is being generated by code within an MSI installation file, more precisely MSI Custom Action type 19 "Cancel Installation", which produces an error display box containing a custom text message which is the same message recorded in the event log.
NOTE: The description for this EventID will vary from application to application.
Solving: This will require knowledge of editing MSI installation files and an MSI editor. This custom action will usually be imbedded in an "If" logic statement. Analyze the logic to find why the "CancelInstallation" comand is being run so that either:
1) The reason for the cancellation can be avoided.
Or
2) The logic code can be modified (by creating transform or editing the MSI) so that the cancellation does not occur.
Example:
"Acrobat 6.0 Standard" MSI has this in logic preventing any repairs or self-repairs if logged in as a user under NT, Windows 2000 or XP resulting in message/event-description "You do not have sufficient privileges to run this installer."
The error (exception) codes listed in the event description are similar to the ones that are recorded when a "blue screen" occurs. See event id 1000 with "Save Dump" as source.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...