Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Removable Storage|
Received a device interface ARRIVAL notification for device: \\?\IDE#DiskIC35L060AVER07-..
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Removable Storage?
An example of action causing this event is inserting an USB drive in one of the USB ports.
This event is generated by the Windows 2000 Mount Manager (MM), which is part of the PnP (Plug and Play) service. It is the kernel service responsible to assign names to the volumes attached to the system. For each volume, it stores a name that is unique and is permanently identified with the volume, even after the volume has been removed from the system. You can find a list of the volumes that are or had been attached to the system at HKLM\SYSTEM\MountedDevices Registry key. The driver calls IoRegisterPlugPlayNotification which generates events 134 at an interface arrival and event 135 at a removal. See also Supporting Mount Manager Requests in a Storage Class Driver from MSDN.
|Private comment: Subscribers only. See example of private comment|
|Links: Supporting Mount Manager Requests in a Storage Class Driver|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated