Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Windows File Protection|
The system file <filename> was not restored to its original, valid version because the WFP restoration process was canceled by user interaction, user name is <user ID>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Windows File Protection?
As per Microsoft: "The Windows File Protection feature (WFP) logs an event if WFP is canceled while it is performing a scan of the system files or attempting to replace an individual file. Event ID 6406 indicates that a user canceled the replacement of a file that WFP targeted to be replaced and for which WFP prompted the user for the media source". See ME236801 for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated