Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Windows File Protection|
The WFP file scan was canceled by user interaction, user name was <user ID>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the Windows File Protection?
As per Microsoft: "The Windows File Protection feature (WFP) logs an event if WFP is canceled while it is performing a scan of the system files or attempting to replace an individual file. This information is recorded for later review in the System event log. Event ID 6409 indicates that a user canceled the scanning process completely". See ME236801 for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated