Hacked By AnonymousFox

Current Path : C:/ProgramData/Microsoft/Windows Defender/Platform/4.18.25050.5-0/
Upload File :
Current File : C:/ProgramData/Microsoft/Windows Defender/Platform/4.18.25050.5-0/Microsoft-Antimalware-Service.man

<?xml version='1.0' encoding='utf-8' standalone='yes'?>
<assembly
    xmlns="urn:schemas-microsoft-com:asm.v3"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    manifestVersion="1.0"
    >
  <assemblyIdentity
      buildType="$(build.buildType)"
      language="neutral"
      name="Windows-Defender-Service-MpSvcEtw"
      processorArchitecture="$(build.arch)"
      publicKeyToken="$(Build.WindowsPublicKeyToken)"
      version="$(build.version)"
      versionScope="nonSxS"
      />
  <instrumentation>
    <events
        xmlns="http://schemas.microsoft.com/win/2004/08/events"
        xmlns:ms="http://manifests.microsoft.com/win/2004/08/windows/events"
        xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events"
        >
      <provider
          guid="{751ef305-6c6e-4fed-b847-02ef79d26aef}"
          message="$(string.Microsoft-Antimalware-Service.provider.name)"
          messageFileName="%programfiles%\Windows Defender\MpSvc.dll"
          name="Microsoft-Antimalware-Service"
          resourceFileName="%programfiles%\Windows Defender\MpSvc.dll"
          symbol="Microsoft_Antimalware_Service"
          >
        <tasks>
          <task
              eventGUID="{17991c99-d4f8-467f-9a97-1fed7d1208bc}"
              name="ServiceOnDemandScan"
              value="1"
              />
          <task
              eventGUID="{bfcc87ef-d782-43b2-aae8-b793e051f7bf}"
              name="ServiceEngineUpdate"
              value="2"
              />
          <task
              eventGUID="{d8769074-04fb-4146-b246-f4923f2bf9fa}"
              name="ServiceCacheBuild"
              value="3"
              />
          <task
              eventGUID="{c5c73be5-b124-4d07-bd1b-858360ad4830}"
              name="ServiceLoadEngine"
              value="4"
              />
          <task
              eventGUID="{30438a57-2866-4bb7-931d-4440153d4adc}"
              name="ServiceReloadEngine"
              value="5"
              />
          <task
              eventGUID="{e0919cbe-ec5a-406a-9be2-2aba408eee49}"
              name="ServiceSync"
              value="6"
              />
          <task
              eventGUID="{d7cb23e4-5f1c-4a18-9c79-9ffa1cef6997}"
              name="ServiceAsync"
              value="7"
              />
          <task
              eventGUID="{bc96821a-398f-49fc-9ebe-be603b8a2a7f}"
              name="ServiceShutdown"
              value="8"
              />
          <task
              eventGUID="{2c773cf1-6ff6-4bb8-805d-beb5672ad3a4}"
              name="ServiceProcessScan"
              value="9"
              />
          <task
              eventGUID="{053e6a8c-1a72-4e5c-83a4-d80144bd433a}"
              name="EngineTask"
              value="10"
              />
          <task
              eventGUID="{54c5f932-0597-492c-9e53-9a762e2e5655}"
              name="ServiceTask"
              value="11"
              />
          <task
              eventGUID="{6ab2b25d-4ba4-44cf-8648-5982c7799c76}"
              name="ServiceClean"
              value="12"
              />
          <task
              eventGUID="{ac047132-056a-4c46-99cb-03d1334fc457}"
              name="MOAC_CacheHit"
              value="13"
              />
          <task
              eventGUID="{562f67c5-b877-4ed0-b0bf-58556e044e4b}"
              name="MOAC_CacheMiss"
              value="14"
              />
          <task
              eventGUID="{495c9ada-d0da-4980-aeac-176fc6f3423b}"
              name="MOAC_CacheAdd"
              value="15"
              />
          <task
              eventGUID="{9398c3d7-59dc-4c99-ba30-cfdf2cd4710e}"
              name="MOAC_CacheDelete"
              value="16"
              />
          <task
              eventGUID="{b2beed96-8ab1-4846-be5e-5ec8aa15c787}"
              name="MOAC_CacheFlush"
              value="17"
              />
          <task
              eventGUID="{82844226-616e-491e-ba46-647c08f01763}"
              name="ServiceRoutineCleanup"
              value="18"
              />
          <task
              eventGUID="{42c7f94b-61db-48ae-8df6-f282cca0ad91}"
              name="ServiceRoutineVerification"
              value="19"
              />
          <task
              eventGUID="{689f0f35-9604-4057-87c3-e872c49a07b1}"
              name="ServiceRoutineCacheMaintenance"
              value="20"
              />
          <task
              eventGUID="{86b8e23b-c36b-49a4-9c33-14a876f7e142}"
              name="ServiceVersion"
              value="21"
              />
          <task
              eventGUID="{de862483-d6ff-46a2-97ce-41d5eba1d235}"
              name="CacheState"
              value="22"
              />
          <task
              eventGUID="{7e213735-2117-46c2-8119-9b3b78a533f4}"
              name="SFCBuild"
              value="23"
              />
          <task
              eventGUID="{c6b43d16-0b63-44e1-9fd5-d29c6cda90e9}"
              name="Spynet_EventSpynetRequired"
              value="24"
              />
          <task
              eventGUID="{b18f770a-83ae-4807-ae51-06d4a27fbf71}"
              name="Spynet_EventCloudRequest"
              value="25"
              />
          <task
              eventGUID="{3e6d25ab-8bb3-4d6f-b2b7-47673382c55d}"
              name="Spynet_EventSendTelemetry"
              value="26"
              />
          <task
              eventGUID="{6e2e0e7c-3702-4f8c-b2aa-0941120fb025}"
              name="Spynet_MpCmdRunStart"
              value="27"
              />
          <task
              eventGUID="{08d058c6-226a-4e7e-925f-3b6c2027448e}"
              name="Spynet_GenerateReportStart"
              value="28"
              />
          <task
              eventGUID="{9b439dd8-db34-4ebf-b11f-40925f723fdd}"
              name="Spynet_GenerateReportComplete"
              value="29"
              />
          <task
              eventGUID="{f9f0f8a6-8732-4414-98e6-9f870d0a7b10}"
              name="Spynet_HandleResponseStart"
              value="30"
              />
          <task
              eventGUID="{fc524ec4-f03c-4182-a556-a816c6b37895}"
              name="Spynet_HandleResponseComplete"
              value="31"
              />
          <task
              eventGUID="{d2ec2c24-e0a4-47b3-b777-b3cd8e65defe}"
              name="Spynet_SendReportStart"
              value="32"
              />
          <task
              eventGUID="{c9ff11d6-95d6-4d17-8d49-2a6de248d96b}"
              name="Spynet_SendReportComplete"
              value="33"
              />
          <task
              eventGUID="{d6ad8781-44b7-41cd-890c-9762b53c3714}"
              name="MpCmdRun_CreateProcess"
              value="34"
              />
          <task
              eventGUID="{533f0835-145f-429c-ac51-459a0e46cf54}"
              name="Spynet_MpCmdRunCreateTimer"
              value="35"
              />
          <task
              eventGUID="{6d1edd32-3ca2-4958-ba77-5edd7fb9bb3b}"
              name="Spynet_MpCmdRunTimerTrigger"
              value="36"
              />
          <task
              eventGUID="{8F2E98AE-DF1A-4F53-A580-4B1441B8BFBB}"
              name="IOAVScanTriggered"
              value="37"
              />
          <task
              eventGUID="{2C36DB2A-A39B-4A9B-8E23-321EE163C57E}"
              name="Sense_RemediationInfoThreat"
              value="38"
              />
          <task
              eventGUID="{C452A803-8378-4DA1-B495-B6630BEC649A}"
              name="Sense_HipsFGInfo"
              value="39"
              />
          <task
              eventGUID="{3434A803-8348-34A1-B345-34630BEC3434}"
              name="Sense_NetworkFilterLookup"
              value="40"
              />
          <task
              eventGUID="{7AC24CE5-7284-4429-9ED1-D8CE2F7296E7}"
              name="Sense_NetworkFilterConnectionInfo"
              value="41"
              />
          <task
              eventGUID="{FF6A1EA6-49E6-4D61-A4AF-BE6047461795}"
              name="Sense_DlpInfo"
              value="42"
              />
          <task
              eventGUID="{6A0DC6D8-05E1-4EA5-B9A5-B789238DDC99}"
              name="Sense_DlpEventInfo"
              value="43"
              />
          <task
              eventGUID="{F07136B9-28C6-4856-984C-8460E4F69DC7}"
              name="Sense_DlpStatusInfo"
              value="44"
              />
          <task
              eventGUID="{37A766DA-53A7-4D12-B452-DD98A3DD64CE}"
              name="Sense_NetworkFilterBreakTheGlass"
              value="45"
              />
          <task
              eventGUID="{3567D4A1-1429-4FAC-A035-0694069F7AE1}"
              name="Sense_HipsAsrUserExclusionInfo"
              value="46"
              />
          <task
              eventGUID="{6D20B44B-9BF9-48D7-98C3-D303BA92D476}"
              name="Sense_NetworkFilterDnsQuestion"
              value="47"
              />
          <task
              eventGUID="{B70EA01E-B3E1-4F05-B7BE-CBEF371EE536}"
              name="Sense_NetworkFilterDnsAnswer"
              value="48"
              />
          <task
              eventGUID="{F466B5E3-A006-4493-93A6-CB0CF7EC024B}"
              name="Sense_NetworkFilterVolumeNotification"
              value="49"
              />
          <task
              eventGUID="{27AAEFFD-D2D8-4C11-9790-D42EB4CCC48D}"
              name="Sense_TroubleshootingModeNotification"
              value="50"
              />
          <task
              eventGUID="{F70C7FA9-6671-4EBF-B6E9-64EDA8E2790E}"
              name="Sense_NetworkFilterTlsAlert"
              value="51"
              />
          <task
              eventGUID="{B25110EC-4ED1-4DCF-ABAA-9E3B3F0A6BC8}"
              name="RbM_RollbackComplete"
              value="52"
              />
          <task
              eventGUID="{3e80208a-9f94-4150-b3fc-bd51a81517c4}"
              name="StartRundownTask"
              symbol="_etwtask_StartRundown"
              value="53"
              />
          <task
              eventGUID="{f51df377-c690-4441-876a-cf3016e01469}"
              name="EndRundownTask"
              symbol="_etwtask_EndRundown"
              value="54"
              />
          <task
              eventGUID="{c73f41d1-0d4c-460a-9bd3-4b5caeed65b0}"
              name="Sense_TamperProtectionNotification"
              value="55"
              />
        </tasks>
        <keywords>
          <keyword
              mask="0x0000040000000000"
              name="StartRundown"
              symbol="StartRundownKeyword"
              />
          <keyword
              mask="0x0000080000000000"
              name="EndRundown"
              symbol="EndRundownKeyword"
              />
          <!-- 0x0000 F000 0000 0000: Keywords reserved by Microsoft Telemetry -->
          <!-- 0xFFFF 0000 0000 0000: Keywords reserved by ETW -->
        </keywords>
        <templates>
          <template tid="RollbackCompleteData">
            <data
                inType="win:UInt64"
                name="Timestamp"
                />
            <data
                inType="win:UnicodeString"
                name="RollbackVersion"
                />
          </template>
          <template tid="StringPayload">
            <data
                inType="win:UnicodeString"
                name="Description"
                />
          </template>
          <template tid="VersionPayload">
            <data
                inType="win:UnicodeString"
                name="ServiceVersion"
                />
            <data
                inType="win:Boolean"
                name="OsIsFreshInstall"
                />
          </template>
          <template tid="FileIDPayload">
            <data
                inType="win:UInt64"
                name="File_ID"
                />
            <data
                inType="win:UInt64"
                name="USN"
                />
          </template>
          <template tid="CachePayload">
            <data
                inType="win:UInt64"
                name="TrustedUSN"
                />
            <data
                inType="win:UInt64"
                name="TrustedState"
                />
            <data
                inType="win:UInt64"
                name="SFCState"
                />
          </template>
          <template tid="GenerateReportSize">
            <data
                inType="win:UInt32"
                name="Bytes"
                />
          </template>
          <template tid="MpCmdRunParams">
            <data
                inType="win:UnicodeString"
                name="Command"
                />
          </template>
          <template tid="RemediationInfo">
            <data
                inType="win:UnicodeString"
                name="Sha1"
                />
            <data
                inType="win:UnicodeString"
                name="Sha256"
                />
            <data
                inType="win:UnicodeString"
                name="MD5"
                />
            <data
                inType="win:UInt32"
                name="ProcessID"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessPath"
                />
            <data
                inType="win:UnicodeString"
                name="ThreatName"
                />
            <data
                inType="win:UnicodeString"
                name="RealPath"
                />
            <data
                inType="win:Boolean"
                name="WasExecutingWhileDetected"
                />
            <data
                inType="win:UInt32"
                name="Action"
                />
            <data
                inType="win:HexInt32"
                name="RemediationErrorCode"
                />
            <data
                inType="win:UInt64"
                name="DetectionTime"
                />
            <data
                inType="win:UnicodeString"
                name="User"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ResourceSchema"
                />
            <data
                inType="win:UnicodeString"
                name="DetectionGuid"
                />
            <data
                inType="win:HexInt32"
                name="Classification"
                />
            <data
                inType="win:UnicodeString"
                name="SchemaParamAndDataDelimiter"
                />
            <data
                inType="win:UnicodeString"
                name="SchemaParamList"
                />
            <data
                inType="win:UnicodeString"
                name="SchemaParamDataList"
                />
            <data
                inType="win:HexInt32"
                name="DetectionSource"
                />
            <data
                inType="win:Boolean"
                name="IsPassiveMode"
                />
            <data
                inType="win:HexInt64"
                name="SigSeq"
                />
            <data
                inType="win:UnicodeString"
                name="SigSha"
                />
            <data
                inType="win:Boolean"
                name="isCritical"
                />
            <data
                inType="win:UnicodeString"
                name="ThreatTrackingId"
                />
            <data
                inType="win:UnicodeString"
                name="PlatformVersion"
                />
            <data
                inType="win:UInt64"
                name="PlatformUpdateTime"
                />
            <data
                inType="win:UnicodeString"
                name="EngineVersion"
                />
            <data
                inType="win:UInt64"
                name="EngineUpdateTime"
                />
            <data
                inType="win:UnicodeString"
                name="ASSignatureVersion"
                />
            <data
                inType="win:UInt64"
                name="ASSignatureUpdateTime"
                />
            <data
                inType="win:UnicodeString"
                name="AVSignatureVersion"
                />
            <data
                inType="win:UInt64"
                name="AVSignatureUpdateTime"
                />
            <data
                inType="win:UInt32"
                name="BlockThreatExecSubCategory"
                />
            <data
                inType="win:UnicodeString"
                name="PropertyBag"
                />
            <data
                inType="win:UInt64"
                name="AllowThreatExpirationUTC"
                />
          </template>
          <template tid="HipsAsrUserExclusionInfo">
            <data
                inType="win:UnicodeString"
                name="RuleId"
                />
            <data
                inType="win:UInt32"
                name="RuleState"
                />
            <data
                inType="win:UInt32"
                name="SessionId"
                />
            <data
                inType="win:Boolean"
                name="TargetIdentified"
                />
            <data
                inType="win:UnicodeString"
                name="Parent"
                />
            <data
                inType="win:UnicodeString"
                name="Target"
                />
            <data
                inType="win:UnicodeString"
                name="InvolvedFile"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
          </template>
          <template tid="HipsFGInfo">
            <data
                inType="win:UnicodeString"
                name="RuleId"
                />
            <data
                inType="win:Boolean"
                name="isAudit"
                />
            <data
                inType="win:UnicodeString"
                name="Sha1"
                />
            <data
                inType="win:UnicodeString"
                name="Sha256"
                />
            <data
                inType="win:UnicodeString"
                name="MD5"
                />
            <data
                inType="win:UInt64"
                name="FileSize"
                />
            <data
                inType="win:UInt32"
                name="ProcessID"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UInt32"
                name="ProcessIntegrityLevel"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessPath"
                />
            <data
                inType="win:UnicodeString"
                name="TargetPath"
                />
            <data
                inType="win:UInt64"
                name="SigSeq"
                />
            <data
                inType="win:UnicodeString"
                name="SigSha"
                />
            <data
                inType="win:UnicodeString"
                name="CommandLine"
                />
            <data
                inType="win:UInt64"
                name="DetectionTime"
                />
            <data
                inType="win:Boolean"
                name="TargetIdentified"
                />
            <data
                inType="win:UnicodeString"
                name="ParentCommandLine"
                />
            <data
                inType="win:UnicodeString"
                name="InvolvedFile"
                />
            <data
                inType="win:UInt32"
                name="InheritanceFlags"
                />
            <data
                inType="win:UInt32"
                name="RuleType"
                />
            <data
                inType="win:UInt32"
                name="RuleState"
                />
            <data
                inType="win:UInt32"
                name="SessionId"
                />
            <data
                inType="win:UnicodeString"
                name="UserName"
                />
          </template>
          <template tid="NetworkFilterLookup">
            <data
                inType="win:Boolean"
                name="IsAudit"
                />
            <data
                inType="win:UnicodeString"
                name="Uri"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ResponseCategory"
                />
            <data
                inType="win:Boolean"
                name="IsWarn"
                />
            <data
                inType="win:UnicodeString"
                name="DisplayName"
                />
            <data
                inType="win:UnicodeString"
                name="IocId"
                />
          </template>
          <template tid="NetworkFilterConnectionInfo">
            <data
                inType="win:UInt32"
                name="LocalIpAddressLength"
                />
            <data
                inType="win:Binary"
                length="LocalIpAddressLength"
                name="LocalIpAddress"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UInt32"
                name="RemoteIpAddressLength"
                />
            <data
                inType="win:Binary"
                length="RemoteIpAddressLength"
                name="RemoteIpAddress"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
            <data
                inType="win:UnicodeString"
                name="Uri"
                />
            <data
                inType="win:UnicodeString"
                name="RequestHeaders"
                />
            <data
                inType="win:UnicodeString"
                name="ResponseHeaders"
                />
            <data
                inType="win:UnicodeString"
                name="ConnectionType"
                />
          </template>
          <template tid="DlpInfo">
            <data
                inType="win:UnicodeString"
                name="RuleId"
                />
            <data
                inType="win:UInt32"
                name="State"
                />
            <data
                inType="win:UInt64"
                name="EventTimestamp"
                />
            <data
                inType="win:UnicodeString"
                name="Action"
                />
            <data
                inType="win:UnicodeString"
                name="Process"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UnicodeString"
                name="Source"
                />
            <data
                inType="win:UnicodeString"
                name="Target"
                />
            <data
                inType="win:UInt32"
                name="SessionId"
                />
          </template>
          <template tid="DlpEventInfo">
            <data
                inType="win:UInt64"
                name="UniqueId"
                />
            <data
                inType="win:UInt32"
                name="TotalSourceFiles"
                />
            <data
                inType="win:UInt32"
                name="CurrentIndexOfSourceFile"
                />
            <data
                inType="win:UnicodeString"
                name="PolicyVersion"
                />
            <data
                inType="win:UnicodeString"
                name="PolicyRuleId"
                />
            <data
                inType="win:UInt32"
                name="EnforcementLevel"
                />
            <data
                inType="win:Boolean"
                name="IsActionBypass"
                />
            <data
                inType="win:UInt64"
                name="EventTimestamp"
                />
            <data
                inType="win:UnicodeString"
                name="ActionType"
                />
            <data
                inType="win:UnicodeString"
                name="Process"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="Source"
                />
            <data
                inType="win:UnicodeString"
                name="Target"
                />
            <data
                inType="win:UInt32"
                name="SessionId"
                />
            <data
                inType="win:SID"
                name="UserSid"
                />
          </template>
          <template tid="DlpStatusInfo">
            <data
                inType="win:UInt32"
                name="StatusCode"
                />
            <data
                inType="win:UnicodeString"
                name="StatusDetails"
                />
          </template>
          <template tid="NetworkFilterBreakTheGlass">
            <data
                inType="win:Boolean"
                name="Allow"
                />
            <data
                inType="win:UnicodeString"
                name="UserOverrideKey"
                />
            <data
                inType="win:UnicodeString"
                name="FriendlyName"
                />
            <data
                inType="win:UnicodeString"
                name="Uri"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ResponseCategory"
                />
            <data
                inType="win:UnicodeString"
                name="IocId"
                />
          </template>
          <template tid="NetworkFilterDnsQuestion">
            <data
                inType="win:UInt32"
                name="DnsServerAddressLength"
                />
            <data
                inType="win:Binary"
                length="DnsServerAddressLength"
                name="DnsServerIpAddress"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UnicodeString"
                name="QueryName"
                />
            <data
                inType="win:UInt32"
                name="QueryType"
                />
            <data
                inType="win:UInt32"
                name="ClassType"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
          </template>
          <template tid="NetworkFilterDnsAnswer">
            <data
                inType="win:UInt32"
                name="DnsServerAddressLength"
                />
            <data
                inType="win:Binary"
                length="DnsServerAddressLength"
                name="DnsServerIpAddress"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UnicodeString"
                name="AnswerName"
                />
            <data
                inType="win:UInt64"
                name="Ttl"
                />
            <data
                inType="win:UnicodeString"
                name="RecordType"
                />
            <data
                inType="win:UnicodeString"
                name="ResourceRecord"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
          </template>
          <template tid="NetworkFilterVolumeNotification">
            <data
                inType="win:Boolean"
                name="IsIncoming"
                />
            <data
                inType="win:UInt32"
                name="SourceIpLength"
                />
            <data
                inType="win:Binary"
                length="SourceIpLength"
                name="SourceIp"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UInt32"
                name="DestinationIpLength"
                />
            <data
                inType="win:Binary"
                length="DestinationIpLength"
                name="DestinationIp"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UInt64"
                name="Size"
                />
            <data
                inType="win:UnicodeString"
                name="DestinationDNSName"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
            <data
                inType="win:UnicodeString"
                name="ConnectionType"
                />
            <data
                inType="win:Boolean"
                name="IsBehindProxy"
                />
          </template>
          <template tid="TroubleshootingModeNotification">
            <data
                inType="win:UInt32"
                name="TS_State"
                />
            <data
                inType="win:UInt32"
                name="TS_PreviousState"
                />
            <data
                inType="win:UInt64"
                name="TS_StartUTC"
                />
            <data
                inType="win:UInt64"
                name="TS_ExpirationUTC"
                />
            <data
                inType="win:UInt32"
                name="TS_ExpirationMinutesLeft"
                />
            <data
                inType="win:UInt32"
                name="TS_StateChangeSource"
                />
            <data
                inType="win:UInt32"
                name="TS_StateChangeReason"
                />
            <data
                inType="win:UInt32"
                name="TS_QuotaMinutesLeft"
                />
            <data
                inType="win:UnicodeString"
                name="PlatformVersion"
                />
            <data
                inType="win:UnicodeString"
                name="EngineVersion"
                />
          </template>
          <template tid="NetworkFilterTlsAlert">
            <data
                inType="win:UInt32"
                name="TlsServerAddressLength"
                />
            <data
                inType="win:Binary"
                length="TlsServerAddressLength"
                name="TlsServerIpAddress"
                outType="win:SocketAddress"
                />
            <data
                inType="win:UInt8"
                name="TlsAlertLevel"
                />
            <data
                inType="win:UInt8"
                name="TlsAlertDescription"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
            <data
                inType="win:UnicodeString"
                name="UserSid"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
          </template>
          <template tid="TamperProtectionNotification">
            <data
                inType="win:UInt64"
                name="DetectionTime"
                />
            <data
                inType="win:UnicodeString"
                name="TP_State"
                />
            <data
                inType="win:UnicodeString"
                name="TP_Scenario"
                />
            <data
                inType="win:UnicodeString"
                name="TP_ResourceType"
                />
            <data
                inType="win:UnicodeString"
                name="TP_ResourceName"
                />
            <data
                inType="win:UnicodeString"
                name="TP_ResourceOldState"
                />
            <data
                inType="win:UnicodeString"
                name="TP_ResourceNewState"
                />
            <data
                inType="win:UInt32"
                name="TP_IsBlocked"
                />
            <data
                inType="win:UInt32"
                name="TP_IsUserMode"
                />
            <data
                inType="win:UnicodeString"
                name="ProcessName"
                />
            <data
                inType="win:UInt32"
                name="ProcessId"
                />
            <data
                inType="win:UInt64"
                name="ProcessCreationTime"
                />
          </template>
        </templates>
        <events>
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceOnDemandScan_Start"
              task="ServiceOnDemandScan"
              template="StringPayload"
              value="1"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceOnDemandScan_Stop"
              task="ServiceOnDemandScan"
              value="2"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceCacheBuild_Start"
              task="ServiceCacheBuild"
              value="4"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceCacheBuild_Stop"
              task="ServiceCacheBuild"
              value="5"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceLoadEngine_Start"
              task="ServiceLoadEngine"
              value="6"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceLoadEngine_Stop"
              task="ServiceLoadEngine"
              value="7"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceReloadEngine_Start"
              task="ServiceReloadEngine"
              value="8"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceReloadEngine_Stop"
              task="ServiceReloadEngine"
              value="9"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceSync_Start"
              task="ServiceSync"
              value="10"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceSync_Stop"
              task="ServiceSync"
              value="11"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceAsync_Start"
              task="ServiceAsync"
              value="12"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceAsync_Stop"
              task="ServiceAsync"
              value="13"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceShutdownEvent"
              task="ServiceShutdown"
              value="14"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceProcessScan_Start"
              task="ServiceProcessScan"
              value="15"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceProcessScan_Stop"
              task="ServiceProcessScan"
              value="16"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="EngineTaskEvent"
              task="EngineTask"
              template="StringPayload"
              value="17"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceTaskLaunched"
              task="ServiceTask"
              template="StringPayload"
              value="18"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceClean"
              task="ServiceClean"
              template="StringPayload"
              value="19"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MOAC_CacheHitEvent"
              task="MOAC_CacheHit"
              template="FileIDPayload"
              value="20"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MOAC_CacheMissEvent"
              task="MOAC_CacheMiss"
              template="FileIDPayload"
              value="21"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MOAC_CacheAddEvent"
              task="MOAC_CacheAdd"
              template="FileIDPayload"
              value="22"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MOAC_CacheDeleteEvent"
              task="MOAC_CacheDelete"
              template="FileIDPayload"
              value="23"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MOAC_CacheFlushEvent"
              task="MOAC_CacheFlush"
              value="24"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceRoutineCleanupEvent"
              task="ServiceRoutineCleanup"
              value="25"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceRoutineVerificationEvent"
              task="ServiceRoutineVerification"
              value="26"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceRoutineCacheMaintenanceEvent"
              task="ServiceRoutineCacheMaintenance"
              value="27"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="ServiceVersionEvent"
              task="ServiceVersion"
              template="VersionPayload"
              value="28"
              version="1"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="ServiceEngineUpdate_Start"
              task="ServiceEngineUpdate"
              value="29"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="ServiceEngineUpdate_Stop"
              task="ServiceEngineUpdate"
              value="30"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="CacheStateEvent"
              task="CacheState"
              template="CachePayload"
              value="31"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="SFCBuild_Start"
              task="SFCBuild"
              value="32"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Stop"
              symbol="SFCBuild_Stop"
              task="SFCBuild"
              value="33"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_EventSpynetRequired"
              task="Spynet_EventSpynetRequired"
              value="34"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_EventCloudRequest"
              task="Spynet_EventCloudRequest"
              value="35"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_EventSendTelemetry"
              task="Spynet_EventSendTelemetry"
              value="36"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_MpCmdRunStart"
              task="Spynet_MpCmdRunStart"
              value="37"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_GenerateReportStart"
              task="Spynet_GenerateReportStart"
              value="38"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_GenerateReportComplete"
              task="Spynet_GenerateReportComplete"
              template="GenerateReportSize"
              value="39"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_HandleResponseStart"
              task="Spynet_HandleResponseStart"
              value="40"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_HandleResponseComplete"
              task="Spynet_HandleResponseComplete"
              value="41"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_SendReportStart"
              task="Spynet_SendReportStart"
              value="42"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_SendReportComplete"
              task="Spynet_SendReportComplete"
              value="43"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="MpCmdRun_CreateProcess"
              task="MpCmdRun_CreateProcess"
              template="MpCmdRunParams"
              value="44"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_MpCmdRunCreateTimer"
              task="Spynet_MpCmdRunCreateTimer"
              value="45"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Spynet_MpCmdRunTimerTrigger"
              task="Spynet_MpCmdRunTimerTrigger"
              value="46"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Start"
              symbol="IOAVScanTriggered"
              task="IOAVScanTriggered"
              value="47"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_RemediationInfoThreat"
              task="Sense_RemediationInfoThreat"
              template="RemediationInfo"
              value="48"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_HipsFGInfo"
              task="Sense_HipsFGInfo"
              template="HipsFGInfo"
              value="49"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterLookup"
              task="Sense_NetworkFilterLookup"
              template="NetworkFilterLookup"
              value="50"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterConnectionInfo"
              task="Sense_NetworkFilterConnectionInfo"
              template="NetworkFilterConnectionInfo"
              value="51"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_DlpInfo"
              task="Sense_DlpInfo"
              template="DlpInfo"
              value="52"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_DlpEventInfo"
              task="Sense_DlpEventInfo"
              template="DlpEventInfo"
              value="53"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_DlpStatusInfo"
              task="Sense_DlpStatusInfo"
              template="DlpStatusInfo"
              value="54"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterBreakTheGlass"
              task="Sense_NetworkFilterBreakTheGlass"
              template="NetworkFilterBreakTheGlass"
              value="55"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_HipsAsrUserExclusionInfo"
              task="Sense_HipsAsrUserExclusionInfo"
              template="HipsAsrUserExclusionInfo"
              value="56"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterDnsQuestion"
              task="Sense_NetworkFilterDnsQuestion"
              template="NetworkFilterDnsQuestion"
              value="57"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterDnsAnswer"
              task="Sense_NetworkFilterDnsAnswer"
              template="NetworkFilterDnsAnswer"
              value="58"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterVolumeNotification"
              task="Sense_NetworkFilterVolumeNotification"
              template="NetworkFilterVolumeNotification"
              value="59"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_TroubleshootingModeNotification"
              task="Sense_TroubleshootingModeNotification"
              template="TroubleshootingModeNotification"
              value="60"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_NetworkFilterTlsAlert"
              task="Sense_NetworkFilterTlsAlert"
              template="NetworkFilterTlsAlert"
              value="61"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Rbm_RollbackCompleteEvent"
              task="RbM_RollbackComplete"
              template="RollbackCompleteData"
              value="62"
              version="0"
              />
          <event
              keywords="StartRundown"
              level="win:Informational"
              opcode="win:Start"
              symbol="StartRundownStartEvent"
              task="StartRundownTask"
              template="StringPayload"
              value="63"
              version="0"
              />
          <event
              keywords="StartRundown"
              level="win:Informational"
              opcode="win:Stop"
              symbol="StartRundownStopEvent"
              task="StartRundownTask"
              template="StringPayload"
              value="64"
              version="0"
              />
          <event
              keywords="EndRundown"
              level="win:Informational"
              opcode="win:Start"
              symbol="EndRundownStartEvent"
              task="EndRundownTask"
              template="StringPayload"
              value="65"
              version="0"
              />
          <event
              keywords="EndRundown"
              level="win:Informational"
              opcode="win:Stop"
              symbol="EndRundownStopEvent"
              task="EndRundownTask"
              template="StringPayload"
              value="66"
              version="0"
              />
          <event
              level="win:Informational"
              opcode="win:Info"
              symbol="Sense_TamperProtectionNotification"
              task="Sense_TamperProtectionNotification"
              template="TamperProtectionNotification"
              value="67"
              version="0"
              />
        </events>
      </provider>
    </events>
  </instrumentation>
  <localization>
    <resources culture="en-US">
      <stringTable>
        <string
            id="Microsoft-Antimalware-Service.provider.name"
            value="Microsoft-Antimalware-Service"
            />
      </stringTable>
    </resources>
  </localization>
</assembly>

Hacked By AnonymousFox1.0, Coded By AnonymousFox