en[Event3] Kernel-EventTracing Microsoft Security Client OOBE

SC2 2018-03-08

2021-09-09

Atom | RSS

このサイトを検索 | Search this site

,Japan

en[Event3] Kernel-EventTracing Microsoft Security Client OOBE

to japanese

This article is about [Event ID 3].

According to me,

It was an error about Microsoft Security Essentials (MSE) EppOobe.etl.

MSE is a free software available for Windows 7 that provides comprehensive anti-malware protection against viruses, spyware and other malicious software.

However,

It turns out that EppOobe.etl is also used by Windows Defender, which is built into Windows 10.

We will share the cause of the error and the repair method.

Event Log

Event Log
message	Session "Microsoft Security Client OOBE" stopped with the error: 0xC000000D
log name	Microsoft-Windows-Kernel-EventTracing /Admin
Source	Kernel-EventTracing
Event id	3
level	error
user	N /A
Opcode	Stop

Microsoft Security Client OOBE

OOBE:	Out of Box Experience
MSE:	Microsoft Security Essentials

The OOBE error was related to MSE's EppOobe.etl.

When I upgraded to Windows 10, MSE was removed and replaced by Windows Defender.

And now the OOBE error is logged.

[Time series]

Install MSE on Windows 7
Upgrade to Windows 10
MSE removed and replaced by Windows Defender

EppOobe.etl is a file used by MSE for the initial setup.

However,

When I checked EppOobe.etl on the PC upgraded to Windows 10, I found that the upgrade date was the update date, so Windows Defender also refers to EppOobe.etl.

The path of EppOobe.etl is as follows.

C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl

Repair method

There are 3 types.

[procedure]

Delete EppOobe.etl
Change the value of the registry that loads EppOobe.etl
Disable Microsoft Security Client trace session

Steps B and C are recommended as Step A may recur.

Performing step C changes the registry value of EppOobe.etl, so steps B and C have the same effect.

Step C is described here.

Step C

1. Display Computer Management

Windows 10> Right-click the Start Menu button> Computer Management

2. View the startup event trace session

Computer Management (Local)> Performance> Data Collector Set> Startup Event Trace Session

3. View Microsoft Security Client OOBE properties

Expand the Startup Event Trace session and double-click Microsoft Security Client OOBE.

4. Trace session tab

☑ Uncheck Enable and click OK.

5. End of procedure

This completes the procedure.

Restart your PC and check the Event Viewer.

Summary

First, try procedure C.

If it doesn't improve, try step B

Be careful when handling Step B, as it uses the Registry Editor.

Resurrect

In my case, Event-ID3 came back when I upgraded to Windows 10, version 1803.

At that time, Step C could not be repaired, so Step B was performed.

Validation: Windows 10 Pro Fall Creators Update, v1709

en-event の記事 (Articles about the en-event)

新着順 (New arrival order)

タイトル：en[Event3] Kernel-EventTracing Microsoft Security Client OOBE：SC2

このサイトを検索 | Search this site

投稿者 SC2

将棋ウォッチャーのカシミヤです。元SE。（@sc2kzstock）検証したことをメモに残しています。質問は受け付けていません。Windows、Android、将棋の話題。 --- I am taking notes on what I have verified. No questions are accepted. Information welcome! (@sc2kzstock) Topics related to Windows, Android, free software, and Japanese chess.