en[Event3] Kernel-EventTracing Microsoft Security Client OOBE

SC2 2018-03-08

2021-09-09

このサイトを検索 | Search this site

,Japan

This article is about [Event ID 3].

According to me,

It was an error about Microsoft Security Essentials (MSE) EppOobe.etl.

MSE is a free software available for Windows 7 that provides comprehensive anti-malware protection against viruses, spyware and other malicious software.

However,

It turns out that EppOobe.etl is also used by Windows Defender, which is built into Windows 10.

We will share the cause of the error and the repair method.

Event Log

Event Log
message	Session "Microsoft Security Client OOBE" stopped with the error: 0xC000000D
log name	Microsoft-Windows-Kernel-EventTracing /Admin
Source	Kernel-EventTracing
Event id	3
level	error
user	N /A
Opcode	Stop

Microsoft Security Client OOBE

OOBE:	Out of Box Experience
MSE:	Microsoft Security Essentials

The OOBE error was related to MSE's EppOobe.etl.

When I upgraded to Windows 10, MSE was removed and replaced by Windows Defender.

And now the OOBE error is logged.

[Time series]

Install MSE on Windows 7
Upgrade to Windows 10
MSE removed and replaced by Windows Defender

EppOobe.etl is a file used by MSE for the initial setup.

However,

When I checked EppOobe.etl on the PC upgraded to Windows 10, I found that the upgrade date was the update date, so Windows Defender also refers to EppOobe.etl.

The path of EppOobe.etl is as follows.

C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl

Repair method

There are 3 types.

[procedure]

Delete EppOobe.etl
Change the value of the registry that loads EppOobe.etl
Disable Microsoft Security Client trace session

Steps B and C are recommended as Step A may recur.

Performing step C changes the registry value of EppOobe.etl, so steps B and C have the same effect.

Step C is described here.