en[Event3] Kernel-EventTracing Microsoft Security Client OOBE

このサイトを検索 | Search this site
,Japan

This article is about [Event ID 3].

According to me,

It was an error about Microsoft Security Essentials (MSE) EppOobe.etl.

MSE is a free software available for Windows 7 that provides comprehensive anti-malware protection against viruses, spyware and other malicious software.

However,

It turns out that EppOobe.etl is also used by Windows Defender, which is built into Windows 10.

We will share the cause of the error and the repair method.


Event Log

Event Log
messageSession "Microsoft Security Client OOBE" stopped with the error: 0xC000000D
log nameMicrosoft-Windows-Kernel-EventTracing /Admin
SourceKernel-EventTracing
Event id3
levelerror
userN /A
OpcodeStop

Microsoft Security Client OOBE

OOBE:Out of Box Experience
MSE:Microsoft Security Essentials

The OOBE error was related to MSE's EppOobe.etl.

When I upgraded to Windows 10, MSE was removed and replaced by Windows Defender.

And now the OOBE error is logged.

[Time series]
  1. Install MSE on Windows 7
  2. Upgrade to Windows 10
  3. MSE removed and replaced by Windows Defender

EppOobe.etl is a file used by MSE for the initial setup.

However,

When I checked EppOobe.etl on the PC upgraded to Windows 10, I found that the upgrade date was the update date, so Windows Defender also refers to EppOobe.etl.

The path of EppOobe.etl is as follows.

C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl

Properties of EppOobe.etl

Repair method

There are 3 types.

[procedure]

  1. Delete EppOobe.etl
  2. Change the value of the registry that loads EppOobe.etl
  3. Disable Microsoft Security Client trace session

Steps B and C are recommended as Step A may recur.

Performing step C changes the registry value of EppOobe.etl, so steps B and C have the same effect.

Step C is described here.

Step C

1. Display Computer Management
Windows 10> Right-click the Start Menu button> Computer Management
2. View the startup event trace session
Computer Management (Local)> Performance> Data Collector Set> Startup Event Trace Session

Startup event trace session
3. View Microsoft Security Client OOBE properties
Expand the Startup Event Trace session and double-click Microsoft Security Client OOBE.

Microsoft Security Client OOBE
4. Trace session tab
☑ Uncheck Enable and click OK.

Trace session
5. End of procedure
This completes the procedure.

Restart your PC and check the Event Viewer.

Summary

First, try procedure C.

If it doesn't improve, try step B

Be careful when handling Step B, as it uses the Registry Editor.

Resurrect

In my case, Event-ID3 came back when I upgraded to Windows 10, version 1803.

At that time, Step C could not be repaired, so Step B was performed.

Validation: Windows 10 Pro Fall Creators Update, v1709
SC2
ブログサークルSNS
クリックして応援してね!
人気ブログランキングPVアクセスランキング にほんブログ村ブログランキング・にほんブログ村へ

このサイトを検索 | Search this site

コメントを投稿

0 コメント