Server 2016 error "Event filter with query

EBQues 0 Reputation points
2023-03-16T20:37:34.3833333+00:00

Recently this error starting showing up in the logs and not sure what to do to fix it and to stop showing up.

any help.

below is the logs. 

Log Name:      Application
Source:        Microsoft-Windows-WMI
Date:          3/16/2023 4:17:08 PM
Event ID:      10
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      ......
Description:
Event filter with query "select * from __instancecreationevent within 60 where targetinstance isa "win32_service" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")" could not be reactivated in namespace "//./root/cimv2" because of error 0x8004106c. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI" Guid="{1EDEEE53-0AFE-4609-B846-D8C0B2075B1F}" />
    <EventID>10</EventID>
    <Version>2</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2023-03-16T20:17:08.577487500Z" />
    <EventRecordID>57185</EventRecordID>
    <Correlation ActivityID="{E34B8E6E-43A1-0002-38BE-56E3A143D901}" />
    <Execution ProcessID="1200" ThreadID="8532" />
    <Channel>Application</Channel>
    <Computer>......</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Query>select * from __instancecreationevent within 60 where targetinstance isa "win32_service" and ( targetinstance.name="msmpsvc" or targetinstance.name="windefend")</Query>
      <Namespace>//./root/cimv2</Namespace>
      <Error>0x8004106c</Error>
    </data_0x8000003F>
  </UserData>
</Event>
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,122 questions
Windows Server Printing
Windows Server Printing
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Printing: Printer centralized deployment and management, scan and fax resources management, and document services
640 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,931 Reputation points
    2023-03-17T16:33:57.6666667+00:00

    Hello there,

    You can try to collect more information regarding the Logs as I cannot grasp quite enough issues.

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. You can get the tool from here https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.You can get the tool from here https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

    Troubleshooting Windows Server components https://learn.microsoft.com/en-us/windows-server/troubleshoot/windows-server-troubleshooting

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments