ERROR:
I am receiving Event ID 11 "The driver detected a controller error on \Device\Harddisk1\DR##" (The number changes constantly, ranging from 1-40).
Question/Ask:
I am looking for a way to exclude the Serial Number of the "disk" in question (which I can grab through PowerShell "get-disk") from ever triggering this Event in the first place. Open to using a different Unique Identifier (from SN) if needed. Is this possible?
Backstory:
The "disk" in question is being caused by a scanner that is connected via a source computer (LAPTOP1) over an RDP session to the destination computer (DESKTOP1). Since the scanner does not work natively with RDP, I have a 3rd party application used to pass the scanner through the session. When LAPTOP1 closes the RDP session, the above mentioned Event ID 11 is triggered on DESKTOP1. I'm assuming Windows believes the abrupt loss of communication with the "disk" is an indication of error. Totally makes sense why it would think this. But these 'false positives' are clogging up Event Viewer logs and triggering our monitoring software, when in reality we don't care for this device.
Attempted:
I've attempted to locate the GUID for these Event ID's in order to modify this portion of the registry, as directed by some articles:
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System*
but come up empty handed on locating the GUID.
It's not available at the following location in Event Viewer:
-Event ID- > Right Click > Event Properties > Details > XML View.
I've utilized the following command and expected to find it under "ProviderId" with no luck:
**Get-WinEvent -LogName System | Where-Object Id -match 11| select -first 1 | select ***
I have no problem locating the GUID for other Event IDs, but this one eludes me. Even if I were to find the GUID, I'm not sure this registry exclusion would fix things either. If it even has a child item for it.
Ideas:
The only way I can think of doing this is through Scheduled Tasks... where I would make a Task that triggers from Event ID 11, performs the action of running a PowerShell script which deletes Event ID 11 if it contains "SN blahblahblah" out of the log. But now that I'm looking at that, I don't see the SN in the log entries XML anyways...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 97%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 61%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)