Kaspersky Security events in Windows Event Log

This section contains information about basic events in the application operation that are recorded to Windows Event Log. Events related to Kaspersky Security operation are recorded to the Windows Event Log on behalf of the KSE source. Each of those events has a respective fixed event code. Events in this table are sorted by event code in ascending order.

Main events in the application operation

Event code

Event importance level

Description

1000

Error

Such an event is logged if the application detects that the Anti-Virus databases were last updated more than 24 hours ago. The event record specifies the database type and release date.

Warning

Such an event is logged if the application detects that the Anti-Spam databases were last updated more than five hours ago. The event record specifies the database type and release date.

1001

Info

Such an event is logged if the application detects an infected or protected object, or an attached file that meets the attachment filtering criteria, and if the workspace of the Notifications node has the Log events to Windows Event Log check box selected for the relevant notification types.

1004

Warning

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, the Notify about license expiration in advance (days before) setting is configured, and the license expires soon. The event record specifies the key, the license expiration date, and the number of days left until this date.

1005

Error

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the license has expired. The event record specifies the key and the license expiration date.

1007

Error

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and an active key is not detected.

1008

Info

Such an event is logged if the application databases have been updated to the latest version. The event record specifies the database type and release date.

1009

Error

Such an event is logged if the application registers any errors in the operation of a component. The event record specifies the component name and the error description.

Warning

Such an event is logged if the application registers the disabling of a component. The event record specifies the component name.

Info

Such an event is logged if the application registers the enabling of a component. The event record specifies the component name.

1010

Error

Such an event is logged if an error occurred on the SQL server and the database is not available anymore. The event record specifies the database name, the SQL server name, and the error description.

Info

Such an event is logged if access to the SQL database is restored and all errors are fixed. The event record specifies the database name and the SQL server name.

1011

Info

Such an event is logged if the user requested the background scan to run. The event record specifies the user account.

1012

Info

Such an event is logged if the user requested the background scan to stop. The event record specifies the user account.

1013

Info

Such an event is logged if the on-demand scan has been run manually or automatically (by schedule). The event record specifies the run type.

1014

Info

Such an event is logged if the background scan was stopped. The event record specifies the reason for the scan stop.

1015

Warning

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the application was not able to update the license status. The event record specifies the key, the license expiration date, and the number of days left until the application switches to limited functionality mode.

1016

Error

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, the application was not able to update the license status, and the license update period has expired. The event record provides a description of the cause of the error.

1025

Info

Such an event is logged if the Spam check box is selected in the Notifications node for the Spam and phishing event in the Notification settings section, and the application has detected a message containing spam or potential spam. The event record provides information about the message.

1026

Info

Such an event is logged if the Mass mail check box is selected in the Notifications node for the Spam and phishing event in the Notification settings section, and the application has detected a message containing mass mail. The event record provides information about the message.

1027

Info

Such an event is logged if the Phishing check box is selected in the Notifications node for the Spam and phishing event in the Notification settings section, and the application has detected a message containing a phishing link. The event record provides information about the message.

1028

Info

Such an event is logged if the Log events to Windows Event Log check box is selected in the Notifications node for the Filtering messages of the same type event in the Notification settings section and the application detects that the limit on the number of messages sent from an internal email address has been exceeded. The event record provides information about the most recently filtered message.

11010

Info

Such an event is logged if the Management Console has been run. The event record specifies the account of the user who has run the Management Console.

11011

Info

Such an event is logged if the Management Console was closed. The event record specifies the account of the user who closed the Management Console.

11020

Error

Such an event is logged if an application component switched to restricted scan mode. The event record specifies the component name and the time it switched to restricted scan mode.

11100

Warning

Such an event is logged if KSN usage is limited. The event record specifies whether KSN usage is limited.

11103

Info

Such an event is logged if KSN usage is unlimited. The event record specifies whether KSN usage is unlimited.

11106

Warning

Such an event is logged if the KSN operating region was changed. Event records indicate the names of the previous and current KSN operating regions.

2055

Error

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and an error occurred during automatic update of the license status. The event record provides a description of the cause of the error.

30000

Info

Such an event is logged if some of the application settings have been modified. The event record specifies the account of the user who modified the settings, the modification scope (for example, Anti-Spam), and the new values of the settings.

31000

Info

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, and the key status, license expiration date, and number of users or license type have changed. The event record specifies the key, the license type, the license expiration date, and the number of license users.

31022

Info

Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the user has performed an action on the Security Server key. The event record specifies the user account.

42404

Info

Such an event is logged if an object was deleted from Backup. The event record specifies detailed information about the object and the user account, if the object was deleted by a user. The application deletes an object according to the Backup settings.

42405

Info

Such an event is logged if the user sent a possibly infected object from Backup to Kaspersky for examination. The event record specifies the user account and the object details.

42406

Info

Such an event is logged if the user sent an object from Backup to its original recipients. The event record specifies the user account and the object details.

42421

Info

Such an event is logged if the user sent an object from Backup to Kaspersky for examination but the application identified this object as spam by mistake. The event record specifies the user account and the object details.

42422

Info

Such an event is logged if the user saved an object from Backup to disk. The event record specifies the user account and the object details.

42423

Info

Such an event is logged if the user sent an object from Backup to manually specified email addresses. The event record specifies the user account and the object details.

42706

Error

Such an event is logged if an update of the application databases fails. The event record specifies the database type and the error description.

42707

Info

Such an event is logged if an application database update error is fixed and the databases are successfully updated. The event record specifies the database type and release date.

48808

Info

Such an event is logged if the application detected an outgoing email message containing spam or phishing content. The event record contains information about the message.

Page top