This section contains information about basic events in the application operation that are recorded to Windows Event Log. Events related to the Kaspersky Security operation are recorded to Windows Event Log by KSCM8 (Kaspersky Security service). Each of those events has a respective fixed event code. Events in this table are sorted by event code in ascending order.
Main events in the application operation
Event code |
Task category |
Event importance level |
Description |
1000 |
Updates |
Error |
Such an event is logged if the application detects that the Anti-Virus databases were last updated more than 24 hours ago. The event record specifies the database type and release date. |
Warning |
Such an event is logged if the application detects that the Anti-Spam databases were last updated more than five hours ago. The event record specifies the database type and release date. |
||
1001 |
AntivirusScanner |
Info |
Such event is logged if the application detects an infected, corrupted, or protected object, or an attached file that meets the attachment filtering criteria, and if the workspace of the Notifications node has the Log the following events to Windows Event Log check box selected for the relevant notification types. |
1004 |
Licensing |
Warning |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, the Notify about license expiration in advance (days before) setting is configured, and the license expires soon. The event record specifies the key, the license expiration date, and the number of days left until this date. |
1005 |
Licensing |
Error |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the license has expired. The event record specifies the key and the license expiration date. |
1007 |
Licensing |
Error |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and an active key is not detected. |
1008 |
Updates |
Info |
Such an event is logged if the application databases have been updated to the latest version. The event record specifies the database type and release date. |
1009 |
AntispamScanner; AntivirusMailboxAgent; AntivirusTransportAgent; AttachmentFiltering; Dlp. |
Error |
Such an event is logged if the application registers any errors in the operation of a component. The event record specifies the component name and the error description. |
Warning |
Such an event is logged if the application registers the disabling of a component. The event record specifies the component name. |
||
Info |
Such an event is logged if the application registers the enabling of a component. The event record specifies the component name. |
||
1010 |
Database; DlpDatabase. |
Error |
Such an event is logged if an error occurred on the SQL server and the database is not available anymore. The event record specifies the database name, the SQL server name, and the error description. |
Info |
Such an event is logged if access to the SQL database is restored and all errors are fixed. The event record specifies the database name and the SQL server name. |
||
1011 |
AntivirusScanner |
Info |
Such an event is logged if the user requested the background scan to run. The event record specifies the user account. |
1012 |
AntivirusScanner |
Info |
Such an event is logged if the user requested the background scan to stop. The event record specifies the user account. |
1013 |
AntivirusScanner |
Info |
Such an event is logged if the on-demand scan has been run manually or automatically (by schedule). The event record specifies the run type. |
1014 |
AntivirusScanner |
Info |
Such an event is logged if the background scan was stopped. The event record specifies the reason for the scan stop. |
1015 |
Licensing |
Warning |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the application was not able to update the license status. The event record specifies the key, the license expiration date, and the number of days left until the application switches to limited functionality mode. |
1016 |
Licensing |
Error |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, the application was not able to update the license status, and the license update period has expired. The event record provides a description of the cause of the error. |
1025 |
AntispamScanner |
Info |
Such an event is logged if the Spam check box is selected in the Notifications node for the Spam messages event in the Notification settings section, and the application has detected a message containing spam or potential spam. The event record provides information about the message. |
1026 |
AntispamScanner |
Info |
Such an event is logged if the Mass mail check box is selected in the Notifications node for the Spam messages event in the Notification settings section, and the application has detected a message containing mass mail. The event record provides information about the message. |
1027 |
AntispamScanner |
Info |
Such an event is logged if the Phishing check box is selected in the Notifications node for the Spam messages event in the Notification settings section, and the application has detected a message containing a phishing link. The event record provides information about the message. |
11010 |
Infrastructure |
Info |
Such an event is logged if the Management Console has been run. The event record specifies the account of the user who has run the Management Console. |
11011 |
Infrastructure |
Info |
Such an event is logged if the Management Console was closed. The event record specifies the account of the user who closed the Management Console. |
11020 |
Infrastructure |
Error |
Such an event is logged if an application component switched to restricted scan mode. The event record specifies the component name and the time it switched to restricted scan mode. |
16000 |
Dlp |
Warning |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log setting is defined in the DLP Module policy and the application detected an email message that violated the security policy. |
16012 |
Dlp |
Warning |
Such an event is logged if the security officer attempted to save an incident-attached object to disk. |
16013 |
Dlp |
Warning |
Such an event is logged if the security officer archived some incidents. |
16014 |
Dlp |
Warning |
Such an event is logged if the security officer attempted to send incident details to his or her email address. |
16100 |
Dlp |
Info |
Such an event is logged if Kaspersky Lab categories were updated during the application database update. The event record specifies the names of categories that have been modified, as well as their brief descriptions. |
2055 |
Licensing |
Error |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and an error occurred during automatic update of the license status. The event record provides a description of the cause of the error. |
30000 |
Configuration |
Info |
Such an event is logged if some of the application settings have been modified. The event record specifies the account of the user who modified the settings, the modification scope (for example, Anti-Spam), and the new values of the settings. |
31000 |
Licensing |
Info |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node, and the key status, license expiration date, and number of users or license type have changed. The event record specifies the key, the license type, the license expiration date, and the number of license users. |
31022 |
Licensing |
Info |
Such an event is logged if the Log events to Windows Event Log and Kaspersky Security Center Event Log check box is selected in the Notifications node and the user has performed an action on the Security Server key or the DLP Module key. The event record specifies the user account. |
42404 |
Backup |
Info |
Such an event is logged if an object was deleted from Backup. The event record specifies detailed information about the object and the user account, if the object was deleted by a user. The application deletes an object according to the Backup settings. |
42405 |
Backup |
Info |
Such an event is logged if the user sent a possibly infected object from Backup to Kaspersky Lab for examination. The event record specifies the user account and the object details. |
42406 |
Backup |
Info |
Such an event is logged if the user sent an object from Backup to some recipients. The event record specifies the user account and the object details. |
42421 |
Backup |
Info |
Such an event is logged if the user sent an object from Backup to Kaspersky Lab for examination but the application identified this object as spam by mistake. The event record specifies the user account and the object details. |
42422 |
Backup |
Info |
Such an event is logged if the user saved an object from Backup to disk. The event record specifies the user account and the object details. |
42706 |
Updates |
Error |
Such an event is logged if an update of the application databases fails. The event record specifies the database type and the error description. |
42707 |
Updates |
Info |
Such an event is logged if an application database update error is fixed and the databases are successfully updated. The event record specifies the database type and release date. |
48808 |
AntispamScanner |
Info |
Such an event is logged if the application detected an outgoing email message containing spam or phishing content. The event record contains information about the message. |