使用事件查看器查看事件和错误Review events and errors using Event Viewer

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

可以在各个设备上的事件查看器 中查看 事件 ID。You can review event IDs in the Event Viewer on individual devices.

例如,如果设备未显示在"设备"列表中,你可能需要在设备上查找事件 ID。For example, if devices aren't appearing in the Devices list, you might need to look for event IDs on the devices. 然后,可以使用此表确定进一步的疑难解答步骤。You can then use this table to determine further troubleshooting steps.

打开事件查看器并查找 Microsoft Defender for Endpoint 服务事件日志:Open Event Viewer and find the Microsoft Defender for Endpoint service event log:

  1. 单击 菜单 上的"开始 Windows,键入事件查看器,然后按 Enter。Click Start on the Windows menu, type Event Viewer, and press Enter.

  2. 在日志列表中的"日志 摘要"下,滚动,直到看到 Microsoft-Windows-SENSE/Operational。In the log list, under Log Summary, scroll until you see Microsoft-Windows-SENSE/Operational. 双击该项以打开日志。Double-click the item to open the log.

    a.a. 您还可以通过展开应用程序和服务日志Microsoft Windows SENSE 并单击操作 来访问 > > > 日志You can also access the log by expanding Applications and Services Logs > Microsoft > Windows > SENSE and click on Operational.

    备注

    SENSE 是内部名称,用于引用支持 Microsoft Defender for Endpoint 的行为传感器。SENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender for Endpoint.

  3. 服务记录的事件将显示在日志中。Events recorded by the service will appear in the log. 有关服务记录的事件的列表,请参阅下表。See the following table for a list of events recorded by the service.

事件 IDEvent ID 邮件Message 说明Description ActionAction
11 Microsoft Defender for Endpoint 服务 (版本 variable) 。Microsoft Defender for Endpoint service started (Version variable). 在系统启动、关闭和载入期间发生。Occurs during system startup, shut down, and during onboarding. 正常操作通知;无需任何操作。Normal operating notification; no action required.
22 Microsoft Defender for Endpoint 服务关闭。Microsoft Defender for Endpoint service shutdown. 在设备关闭或载出时发生。Occurs when the device is shut down or offboarded. 正常操作通知;无需任何操作。Normal operating notification; no action required.
33 Microsoft Defender for Endpoint 服务启动失败。Microsoft Defender for Endpoint service failed to start. 失败代码 variable :。Failure code: variable. 服务未启动。Service didn't start. 查看其他消息以确定可能的原因和疑难解答步骤。Review other messages to determine possible cause and troubleshooting steps.
4 4 Microsoft Defender for Endpoint 服务与 位于 的服务器联系 variableMicrosoft Defender for Endpoint service contacted the server at variable. 变量 = 适用于终结点处理服务器的 Defender 的 URL。Variable = URL of the Defender for Endpoint processing servers.
此 URL 将匹配防火墙或网络活动中显示的内容。This URL will match that seen in the Firewall or network activity.
正常操作通知;无需任何操作。Normal operating notification; no action required.
5 5 Microsoft Defender for Endpoint 服务无法连接到 位于 的服务器 variableMicrosoft Defender for Endpoint service failed to connect to the server at variable. 变量 = 适用于终结点处理服务器的 Defender 的 URL。Variable = URL of the Defender for Endpoint processing servers.
该服务无法通过该 URL 与外部处理服务器联系。The service couldn't contact the external processing servers at that URL.
检查与 URL 的连接。Check the connection to the URL. 请参阅 配置代理和 Internet 连接See Configure proxy and Internet connectivity.
6 6 Microsoft Defender for Endpoint 服务未载入,并且未找到任何载入参数。Microsoft Defender for Endpoint service is not onboarded and no onboarding parameters were found. 设备未正确载入,不会向门户报告。The device didn't onboard correctly and won't be reporting to the portal. 在启动该服务之前,必须运行载入。Onboarding must be run before starting the service.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
7 7 Microsoft Defender for Endpoint 服务无法读取载入参数。Microsoft Defender for Endpoint service failed to read the onboarding parameters. 失败 variable :。Failure: variable. 变量 = 详细的错误描述。Variable = detailed error description. 设备未正确载入,不会向门户报告。The device didn't onboard correctly and won't be reporting to the portal. 检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
8 8 Microsoft Defender for Endpoint 服务无法清理其配置。Microsoft Defender for Endpoint service failed to clean its configuration. 失败代码 variable :。Failure code: variable. 载入期间: 服务在载入期间未能清理其配置。During onboarding: The service failed to clean its configuration during the onboarding. 载入过程继续进行。The onboarding process continues.

在载出期间: 该服务在载出过程中未能清理其配置。During offboarding: The service failed to clean its configuration during the offboarding. 载出过程已完成,但服务继续运行。The offboarding process finished but the service keeps running.
载入: 无需任何操作。Onboarding: No action required.

载出: 重新启动系统。Offboarding: Reboot the system.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
9 9 Microsoft Defender for Endpoint 服务未能更改其启动类型。Microsoft Defender for Endpoint service failed to change its start type. 失败代码 variable :。Failure code: variable. 载入期间: 设备未正确载入,不会向门户报告。During onboarding: The device didn't onboard correctly and won't be reporting to the portal.

在载出期间: 未能更改服务启动类型。During offboarding: Failed to change the service start type. 载出过程继续进行。The offboarding process continues.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
10 10 Microsoft Defender for Endpoint 服务无法保留载入信息。Microsoft Defender for Endpoint service failed to persist the onboarding information. 失败代码 variable :。Failure code: variable. 设备未正确载入,不会向门户报告。The device didn't onboard correctly and won't be reporting to the portal. 检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
1111 已完成 Defender for Endpoint 服务的载入或重新载入。Onboarding or re-onboarding of Defender for Endpoint service completed. 设备已正确载入。The device onboarded correctly. 正常操作通知;无需任何操作。Normal operating notification; no action required.
设备可能需要几个小时才能显示在门户中。It may take several hours for the device to appear in the portal.
12 12 Microsoft Defender for Endpoint 无法应用默认配置。Microsoft Defender for Endpoint failed to apply the default configuration. 服务无法应用默认配置。Service was unable to apply the default configuration. 此错误应在短时间内解决。This error should resolve after a short period of time.
1313 计算得出的 Microsoft Defender for Endpoint 设备 variable ID:。Microsoft Defender for Endpoint device ID calculated: variable. 正常操作过程。Normal operating process. 正常操作通知;无需任何操作。Normal operating notification; no action required.
1515 Microsoft Defender for Endpoint 无法使用 URL 启动命令通道 variable :。Microsoft Defender for Endpoint cannot start command channel with URL: variable. 变量 = 适用于终结点处理服务器的 Defender 的 URL。Variable = URL of the Defender for Endpoint processing servers.
该服务无法通过该 URL 与外部处理服务器联系。The service couldn't contact the external processing servers at that URL.
检查与 URL 的连接。Check the connection to the URL. 请参阅 配置代理和 Internet 连接See Configure proxy and Internet connectivity.
17 17 Microsoft Defender for Endpoint 服务未能更改连接用户体验和遥测服务位置。Microsoft Defender for Endpoint service failed to change the Connected User Experiences and Telemetry service location. 失败代码 variable :。Failure code: variable. 遥测服务Windows错误。An error occurred with the Windows telemetry service. 确保诊断数据服务已启用Ensure the diagnostic data service is enabled.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
18 18 OOBE (Windows完成) 欢迎使用。OOBE (Windows Welcome) is completed. 只有在任何更新完成安装Windows服务才能启动。Service will only start after any Windows updates have finished installing. 正常操作通知;无需任何操作。Normal operating notification; no action required.
1919 OOBE (Windows欢迎) 尚未完成。OOBE (Windows Welcome) has not yet completed. 只有在任何更新完成安装Windows服务才能启动。Service will only start after any Windows updates have finished installing. 正常操作通知;无需任何操作。Normal operating notification; no action required.
如果此错误在系统重新启动后仍然存在,请确保Windows安装完整更新。If this error persists after a system restart, ensure all Windows updates have full installed.
2020 无法等待 OOBE (Windows欢迎) 完成。Cannot wait for OOBE (Windows Welcome) to complete. 失败代码 variable :。Failure code: variable. 内部错误。Internal error. 如果此错误在系统重新启动后仍然存在,请确保Windows安装完整更新。If this error persists after a system restart, ensure all Windows updates have full installed.
2525 Microsoft Defender for Endpoint 服务无法重置注册表中的运行状况状态。Microsoft Defender for Endpoint service failed to reset health status in the registry. 失败代码 variable :。Failure code: variable. 设备未正确载入。The device didn't onboard correctly. 它将报告给门户,但该服务可能不会显示为在 SCCM 或注册表中注册。It will report to the portal, however the service may not appear as registered in SCCM or the registry. 检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
2626 Microsoft Defender for Endpoint 服务未能在注册表中设置载入状态。Microsoft Defender for Endpoint service failed to set the onboarding status in the registry. 失败代码 variable :。Failure code: variable. 设备未正确载入。The device didn't onboard correctly.
它将报告给门户,但该服务可能不会显示为在 SCCM 或注册表中注册。It will report to the portal, however the service may not appear as registered in SCCM or the registry.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
2727 Microsoft Defender for Endpoint 服务在运行中无法启用 SENSE 感知Microsoft Defender 防病毒。Microsoft Defender for Endpoint service failed to enable SENSE aware mode in Microsoft Defender Antivirus. 载入过程失败。Onboarding process failed. 失败代码 variable :。Failure code: variable. 通常,Microsoft Defender 防病毒设备正常运行,并且设备正在向 Defender for Endpoint 报告其他实时反恶意软件产品,则设备将进入特殊的被动状态。Normally, Microsoft Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Defender for Endpoint. 检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
确保实时反恶意软件保护运行正常。Ensure real-time antimalware protection is running properly.
2828 Microsoft Defender 终结点连接用户体验和遥测服务注册失败。Microsoft Defender for Endpoint Connected User Experiences and Telemetry service registration failed. 失败代码 variable :。Failure code: variable. 遥测服务Windows错误。An error occurred with the Windows telemetry service. 确保诊断数据服务已启用Ensure the diagnostic data service is enabled.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
2929 未能读取 offboarding参数。Failed to read the offboarding parameters. 错误类型:%1,错误代码:%2,说明:%3Error type: %1, Error code: %2, Description: %3 当系统无法读取'时,将发生此事件。This event occurs when the system can't read the offboarding parameters. 确保设备可以访问 Internet,然后再次运行整个载出过程。Ensure the device has Internet access, then run the entire offboarding process again. 确保载出包尚未过期。Ensure the offboarding package hasn't expired.
3030 Microsoft Defender for Endpoint 服务在运行中无法禁用 SENSE 感知Microsoft Defender 防病毒。Microsoft Defender for Endpoint service failed to disable SENSE aware mode in Microsoft Defender Antivirus. 失败代码 variable :。Failure code: variable. 通常,Microsoft Defender 防病毒设备正常运行,并且设备正在向 Defender for Endpoint 报告其他实时反恶意软件产品,则设备将进入特殊的被动状态。Normally, Microsoft Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the device, and the device is reporting to Defender for Endpoint. 检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices
确保实时反恶意软件保护运行正常。Ensure real-time antimalware protection is running properly.
3131 Microsoft Defender 终结点连接用户体验和遥测服务注销失败。Microsoft Defender for Endpoint Connected User Experiences and Telemetry service unregistration failed. 失败代码 variable :。Failure code: variable. 载入期间,Windows遥测服务出错。An error occurred with the Windows telemetry service during onboarding. 载出过程继续进行。The offboarding process continues. 检查遥测服务 Windows错误Check for errors with the Windows telemetry service.
3232 Microsoft Defender for Endpoint 服务在离开进程后无法请求自行停止。Microsoft Defender for Endpoint service failed to request to stop itself after offboarding process. 失败代码:%1Failure code: %1 在载出期间出错。An error occurred during offboarding. 重新启动设备。Reboot the device.
3333 Microsoft Defender for Endpoint 服务无法保留 SENSE GUID。Microsoft Defender for Endpoint service failed to persist SENSE GUID. 失败代码 variable :。Failure code: variable. 唯一标识符用于表示向门户报告的每个设备。A unique identifier is used to represent each device that is reporting to the portal.
如果标识符未保留,同一设备可能在门户中出现两次。If the identifier doesn't persist, the same device might appear twice in the portal.
检查设备的注册表权限,以确保服务可以更新注册表。Check registry permissions on the device to ensure the service can update the registry.
3434 Microsoft Defender for Endpoint 服务无法将自身添加为连接用户体验和遥测服务的依赖项,从而导致载入过程失败。Microsoft Defender for Endpoint service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. 失败代码 variable :。Failure code: variable. 遥测服务Windows错误。An error occurred with the Windows telemetry service. 确保诊断数据服务已启用Ensure the diagnostic data service is enabled.
检查载入设置和脚本是否正确部署。Check that the onboarding settings and scripts were deployed properly. 尝试重新部署配置包。Try to redeploy the configuration packages.
请参阅载入Windows 10设备See Onboard Windows 10 devices.
3535 Microsoft Defender for Endpoint 服务无法删除自身作为连接用户体验和遥测服务的依赖项。Microsoft Defender for Endpoint service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. 失败代码 variable :。Failure code: variable. 在载出期间Windows遥测服务出错。An error occurred with the Windows telemetry service during offboarding. 载出过程继续进行。The offboarding process continues. 检查诊断数据服务Windows错误。Check for errors with the Windows diagnostic data service.
3636 Microsoft Defender 终结点连接用户体验和遥测服务注册成功。Microsoft Defender for Endpoint Connected User Experiences and Telemetry service registration succeeded. 完成代码 variable :。Completion code: variable. 为终结点注册已成功完成连接用户体验和遥测服务的 Defender。Registering Defender for Endpoint with the Connected User Experiences and Telemetry service completed successfully. 正常操作通知;无需任何操作。Normal operating notification; no action required.
3737 Microsoft Defender for Endpoint A 模块即将超过其配额。Microsoft Defender for Endpoint A module is about to exceed its quota. 模块:%1,配额:{%2} {%3},配额使用率百分比:%4。Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4. 设备几乎已使用当前 24 小时时段的已分配配额。The device has almost used its allocated quota of the current 24-hour window. 即将被限制。It’s about to be throttled. 正常操作通知;无需任何操作。Normal operating notification; no action required.
3838 网络连接标识为低。Network connection is identified as low. Microsoft Defender for Endpoint 将每 %1 分钟与服务器联系一次。Microsoft Defender for Endpoint will contact the server every %1 minutes. 按流量计费的连接:%2,Internet 可用:%3,可用网络:%4。Metered connection: %2, internet available: %3, free network available: %4. 设备使用按流量计费/付费网络,并且与服务器联系的频率将较低。The device is using a metered/paid network and will be contacting the server less frequently. 正常操作通知;无需任何操作。Normal operating notification; no action required.
3939 网络连接被标识为正常连接。Network connection is identified as normal. Microsoft Defender for Endpoint 将每 %1 分钟与服务器联系一次。Microsoft Defender for Endpoint will contact the server every %1 minutes. 按流量计费的连接:%2,Internet 可用:%3,可用网络:%4。Metered connection: %2, internet available: %3, free network available: %4. 设备没有使用按流量计费/付费的连接,将照常与服务器联系。The device isn't using a metered/paid connection and will contact the server as usual. 正常操作通知;无需任何操作。Normal operating notification; no action required.
4040 电池状态标识为低。Battery state is identified as low. Microsoft Defender for Endpoint 将每 %1 分钟与服务器联系一次。Microsoft Defender for Endpoint will contact the server every %1 minutes. 电池状态:%2。Battery state: %2. 设备具有低电池电量,并且与服务器的联系频率较低。The device has low battery level and will contact the server less frequently. 正常操作通知;无需任何操作。Normal operating notification; no action required.
4141 电池状态标识为正常。Battery state is identified as normal. Microsoft Defender for Endpoint 将每 %1 分钟与服务器联系一次。Microsoft Defender for Endpoint will contact the server every %1 minutes. 电池状态:%2。Battery state: %2. 设备没有低电池电量,将照常与服务器联系。The device doesn’t have low battery level and will contact the server as usual. 正常操作通知;无需任何操作。Normal operating notification; no action required.
4242 Microsoft Defender for Endpoint 组件无法执行操作。Microsoft Defender for Endpoint component failed to perform action. 组件:%1,操作:%2,异常类型:%3,异常消息:%4Component: %1, Action: %2, Exception Type: %3, Exception message: %4 内部错误。Internal error. 服务启动失败。The service failed to start. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
4343 Microsoft Defender for Endpoint 组件无法执行操作。Microsoft Defender for Endpoint component failed to perform action. 组件:%1,操作:%2,异常类型:%3,异常错误:%4,异常消息:%5Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5 内部错误。Internal error. 服务启动失败。The service failed to start. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
4444 已完成 Defender for Endpoint Service 的载出。Offboarding of Defender for Endpoint service completed. 服务已载出。The service was offboarded. 正常操作通知;无需任何操作。Normal operating notification; no action required.
4545 未能注册和启动事件跟踪会话 [%1]。Failed to register and to start the event trace session [%1]. 错误代码:%2Error code: %2 创建 ETW 会话时,服务启动出错。An error occurred on service startup while creating ETW session. 这导致了服务启动失败。This caused service start-up failure. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
4646 由于缺少资源,无法注册和启动事件跟踪会话 [%1]。Failed to register and start the event trace session [%1] due to lack of resources. 错误代码:%2。Error code: %2. 这很可能是因为活动事件跟踪会话过多。This is most likely because there are too many active event trace sessions. 该服务将在 1 分钟内重试。The service will retry in 1 minute. 创建 ETW 会话时,服务启动出错,因为缺少资源。An error occurred on service startup while creating ETW session due to lack of resources. 该服务已启动且正在运行,但在启动 ETW 会话之前不会报告任何传感器事件。The service started and is running, but won't report any sensor event until the ETW session is started. 正常操作通知;无需任何操作。Normal operating notification; no action required. 该服务将尝试每分钟启动会话。The service will try to start the session every minute.
4747 已成功注册并启动事件跟踪会话 - 在上一次尝试失败后恢复。Successfully registered and started the event trace session - recovered after previous failed attempts. 在成功启动 ETW 会话后,此事件跟在上一个事件之后。This event follows the previous event after successfully starting of the ETW session. 正常操作通知;无需任何操作。Normal operating notification; no action required.
4848 未能将提供程序 [%1] 添加到事件跟踪会话 [%2]。Failed to add a provider [%1] to event trace session [%2]. 错误代码:%3。Error code: %3. 这意味着不会报告来自此提供程序的事件。This means that events from this provider will not be reported. 未能将提供程序添加到 ETW 会话。Failed to add a provider to ETW session. 因此,不会报告提供程序事件。As a result, the provider events aren’t reported. 检查错误代码。Check the error code. 如果错误仍然存在,请联系支持人员。If the error persists contact Support.
4949 收到并忽略无效的云配置命令。Invalid cloud configuration command received and ignored. 版本:%1,状态:%2,错误代码:%3,消息:%4Version: %1, status: %2, error code: %3, message: %4 从已忽略的云服务收到无效的配置文件。Received an invalid configuration file from the cloud service that was ignored. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
5050 已成功应用新的云配置。New cloud configuration applied successfully. 版本:%1。Version: %1. 已成功应用云服务中的新配置。Successfully applied a new configuration from the cloud service. 正常操作通知;无需任何操作。Normal operating notification; no action required.
5151 新云配置应用失败,版本:%1。New cloud configuration failed to apply, version: %1. 已成功应用上一个已知良好的配置版本 %2。Successfully applied the last known good configuration, version %2. 从云服务收到错误配置文件。Received a bad configuration file from the cloud service. 已成功应用上一个已知良好的配置。Last known good configuration was applied successfully. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
5252 新云配置应用失败,版本:%1。New cloud configuration failed to apply, version: %1. 还未能应用上一个已知良好的配置版本 %2。Also failed to apply last known good configuration, version %2. 已成功应用默认配置。Successfully applied the default configuration. 从云服务收到错误配置文件。Received a bad configuration file from the cloud service. 未能应用上一个已知的良好配置,并且应用了默认配置。Failed to apply the last known good configuration - and the default configuration was applied. 该服务将尝试在 5 分钟内下载新的配置文件。The service will attempt to download a new configuration file within 5 minutes. 如果看不到事件或#50联系支持人员。If you don't see event #50 - contact Support.
5353 从持久性存储加载的云配置,版本:%1。Cloud configuration loaded from persistent storage, version: %1. 配置是在服务启动时从永久性存储加载的。The configuration was loaded from persistent storage on service startup. 正常操作通知;无需任何操作。Normal operating notification; no action required.
5555 未能创建安全 ETW 自动记录器。Failed to create the Secure ETW autologger. 失败代码:%1Failure code: %1 未能创建安全的 ETW 记录器。Failed to create the secure ETW logger. 重新启动设备。Reboot the device. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
5656 未能删除安全 ETW 自动记录器。Failed to remove the Secure ETW autologger. 失败代码:%1Failure code: %1 在载出时未能删除安全 ETW 会话。Failed to remove the secure ETW session on offboarding. 联系支持人员。Contact Support.
5757 捕获计算机快照以进行故障排除。Capturing a snapshot of the machine for troubleshooting purposes. 正在收集调查包(也称为取证包)。An investigation package, also known as forensics package, is being collected. 正常操作通知;无需任何操作。Normal operating notification; no action required.
5959 启动命令:%1Starting command: %1 开始执行响应命令。Starting response command execution. 正常操作通知;无需任何操作。Normal operating notification; no action required.
6060 未能运行命令 %1,错误:%2。Failed to run command %1, error: %2. 未能执行响应命令。Failed to execute response command. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
6161 数据收集命令参数无效:SasUri:%1,compressionLevel:%2。Data collection command parameters are invalid: SasUri: %1, compressionLevel: %2. 无法读取或分析数据集合命令参数, (参数) 。Failed to read or parse the data collection command arguments (invalid arguments). 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
6262 无法启动连接用户体验和遥测服务。Failed to start Connected User Experiences and Telemetry service. 失败代码:%1Failure code: %1 diagtrack 服务 (连接用户体验) 遥测服务失败。Connected User Experiences and Telemetry (diagtrack) service failed to start. 不会从此计算机发送非 Microsoft Defender for Endpoint 遥测。Non-Microsoft Defender for Endpoint telemetry won't be sent from this machine. 在事件日志中查找更多疑难解答提示:Microsoft-Windows-UniversalTelemetryClient/Operational。Look for more troubleshooting hints in the event log: Microsoft-Windows-UniversalTelemetryClient/Operational.
6363 更新外部服务的启动类型。Updating the start type of external service. 名称:%1,实际开始类型:%2,预期开始类型:%3,退出代码:%4Name: %1, actual start type: %2, expected start type: %3, exit code: %4 更新了外部服务的启动类型。Updated start type of the external service. 正常操作通知;无需任何操作。Normal operating notification; no action required.
6464 启动已停止的外部服务。Starting stopped external service. 名称:%1,退出代码:%2Name: %1, exit code: %2 启动外部服务。Starting an external service. 正常操作通知;无需任何操作。Normal operating notification; no action required.
6565 未能加载 Microsoft 安全事件组件微筛选器驱动程序。Failed to load Microsoft Security Events Component Minifilter driver. 失败代码:%1Failure code: %1 未能加载MsSecFlt.sys微筛选器。Failed to load MsSecFlt.sys filesystem minifilter. 重新启动设备。Reboot the device. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
6666 策略更新:延迟模式 - %1Policy update: Latency mode - %1 更新C&C 连接频率策略。The C&C connection frequency policy was updated. 正常操作通知;无需任何操作。Normal operating notification; no action required.
6868 服务的启动类型是意外的。The start type of the service is unexpected. 服务名称:%1,实际启动类型:%2,预期启动类型:%3Service name: %1, actual start type: %2, expected start type: %3 意外的外部服务启动类型。Unexpected external service start type. 修复外部服务启动类型。Fix the external service start type.
6969 服务已停止。The service is stopped. 服务名称:%1Service name: %1 外部服务已停止。The external service is stopped. 启动外部服务。Start the external service.
7070 策略更新:允许示例集合 - %1Policy update: Allow sample collection - %1 示例集合策略已更新。The sample collection policy was updated. 正常操作通知;无需任何操作。Normal operating notification; no action required.
7171 成功运行命令:%1Succeeded to run command: %1 命令已成功执行。The command was executed successfully. 正常操作通知;无需任何操作。Normal operating notification; no action required.
7272 尝试发送第一个完整的计算机配置文件报告。Tried to send first full machine profile report. 结果代码:%1Result code: %1 仅供参考。Informational only. 正常操作通知;无需任何操作。Normal operating notification; no action required.
7373 从平台开始感知:%1Sense starting for platform: %1 仅供参考。Informational only. 正常操作通知;无需任何操作。Normal operating notification; no action required.
7474 注册表中的设备标记超出长度限制。Device tag in registry exceeds length limit. 标记名称:%2。Tag name: %2. 长度限制:%1。Length limit: %1. 设备标记超出长度限制。The device tag exceeds the length limit. 使用较短的设备标记。Use a shorter device tag.
8181 未能为终结点 ETW 自动记录器创建 Microsoft Defender。Failed to create Microsoft Defender for Endpoint ETW autologger. 失败代码:%1Failure code: %1 未能创建 ETW 会话。Failed to create the ETW session. 重新启动设备。Reboot the device. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
8282 未能删除适用于 Endpoint ETW 自动记录器 Microsoft Defender。Failed to remove Microsoft Defender for Endpoint ETW autologger. 失败代码:%1Failure code: %1 未能删除 ETW 会话。Failed to delete the ETW session. 联系支持人员。Contact Support.
8484 设置Windows Defender 防病毒模式。Set Windows Defender Antivirus running mode. 强制被动模式:%1,结果代码:%2。Force passive mode: %1, result code: %2. 将 defender 运行模式设置为 (或被动) 。Set defender running mode (active or passive). 正常操作通知;无需任何操作。Normal operating notification; no action required.
8585 未能触发 Microsoft Defender for Endpoint 可执行文件。Failed to trigger Microsoft Defender for Endpoint executable. 失败代码:%1Failure code: %1 Starring SenseIR 可执行文件失败。Starring SenseIR executable failed. 重新启动设备。Reboot the device. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
8686 再次启动已停止应启动的外部服务。Starting again stopped external service that should be up. 名称:%1,退出代码:%2Name: %1, exit code: %2 再次启动外部服务。Starting the external service again. 正常操作通知;无需任何操作。Normal operating notification; no action required.
8787 无法启动外部服务。Cannot start the external service. 名称:%1Name: %1 无法启动外部服务。Failed to start the external service. 联系支持人员。Contact Support.
8888 再次更新外部服务的启动类型。Updating the start type of external service again. 名称:%1,实际开始类型:%2,预期开始类型:%3,退出代码:%4Name: %1, actual start type: %2, expected start type: %3, exit code: %4 更新了外部服务的启动类型。Updated the start type of the external service. 正常操作通知;无需任何操作。Normal operating notification; no action required.
8989 无法更新外部服务的启动类型。Cannot update the start type of external service. 名称:%1,实际开始类型:%2,预期开始类型:%3Name: %1, actual start type: %2, expected start type: %3 无法更新外部服务的启动类型。Can't update the start type of the external service. 联系支持人员。Contact Support.
9090 未能将 System Guard 运行时监视器配置为连接到地理位置 %1 中的云服务。Failed to configure System Guard Runtime Monitor to connect to cloud service in geo-region %1. 失败代码:%2Failure code: %2 System Guard 运行时监视器不会向云服务发送证明数据。System Guard Runtime Monitor won't send attestation data to the cloud service. 检查注册路径上的权限:"HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm"。Check the permissions on register path: "HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm". 如果没有问题,请联系支持人员。If no issues spotted, contact Support.
9191 未能删除 System Guard 运行时监视器地理位置信息。Failed to remove System Guard Runtime Monitor geo-region information. 失败代码:%1Failure code: %1 System Guard 运行时监视器不会向云服务发送证明数据。System Guard Runtime Monitor won't send attestation data to the cloud service. 检查注册路径上的权限:"HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm"。Check the permissions on register path: "HKLM\Software\Microsoft\Windows\CurrentVersion\Sgrm". 如果没有问题,请联系支持人员。If no issues spotted, contact Support.
9292 由于超过数据配额,停止发送传感器网络数据配额。Stopping sending sensor cyber data quota because data quota is exceeded. 配额期通过后,将恢复发送。Will resume sending once quota period passes. 状态掩码:%1State Mask: %1 超过限制。Exceed throttling limit. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9393 恢复发送传感器网络数据。Resuming sending sensor cyber data. 状态掩码:%1State Mask: %1 恢复网络数据提交。Resume cyber data submission. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9494 Microsoft Defender for Endpoint 可执行文件已启动Microsoft Defender for Endpoint executable has started SenseCE 可执行文件已启动。The SenseCE executable has started. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9595 Microsoft Defender for Endpoint 可执行文件已结束Microsoft Defender for Endpoint executable has ended SenseCE 可执行文件已结束。The SenseCE executable has ended. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9696 Microsoft Defender for Endpoint Init 已调用。Microsoft Defender for Endpoint Init has called. 结果代码:%2Result code: %2 SenseCE 可执行文件称为 MCE 初始化。The SenseCE executable has called MCE initialization. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9797 DLP 方案的云存在连接问题There are connectivity issues to the Cloud for the DLP scenario 存在影响 DLP 分类流的网络连接问题。There are network connectivity issues that affect the DLP classification flow. 检查网络连接。Check the network connectivity.
9898 已还原与 DLP 方案的云的连接The connectivity to the Cloud for the DLP scenario has been restored 已还原与网络的连接,DLP 分类流可以继续。The connectivity to the network was restored and the DLP classification flow can continue. 正常操作通知;无需任何操作。Normal operating notification; no action required.
9999 与服务器通信时,Sense 遇到以下错误: (%1) 。Sense has encountered the following error while communicating with server: (%1). 结果: (%2) Result: (%2) 发生通信错误。A communication error occurred. 检查事件日志中的以下事件,了解更多详细信息。Check the following events in the event log for further details.
100100 Microsoft Defender for Endpoint 可执行文件无法启动。Microsoft Defender for Endpoint executable failed to start. 失败代码:%1Failure code: %1 SenseCE 可执行文件无法启动。The SenseCE executable has failed to start. 重新启动设备。Reboot the device. 如果此错误仍然存在,请联系支持人员。If this error persists, contact Support.
102102 适用于终结点网络检测和响应可执行文件的 Microsoft Defender 已启动Microsoft Defender for Endpoint Network Detection and Response executable has started SenseNdr 可执行文件已启动。The SenseNdr executable has started. 正常操作通知;无需任何操作。Normal operating notification; no action required.
103103 适用于终结点网络检测和响应可执行文件的 Microsoft Defender 已结束Microsoft Defender for Endpoint Network Detection and Response executable has ended SenseNdr 可执行文件已结束。The SenseNdr executable has ended. 正常操作通知;无需任何操作。Normal operating notification; no action required.

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.