堆栈内存溢出
  简体   繁体   English

从 C# 使用 Win32_ProcessStartTrace 时 Wmi-Activity 事件日志中的错误

[英]Error in Wmi-Activity event log when using Win32_ProcessStartTrace from C#

 原文  2018-12-10 10:10:45       c#/ wmi

问题描述

I am using Win32_ProcessStartTrace (and stop trace) as follows我使用 Win32_ProcessStartTrace(并停止跟踪)如下

m_ProcessStartEvent = new ManagementEventWatcher(m_Scope, new EventQuery("SELECT * FROM Win32_ProcessStartTrace"));
m_ProcessStartEvent.EventArrived += ProcessStartEvent_EventArrived;
m_ProcessStartEvent.Start();

...

m_ProcessStartEvent.Stop();
m_ProcessStartEvent.EventArrived -= ProcessStartEvent_EventArrived;
m_ProcessStartEvent.Dispose();

In the event log: Application and service Logs => Micorosft => windows => Wmi-Activity => Operational, I have the error在事件日志中:应用程序和服务日志 => Micorosft => windows => Wmi-Activity => 操作,我有错误

    System 
  - Provider 
   [ Name]  Microsoft-Windows-WMI-Activity 
   [ Guid]  {1418EF04-B0B4-4623-BF7E-D74AB47BBDAA} 
   EventID 5858 
   Version 0 
   Level 2 
   Task 0 
   Opcode 0 
   Keywords 0x4000000000000000 
  - TimeCreated 
   [ SystemTime]  2018-12-10T09:48:49.189515600Z 
   EventRecordID 161732 
  - Correlation 
   [ ActivityID]  {73689ED9-87E0-0005-48B2-8073E087D401} 
  - Execution 
   [ ProcessID]  2532 
   [ ThreadID]  9116 
   Channel Microsoft-Windows-WMI-Activity/Operational 
   Computer ...
  - Security 
   [ UserID]  S-1-5-18 
- UserData 
  - Operation_ClientFailure 
   Id {00000000-0000-0000-0000-000000000000} 
   ClientMachine ...
   User ...
   ClientProcessId 38256 
   Component Unknown 
   Operation Start IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT * FROM Win32_ProcessStartTrace 
   ResultCode 0x80041032 
   PossibleCause Unknown

Any ideas what is causing it and how to resolve it?任何想法是什么导致它以及如何解决它?

I do see我确实看到

https://support.microsoft.com/en-ca/help/3124914/wmi-activity-event-5858-logged-frequently-with-resultcode-0x80041032 https://support.microsoft.com/en-ca/help/3124914/wmi-activity-event-5858-logged-frequently-with-resultcode-0x80041032

but I don't understand if this is relevant and if so, what to do about it.但我不明白这是否相关,如果相关,该怎么办。

Thanks,谢谢,

1 个解决方案

解决方案1
 0  2021-02-06 11:41:19

For my situation on a windows 7 system it was a file in System32\\DRIVERS\\vdbus.sys left by comodo.对于我在 Windows 7 系统上的情况,它是 comodo 留下的 System32\\DRIVERS\\vdbus.sys 中的一个文件。 Deleted it and my wmi activity errors went away.删除它,我的 wmi 活动错误消失了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Win32_ProcessStartTrace 查询中的截断 ProcessName - Truncated ProcessName in Win32_ProcessStartTrace query Win32_ProcessStartTrace的ManagementEventWatcher不再适用于Win 8.1 - ManagementEventWatcher for Win32_ProcessStartTrace no longer working in Win 8.1 System.Management.ManagementException“访问被拒绝”与 Win32_ProcessStartTrace - System.Management.ManagementException "Access Denied" with Win32_ProcessStartTrace 为什么Win32_ProcessStopTrace-Events到达,但Win32_ProcessStartTrace没有到达? - Why Win32_ProcessStopTrace-Events arrive, but Win32_ProcessStartTrace doesn't? 记录到自定义事件日志(C#应用程序,但使用win32 API) - logging to custom event log (C# app, but using win32 API) C#WMI读取远程事件日志 - C# WMI reading remote event log 使用WMI / Win32_NetworkAdapterConfiguration轮询C#中的IP地址更改 - Polling for IP address change in C# using WMI/Win32_NetworkAdapterConfiguration C#使用WMI查询Win32_Fan class和风扇转速返回null? - C# using WMI to query Win32_Fan class and fan speed return null? C# WMI 方法 IsActivated 从 Win32_Tpm class 抛出“无效的方法参数” - C# WMI method IsActivated from Win32_Tpm class throws "Invalid method Parameter(s)" C#WMI Win32_ScheduledJob属性 - C# WMI Win32_ScheduledJob properties
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM