From 8f0020784dcf8011e10e43fe39283990036eba1d Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Wed, 11 Mar 2026 12:28:45 +0530 Subject: [PATCH 1/7] Initial check-in for ETW Name-GUID Mapping code Signed-off-by: Manish Ranjan Mahanta --- internal/oci/uvm.go | 8 +- internal/uvm/create_wcow.go | 51 +- internal/uvm/etw/default-logsources.json | 63 + internal/uvm/etw/etw-map.json | 4780 ++++++++++++++++++++++ internal/uvm/etw/provider_map.go | 279 ++ internal/uvm/log_wcow.go | 12 +- internal/uvm/types.go | 5 +- pkg/annotations/annotations.go | 11 +- 8 files changed, 5175 insertions(+), 34 deletions(-) create mode 100644 internal/uvm/etw/default-logsources.json create mode 100644 internal/uvm/etw/etw-map.json create mode 100644 internal/uvm/etw/provider_map.go diff --git a/internal/oci/uvm.go b/internal/oci/uvm.go index 6a330dd344..c579e477bd 100644 --- a/internal/oci/uvm.go +++ b/internal/oci/uvm.go @@ -419,12 +419,14 @@ func SpecToUVMCreateOpts(ctx context.Context, s *specs.Spec, id, owner string) ( if err := handleWCOWSecurityPolicy(ctx, s.Annotations, wopts); err != nil { return nil, err } - // If security policy is enable, wopts.ForwardLogs default value should be false + // If security policy is enable, wopts.DisableLogForwarding default value should be true (CWCOW should not allow log forwarding by default) if wopts.SecurityPolicyEnabled { - wopts.ForwardLogs = false + wopts.DisableLogForwarding = true } wopts.LogSources = ParseAnnotationsString(s.Annotations, annotations.LogSources, wopts.LogSources) - wopts.ForwardLogs = ParseAnnotationsBool(ctx, s.Annotations, annotations.ForwardLogs, wopts.ForwardLogs) + wopts.DisableLogForwarding = ParseAnnotationsBool(ctx, s.Annotations, annotations.DisableForwardLogs, wopts.DisableLogForwarding) + wopts.DisableDefaultLogSources = ParseAnnotationsBool(ctx, s.Annotations, annotations.DisableDefaultLogSources, wopts.DisableDefaultLogSources) + return wopts, nil } return nil, errors.New("cannot create UVM opts spec is not LCOW or WCOW") diff --git a/internal/uvm/create_wcow.go b/internal/uvm/create_wcow.go index 72308cf82b..41de890009 100644 --- a/internal/uvm/create_wcow.go +++ b/internal/uvm/create_wcow.go @@ -70,9 +70,10 @@ type OptionsWCOW struct { // AdditionalRegistryKeys are Registry keys and their values to additionally add to the uVM. AdditionalRegistryKeys []hcsschema.RegistryValue - OutputHandlerCreator vmutils.OutputHandlerCreator // Creates an [OutputHandler] that controls how output received over HVSocket from the UVM is handled. Defaults to parsing output as ETW Log events - LogSources string // ETW providers to be set for the logging service - ForwardLogs bool // Whether to forward logs to the host or not + OutputHandlerCreator vmutils.OutputHandlerCreator // Creates an [OutputHandler] that controls how output received over HVSocket from the UVM is handled. Defaults to parsing output as ETW Log events + LogSources string // ETW providers to be set for the logging service + DisableLogForwarding bool // Whether to disable forwarding of logs to the host or not + DisableDefaultLogSources bool // Whether to disable using default log sources } func defaultConfidentialWCOWOSBootFilesPath() string { @@ -111,9 +112,10 @@ func NewDefaultOptionsWCOW(id, owner string) *OptionsWCOW { SecurityPolicyEnabled: false, }, }, - OutputHandlerCreator: vmutils.ParseGCSLogrus, - ForwardLogs: true, // Default to true for WCOW, and set to false for CWCOW in internal/oci/uvm.go SpecToUVMCreateOpts - LogSources: "", + OutputHandlerCreator: vmutils.ParseGCSLogrus, + DisableLogForwarding: false, // Default to true for WCOW, and set to false for CWCOW in internal/oci/uvm.go SpecToUVMCreateOpts + DisableDefaultLogSources: false, + LogSources: "", } } @@ -291,7 +293,7 @@ func prepareCommonConfigDoc(ctx context.Context, uvm *UtilityVM, opts *OptionsWC } maps.Copy(doc.VirtualMachine.Devices.HvSocket.HvSocketConfig.ServiceTable, opts.AdditionalHyperVConfig) - if opts.ForwardLogs { + if !opts.DisableLogForwarding { key := prot.WindowsLoggingHvsockServiceID.String() doc.VirtualMachine.Devices.HvSocket.HvSocketConfig.ServiceTable[key] = hcsschema.HvSocketServiceConfig{ AllowWildcardBinds: true, @@ -562,22 +564,23 @@ func CreateWCOW(ctx context.Context, opts *OptionsWCOW) (_ *UtilityVM, err error log.G(ctx).WithField("options", log.Format(ctx, opts)).Debug("uvm::CreateWCOW options") uvm := &UtilityVM{ - id: opts.ID, - owner: opts.Owner, - operatingSystem: "windows", - scsiControllerCount: opts.SCSIControllerCount, - vsmbDirShares: make(map[string]*VSMBShare), - vsmbFileShares: make(map[string]*VSMBShare), - vpciDevices: make(map[VPCIDeviceID]*VPCIDevice), - noInheritHostTimezone: opts.NoInheritHostTimezone, - physicallyBacked: !opts.AllowOvercommit, - devicesPhysicallyBacked: opts.FullyPhysicallyBacked, - vsmbNoDirectMap: opts.NoDirectMap, - noWritableFileShares: opts.NoWritableFileShares, - createOpts: opts, - blockCIMMounts: make(map[string]*UVMMountedBlockCIMs), - logSources: opts.LogSources, - forwardLogs: opts.ForwardLogs, + id: opts.ID, + owner: opts.Owner, + operatingSystem: "windows", + scsiControllerCount: opts.SCSIControllerCount, + vsmbDirShares: make(map[string]*VSMBShare), + vsmbFileShares: make(map[string]*VSMBShare), + vpciDevices: make(map[VPCIDeviceID]*VPCIDevice), + noInheritHostTimezone: opts.NoInheritHostTimezone, + physicallyBacked: !opts.AllowOvercommit, + devicesPhysicallyBacked: opts.FullyPhysicallyBacked, + vsmbNoDirectMap: opts.NoDirectMap, + noWritableFileShares: opts.NoWritableFileShares, + createOpts: opts, + blockCIMMounts: make(map[string]*UVMMountedBlockCIMs), + logSources: opts.LogSources, + forwardLogs: !opts.DisableLogForwarding, + disableDefaultLogSources: opts.DisableDefaultLogSources, } defer func() { @@ -617,7 +620,7 @@ func CreateWCOW(ctx context.Context, opts *OptionsWCOW) (_ *UtilityVM, err error return nil, fmt.Errorf("error while creating the compute system: %w", err) } - if opts.ForwardLogs { + if !opts.DisableLogForwarding { // Create a socket that the executed program can send to. This is usually // used by Log Forward Service to send log data. uvm.outputHandler = opts.OutputHandlerCreator(opts.ID) diff --git a/internal/uvm/etw/default-logsources.json b/internal/uvm/etw/default-logsources.json new file mode 100644 index 0000000000..0694f2716d --- /dev/null +++ b/internal/uvm/etw/default-logsources.json @@ -0,0 +1,63 @@ +{ + "LogConfig": { + "sources": [ + { + "type": "ETW", + "providers": [ + { + "providerName": "Microsoft.Windows.HyperV.Compute", + "level": "Information" + }, + { + "providerName": "Microsoft-Windows-Guest-Network-Service", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.FileSystem.CimFS", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.FileSystem.UnionFs", + "level": "Information" + }, + { + "providerName": "Microsoft-Windows-BitLocker-Driver", + "level": "Information" + }, + { + "providerName": "Microsoft-windows-bitlocker-api", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Security.KeyGuard", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Security.KeyGuard.Attestation.Verify", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Containers.Setup", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Containers.Storage", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Containers.Library", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.Containers.DynamicImage", + "level": "Information" + }, + { + "providerName": "Microsoft.Windows.LogForwardService.Provider", + "level": "Information" + } + ] + } + ] + } +} diff --git a/internal/uvm/etw/etw-map.json b/internal/uvm/etw/etw-map.json new file mode 100644 index 0000000000..1640b705e7 --- /dev/null +++ b/internal/uvm/etw/etw-map.json @@ -0,0 +1,4780 @@ +{ + "EtwProviderMap": [ + { + "providerName": "Microsoft.Windows.Containers.Setup", + "providerGuid": "22267B1C-B979-5C81-9E24-0DB386A62DD1" + }, + { + "providerName": "Microsoft.Windows.Containers.Storage", + "providerGuid": "2551390d-5927-5c84-6f0a-027a7e78d38d" + }, + { + "providerName": "Microsoft.Windows.Containers.Library", + "providerGuid": "67eb0417-9297-42ae-a1d9-98bfeb359059" + }, + { + "providerName": "Microsoft.Windows.Containers.DynamicImage", + "providerGuid": "8CE2286C-3705-4A2A-8E36-134EAE9CA147" + }, + { + "providerName": "Microsoft.Windows.FileSystem.CimFS", + "providerGuid": "772ff917-30cf-50bd-d471-55a093ea8cf8" + }, + { + "providerName": "Microsoft.Windows.FileSystem.UnionFs", + "providerGuid": "68d6ffd0-365a-579d-6d26-76b2a0af1ddc" + }, + { + "providerName": "Microsoft-Windows-Guest-Network-Service", + "providerGuid": "0bacf1d2-fb51-549a-6119-04daa7180dc8" + }, + { + "providerName": "Microsoft.Windows.HyperV.Compute", + "providerGuid": "80CE50DE-D264-4581-950D-ABADEEE0D340" + }, + { + "providerName": "Microsoft.Windows.LogForwardService.Provider", + "providerGuid": "396A26FF-FB73-5465-0D17-DD493089623" + }, + { + "providerName": "Microsoft.Windows.Security.KeyGuard", + "providerGuid": "37e53459-522d-5f7d-9a19-ecfd819075c2" + }, + { + "providerName": "Microsoft.Windows.Security.KeyGuard.Attestation.Verify", + "providerGuid": "268833e4-8305-5640-ecee-0f30f10668be" + }, + { + "providerName": ".NET Common Language Runtime", + "providerGuid": "E13C0D23-CCBC-4E12-931B-D9CC2EEE27E4" + }, + { + "providerName": "ACPI Driver Trace Provider", + "providerGuid": "DAB01D4D-2D48-477D-B1C3-DAAD0CE6F06B" + }, + { + "providerName": "Active Directory Domain Services: SAM", + "providerGuid": "8E598056-8993-11D2-819E-0000F875A064" + }, + { + "providerName": "Active Directory: Kerberos Client", + "providerGuid": "BBA3ADD2-C229-4CDB-AE2B-57EB6966B0C4" + }, + { + "providerName": "Active Directory: NetLogon", + "providerGuid": "F33959B4-DBEC-11D2-895B-00C04F79AB69" + }, + { + "providerName": "ADODB.1", + "providerGuid": "04C8A86F-3369-12F8-4769-24E484A9E725" + }, + { + "providerName": "ADOMD.1", + "providerGuid": "7EA56435-3F2F-3F63-A829-F0B35B5CAD41" + }, + { + "providerName": "AppAgentRuntime", + "providerGuid": "D38B3095-6ABD-419F-A8D5-3D01B8B6A4E7" + }, + { + "providerName": "Application Error", + "providerGuid": "A0E9B465-B939-57D7-B27D-95D8E925FF57" + }, + { + "providerName": "Application Hang", + "providerGuid": "C631C3DC-C676-59E4-2DB3-5C0AF00F9675" + }, + { + "providerName": "Application Popup", + "providerGuid": "47BFA2B7-BD54-4FAC-B70B-29021084CA8F" + }, + { + "providerName": "Application-Addon-Event-Provider", + "providerGuid": "A83FA99F-C356-4DED-9FD6-5A5EB8546D68" + }, + { + "providerName": "ASP.NET Events", + "providerGuid": "AFF081FE-0247-4275-9C4E-021F3DC1DA35" + }, + { + "providerName": "ATA Port Driver Tracing Provider", + "providerGuid": "D08BD885-501E-489A-BAC6-B7D24BFE6BBF" + }, + { + "providerName": "AuthFw NetShell Plugin", + "providerGuid": "935F4AE6-845D-41C6-97FA-380DAD429B72" + }, + { + "providerName": "BCP.1", + "providerGuid": "24722B88-DF97-4FF6-E395-DB533AC42A1E" + }, + { + "providerName": "BFE Trace Provider", + "providerGuid": "106B464A-8043-46B1-8CB8-E92A0CD7A560" + }, + { + "providerName": "BITS Service Trace", + "providerGuid": "4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A" + }, + { + "providerName": "Bootstrapper", + "providerGuid": "498A78F0-D57B-488D-9666-B0E7F5473CD9" + }, + { + "providerName": "Certificate Services Client CredentialRoaming Trace", + "providerGuid": "EF4109DC-68FC-45AF-B329-CA2825437209" + }, + { + "providerName": "Certificate Services Client Trace", + "providerGuid": "F01B7774-7ED7-401E-8088-B576793D7841" + }, + { + "providerName": "Circular Kernel Session Provider", + "providerGuid": "54DEA73A-ED1F-42A4-AF71-3E63D056F174" + }, + { + "providerName": "Classpnp Driver Tracing Provider", + "providerGuid": "FA8DE7C4-ACDE-4443-9994-C4E2359A9EDB" + }, + { + "providerName": "Critical Section Trace Provider", + "providerGuid": "3AC66736-CC59-4CFF-8115-8DF50E39816B" + }, + { + "providerName": "DBNETLIB.1", + "providerGuid": "BD568F20-FCCD-B948-054E-DB3421115D61" + }, + { + "providerName": "Deduplication Tracing Provider", + "providerGuid": "5EBB59D1-4739-4E45-872D-B8703956D84B" + }, + { + "providerName": "Disk Class Driver Tracing Provider", + "providerGuid": "945186BF-3DD6-4F3F-9C8E-9EDD3FC9D558" + }, + { + "providerName": "Downlevel IPsec API", + "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A041" + }, + { + "providerName": "Downlevel IPsec NetShell Plugin", + "providerGuid": "E4FF10D8-8A88-4FC6-82C8-8C23E9462FE5" + }, + { + "providerName": "Downlevel IPsec Policy Store", + "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A070" + }, + { + "providerName": "Downlevel IPsec Service", + "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A040" + }, + { + "providerName": "EA IME API", + "providerGuid": "E2A24A32-00DC-4025-9689-C108C01991C5" + }, + { + "providerName": "Error Instrument", + "providerGuid": "CD7CF0D0-02CC-4872-9B65-0DBA0A90EFE8" + }, + { + "providerName": "FD Core Trace", + "providerGuid": "480217A9-F824-4BD4-BBE8-F371CAAF9A0D" + }, + { + "providerName": "FD Publication Trace", + "providerGuid": "649E3596-2620-4D58-A01F-17AEFE8185DB" + }, + { + "providerName": "FD SSDP Trace", + "providerGuid": "DB1D0418-105A-4C77-9A25-8F96A19716A4" + }, + { + "providerName": "FD WNet Trace", + "providerGuid": "8B20D3E4-581F-4A27-8109-DF01643A7A93" + }, + { + "providerName": "FD WSDAPI Trace", + "providerGuid": "7E2DBFC7-41E8-4987-BCA7-76CADFAD765F" + }, + { + "providerName": "FDPHost Service Trace", + "providerGuid": "F1C521CA-DA82-4D79-9EE4-D7A375723B68" + }, + { + "providerName": "File Kernel Trace; Operation Set 1", + "providerGuid": "D75D8303-6C21-4BDE-9C98-ECC6320F9291" + }, + { + "providerName": "File Kernel Trace; Operation Set 2", + "providerGuid": "058DD951-7604-414D-A5D6-A56D35367A46" + }, + { + "providerName": "File Kernel Trace; Optional Data", + "providerGuid": "7DA1385C-F8F5-414D-B9D0-02FCA090F1EC" + }, + { + "providerName": "File Kernel Trace; Volume To Log", + "providerGuid": "127D46AF-4AD3-489F-9165-F00BA64D5467" + }, + { + "providerName": "FWPKCLNT Trace Provider", + "providerGuid": "AD33FA19-F2D2-46D1-8F4C-E3C3087E45AD" + }, + { + "providerName": "FWPUCLNT Trace Provider", + "providerGuid": "5A1600D2-68E5-4DE7-BCF4-1C2D215FE0FE" + }, + { + "providerName": "Heap Trace Provider", + "providerGuid": "222962AB-6180-4B88-A825-346B75F2A24A" + }, + { + "providerName": "IISConfigurator", + "providerGuid": "753DC014-8B03-40D0-9EA9-1AF6B3084E0A" + }, + { + "providerName": "IISHost", + "providerGuid": "7F3D17A3-0A3D-43F1-BBF2-80E3BB04D54D" + }, + { + "providerName": "IKEEXT Trace Provider", + "providerGuid": "106B464D-8043-46B1-8CB8-E92A0CD7A560" + }, + { + "providerName": "IMAPI1 Shim", + "providerGuid": "1FF10429-99AE-45BB-8A67-C9E945B9FB6C" + }, + { + "providerName": "IMAPI2 Concatenate Stream", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9D" + }, + { + "providerName": "IMAPI2 Disc Master", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E91" + }, + { + "providerName": "IMAPI2 Disc Recorder", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E93" + }, + { + "providerName": "IMAPI2 Disc Recorder Enumerator", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E92" + }, + { + "providerName": "IMAPI2 dll", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E90" + }, + { + "providerName": "IMAPI2 Interleave Stream", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9E" + }, + { + "providerName": "IMAPI2 Media Eraser", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E97" + }, + { + "providerName": "IMAPI2 MSF", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9F" + }, + { + "providerName": "IMAPI2 Multisession Sequential", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7EA0" + }, + { + "providerName": "IMAPI2 Pseudo-Random Stream", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9C" + }, + { + "providerName": "IMAPI2 Raw CD Writer", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9A" + }, + { + "providerName": "IMAPI2 Raw Image Writer", + "providerGuid": "07E397EC-C240-4ED7-8A2A-B9FF0FE5D581" + }, + { + "providerName": "IMAPI2 Standard Data Writer", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E98" + }, + { + "providerName": "IMAPI2 Track-at-Once CD Writer", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E99" + }, + { + "providerName": "IMAPI2 Utilities", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E94" + }, + { + "providerName": "IMAPI2 Write Engine", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E96" + }, + { + "providerName": "IMAPI2 Zero Stream", + "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9B" + }, + { + "providerName": "IMAPI2FS Tracing", + "providerGuid": "F8036571-42D9-480A-BABB-DE7833CB059C" + }, + { + "providerName": "Intel-iaLPSS-GPIO", + "providerGuid": "D386CC7A-620A-41C1-ABF5-55018C6C699A" + }, + { + "providerName": "Intel-iaLPSS-I2C", + "providerGuid": "D4AEAC44-AD44-456E-9C90-33F8CDCED6AF" + }, + { + "providerName": "Intel-iaLPSS2-GPIO2", + "providerGuid": "63848CFF-3EC7-4DDF-8072-5F95E8C8EB98" + }, + { + "providerName": "Intel-iaLPSS2-I2C", + "providerGuid": "C2F86198-03CA-4771-8D4C-CE6E15CBCA56" + }, + { + "providerName": "IPMI Driver Trace", + "providerGuid": "D5C6A3E9-FA9C-434E-9653-165B4FC869E4" + }, + { + "providerName": "IPMI Provider Trace", + "providerGuid": "651D672B-E11F-41B7-ADD3-C2F6A4023672" + }, + { + "providerName": "KMDFv1 Trace Provider", + "providerGuid": "544D4C9D-942C-46D5-BF50-DF5CD9524A50" + }, + { + "providerName": "Local Security Authority (LSA)", + "providerGuid": "CC85922F-DB41-11D2-9244-006008269001" + }, + { + "providerName": "LsaSrv", + "providerGuid": "199FE037-2B82-40A9-82AC-E1D46C792B99" + }, + { + "providerName": "Microsoft-Antimalware-AMFilter", + "providerGuid": "CFEB0608-330E-4410-B00D-56D8DA9986E6" + }, + { + "providerName": "Microsoft-Antimalware-Engine", + "providerGuid": "0A002690-3839-4E3A-B3B6-96D8DF868D99" + }, + { + "providerName": "Microsoft-Antimalware-Engine-Instrumentation", + "providerGuid": "68621C25-DF8D-4A6B-AABC-19A22E296A7C" + }, + { + "providerName": "Microsoft-Antimalware-NIS", + "providerGuid": "102AAB0A-9D9C-4887-A860-55DE33B96595" + }, + { + "providerName": "Microsoft-Antimalware-Protection", + "providerGuid": "E4B70372-261F-4C54-8FA6-A5A7914D73DA" + }, + { + "providerName": "Microsoft-Antimalware-RTP", + "providerGuid": "8E92DEEF-5E17-413B-B927-59B2F06A3CFC" + }, + { + "providerName": "Microsoft-Antimalware-Scan-Interface", + "providerGuid": "2A576B87-09A7-520E-C21A-4942F0271D67" + }, + { + "providerName": "Microsoft-Antimalware-Service", + "providerGuid": "751EF305-6C6E-4FED-B847-02EF79D26AEF" + }, + { + "providerName": "Microsoft-Antimalware-UacScan", + "providerGuid": "D37E7910-79C8-57C4-DA77-52BB646364CD" + }, + { + "providerName": "Microsoft-AppV-Client", + "providerGuid": "E4F68870-5AE8-4E5B-9CE7-CA9ED75B0245" + }, + { + "providerName": "Microsoft-AppV-Client-StreamingUX", + "providerGuid": "28CB46C7-4003-4E50-8BD9-442086762D12" + }, + { + "providerName": "Microsoft-AppV-ServiceLog", + "providerGuid": "9CC69D1C-7917-4ACD-8066-6BF8B63E551B" + }, + { + "providerName": "Microsoft-AppV-SharedPerformance", + "providerGuid": "FB4A19EE-EB5A-47A4-BC52-E71AAC6D0859" + }, + { + "providerName": "Microsoft-Autopilot-BootstrapperAgent", + "providerGuid": "CB1FF6D6-3248-4484-B96E-0973F64838C4" + }, + { + "providerName": "Microsoft-Client-License-Flexible-Platform", + "providerGuid": "6E0DF32C-7F11-54F7-E8EE-5AD4032727CE" + }, + { + "providerName": "Microsoft-Client-Licensing-Platform", + "providerGuid": "B6CC0D55-9ECC-49A8-B929-2B9022426F2A" + }, + { + "providerName": "Microsoft-ConfigMgr", + "providerGuid": "FD6007DE-16D4-4D5B-A6D7-19AAD3211528" + }, + { + "providerName": "Microsoft-Epm-Events", + "providerGuid": "56B809B5-D9E6-4F21-A807-2A1E3ED4159E" + }, + { + "providerName": "Microsoft-Gaming-Services", + "providerGuid": "BC1BDB57-71A2-581A-147B-E0B49474A2D4" + }, + { + "providerName": "Microsoft-IE", + "providerGuid": "9E3B3947-CA5D-4614-91A2-7B624E0E7244" + }, + { + "providerName": "Microsoft-IE-JSDumpHeap", + "providerGuid": "7F8E35CA-68E8-41B9-86FE-D6ADC5B327E7" + }, + { + "providerName": "Microsoft-IEFRAME", + "providerGuid": "5C8BB950-959E-4309-8908-67961A1205D5" + }, + { + "providerName": "Microsoft-Intune-ControlConfig-Client-Telemetry", + "providerGuid": "9D7ADB63-2E58-4503-B3CE-9017D7C88537" + }, + { + "providerName": "Microsoft-Intune-Epm-Client-Telemetry", + "providerGuid": "8AD61205-8E7E-4BE4-8D30-E2480500B39A" + }, + { + "providerName": "Microsoft-Intune-Sidecar-Client-Telemetry", + "providerGuid": "E20927AF-32D7-4D5D-9F73-82F077A1C891" + }, + { + "providerName": "Microsoft-Inventory-Events", + "providerGuid": "5E6AC3D4-6A7E-4FDC-98F8-7017E4F177BF" + }, + { + "providerName": "Microsoft-JScript", + "providerGuid": "57277741-3638-4A4B-BDBA-0AC6E45DA56C" + }, + { + "providerName": "Microsoft-Office-Events", + "providerGuid": "8736922D-E8B2-47EB-8564-23E77E728CF3" + }, + { + "providerName": "Microsoft-Office-Word", + "providerGuid": "DAF0B914-9C1C-450A-81B2-FEA7244F6FFA" + }, + { + "providerName": "Microsoft-Office-Word2", + "providerGuid": "BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07" + }, + { + "providerName": "Microsoft-Office-Word3", + "providerGuid": "A1B69D49-2195-4F59-9D33-BDF30C0FE473" + }, + { + "providerName": "Microsoft-OneCore-OnlineSetup", + "providerGuid": "41862974-DA3B-4F0B-97D5-BB29FBB9B71E" + }, + { + "providerName": "Microsoft-PerfTrack-IEFRAME", + "providerGuid": "B2A40F1F-A05A-4DFD-886A-4C4F18C4334C" + }, + { + "providerName": "Microsoft-PerfTrack-MSHTML", + "providerGuid": "FFDB9886-80F3-4540-AA8B-B85192217DDF" + }, + { + "providerName": "Microsoft-Quic", + "providerGuid": "FF15E657-4F26-570E-88AB-0796B258D11C" + }, + { + "providerName": "Microsoft-ServiceBus-Client", + "providerGuid": "A307C7A2-A4CD-4D22-8093-94DB72934152" + }, + { + "providerName": "Microsoft-System-Diagnostics-DiagnosticInvoker", + "providerGuid": "9068A924-F97E-5506-C3A3-5C020C00E8E0" + }, + { + "providerName": "Microsoft-User Experience Virtualization-Admin", + "providerGuid": "61BC445E-7A8D-420E-AB36-9C7143881B98" + }, + { + "providerName": "Microsoft-User Experience Virtualization-Agent Driver", + "providerGuid": "DE29CF61-5EE6-43FF-9AAC-959C4E13CC6C" + }, + { + "providerName": "Microsoft-User Experience Virtualization-App Agent", + "providerGuid": "1ED6976A-4171-4764-B415-7EA08BC46C51" + }, + { + "providerName": "Microsoft-User Experience Virtualization-IPC", + "providerGuid": "21D79DB0-8E03-41CD-9589-F3EF7001A92A" + }, + { + "providerName": "Microsoft-User Experience Virtualization-SQM Uploader", + "providerGuid": "57003E21-269B-4BDC-8434-B3BF8D57D2D5" + }, + { + "providerName": "Microsoft-Windows Networking VPN Plugin Platform", + "providerGuid": "E5FC4A0F-7198-492F-9B0F-88FDCBFDED48" + }, + { + "providerName": "Microsoft-Windows-AAD", + "providerGuid": "4DE9BC9C-B27A-43C9-8994-0915F1A5E24F" + }, + { + "providerName": "Microsoft-Windows-AADRT", + "providerGuid": "2DCA52AC-167D-4D59-A491-C237BB978D83" + }, + { + "providerName": "Microsoft-Windows-AccelLib-AccelCx", + "providerGuid": "9C4CF201-DD11-5E35-9DE5-2C2146832011" + }, + { + "providerName": "Microsoft-Windows-ACL-UI", + "providerGuid": "EA4CC8B8-A150-47A3-AFB9-C8D194B19452" + }, + { + "providerName": "Microsoft-Windows-ActionQueue", + "providerGuid": "0DD4D48E-2BBF-452F-A7EC-BA3DBA8407AE" + }, + { + "providerName": "Microsoft-Windows-ADSI", + "providerGuid": "7288C9F8-D63C-4932-A345-89D6B060174D" + }, + { + "providerName": "Microsoft-Windows-AIT", + "providerGuid": "6ADDABF4-8C54-4EAB-BF4F-FBEF61B62EB0" + }, + { + "providerName": "Microsoft-Windows-All-User-Install-Agent", + "providerGuid": "D2E990DA-8504-4702-A5E5-367FC2F823BF" + }, + { + "providerName": "Microsoft-Windows-AppHost", + "providerGuid": "98E0765D-8C42-44A3-A57B-760D7F93225A" + }, + { + "providerName": "Microsoft-Windows-AppID", + "providerGuid": "3CB2A168-FE19-4A4E-BDAD-DCF422F13473" + }, + { + "providerName": "Microsoft-Windows-AppIDServiceTrigger", + "providerGuid": "D02A9C27-79B8-40D6-9B97-CF3F8B7B5D60" + }, + { + "providerName": "Microsoft-Windows-ApplicabilityEngine", + "providerGuid": "10A208DD-A372-421C-9D99-4FAD6DB68B62" + }, + { + "providerName": "Microsoft-Windows-Application Server-Applications", + "providerGuid": "C651F5F6-1C0D-492E-8AE1-B4EFD7C9D503" + }, + { + "providerName": "Microsoft-Windows-Application-Experience", + "providerGuid": "EEF54E71-0661-422D-9A98-82FD4940B820" + }, + { + "providerName": "Microsoft-Windows-ApplicationExperience-Cache", + "providerGuid": "6D8A3A60-40AF-445A-98CA-99359E500146" + }, + { + "providerName": "Microsoft-Windows-ApplicationExperience-LookupServiceTrigger", + "providerGuid": "18F4A5FD-FD3B-40A5-8FC2-E5D261C5D02E" + }, + { + "providerName": "Microsoft-Windows-ApplicationExperience-SwitchBack", + "providerGuid": "17D6E590-F5FE-11DC-95FF-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-ApplicationExperienceInfrastructure", + "providerGuid": "5EC13D8E-4B3F-422E-A7E7-3121A1D90C7A" + }, + { + "providerName": "Microsoft-Windows-AppLocker", + "providerGuid": "CBDA4DBF-8D5D-4F69-9578-BE14AA540D22" + }, + { + "providerName": "Microsoft-Windows-AppModel-Exec", + "providerGuid": "EB65A492-86C0-406A-BACE-9912D595BD69" + }, + { + "providerName": "Microsoft-Windows-AppModel-MessagingDataModel", + "providerGuid": "1E2462BE-B025-48DA-8C1F-7B60B8CCAE53" + }, + { + "providerName": "Microsoft-Windows-AppModel-Runtime", + "providerGuid": "F1EF270A-0D32-4352-BA52-DBAB41E1D859" + }, + { + "providerName": "Microsoft-Windows-AppModel-State", + "providerGuid": "BFF15E13-81BF-45EE-8B16-7CFEAD00DA86" + }, + { + "providerName": "Microsoft-Windows-AppReadiness", + "providerGuid": "F0BE35F8-237B-4814-86B5-ADE51192E503" + }, + { + "providerName": "Microsoft-Windows-AppSruProv", + "providerGuid": "0CC157B3-CF07-4FC2-91EE-31AC92E05FE1" + }, + { + "providerName": "Microsoft-Windows-AppXDeployment", + "providerGuid": "8127F6D4-59F9-4ABF-8952-3E3A02073D5F" + }, + { + "providerName": "Microsoft-Windows-AppXDeployment-Server", + "providerGuid": "3F471139-ACB7-4A01-B7A7-FF5DA4BA2D43" + }, + { + "providerName": "Microsoft-Windows-AppXDeployment-Server-UndockedDeh", + "providerGuid": "43833E12-078D-4D7D-8AAF-AE8C8520F18C" + }, + { + "providerName": "Microsoft-Windows-AppxPackagingOM", + "providerGuid": "BA723D81-0D0C-4F1E-80C8-54740F508DDF" + }, + { + "providerName": "Microsoft-Windows-ASN1", + "providerGuid": "D92EF8AC-99DD-4AB8-B91D-C6EBA85F3755" + }, + { + "providerName": "Microsoft-Windows-AssignedAccess", + "providerGuid": "8530DB6E-51C0-43D6-9D02-A8C2088526CD" + }, + { + "providerName": "Microsoft-Windows-AssignedAccessBroker", + "providerGuid": "F2311B48-32BE-4902-A22A-7240371DBB2C" + }, + { + "providerName": "Microsoft-Windows-AsynchronousCausality", + "providerGuid": "19A4C69A-28EB-4D4B-8D94-5F19055A1B5C" + }, + { + "providerName": "Microsoft-Windows-ATAPort", + "providerGuid": "CB587AD1-CC35-4EF1-AD93-36CC82A2D319" + }, + { + "providerName": "Microsoft-Windows-Audio", + "providerGuid": "AE4BD3BE-F36F-45B6-8D21-BDD6FB832853" + }, + { + "providerName": "Microsoft-Windows-Audit", + "providerGuid": "75EBC33E-0936-4A55-9D26-5F298F3180BF" + }, + { + "providerName": "Microsoft-Windows-Audit-CVE", + "providerGuid": "85A62A0D-7E17-485F-9D4F-749A287193A6" + }, + { + "providerName": "Microsoft-Windows-AuthenticationProvider", + "providerGuid": "DDDC1D91-51A1-4A8D-95B5-350C4EE3D809" + }, + { + "providerName": "Microsoft-Windows-AxInstallService", + "providerGuid": "DAB3B18C-3C0F-43E8-80B1-E44BC0DAD901" + }, + { + "providerName": "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher", + "providerGuid": "648A0644-7D62-4FD3-8841-440064762F95" + }, + { + "providerName": "Microsoft-Windows-Base-Filtering-Engine-Connections", + "providerGuid": "121D3DA8-BAF1-4DCB-929F-2D4C9A47F7AB" + }, + { + "providerName": "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows", + "providerGuid": "92765247-03A9-4AE3-A575-B42264616E78" + }, + { + "providerName": "Microsoft-Windows-Battery", + "providerGuid": "59819D0A-ADAF-46B2-8D7C-990BC39C7C15" + }, + { + "providerName": "Microsoft-Windows-BfeTriggerProvider", + "providerGuid": "54732EE5-61CA-4727-9DA1-10BE5A4F773D" + }, + { + "providerName": "Microsoft-Windows-Biometrics", + "providerGuid": "A0E3D8EA-C34F-4419-A1DB-90435B8B21D0" + }, + { + "providerName": "Microsoft-Windows-BitLocker-API", + "providerGuid": "5D674230-CA9F-11DA-A94D-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-BitLocker-DrivePreparationTool", + "providerGuid": "632F767E-0EC3-47B9-BA1C-A0E62A74728A" + }, + { + "providerName": "Microsoft-Windows-BitLocker-Driver", + "providerGuid": "651DF93B-5053-4D1E-94C5-F6E6D25908D0" + }, + { + "providerName": "Microsoft-Windows-BitLocker-Driver-Performance", + "providerGuid": "1DE130E1-C026-4CBF-BA0F-AB608E40AEEA" + }, + { + "providerName": "Microsoft-Windows-Bits-Client", + "providerGuid": "EF1CC15B-46C1-414E-BB95-E76B077BD51E" + }, + { + "providerName": "Microsoft-Windows-Bluetooth-BthLEPrepairing", + "providerGuid": "4AF188AC-E9C4-4C11-B07B-1FABC07DFEB2" + }, + { + "providerName": "Microsoft-Windows-Bluetooth-Bthmini", + "providerGuid": "DB25B328-A6F6-444F-9D97-A50E20217D16" + }, + { + "providerName": "Microsoft-Windows-Bluetooth-MTPEnum", + "providerGuid": "04268430-D489-424D-B914-0CFF741D6684" + }, + { + "providerName": "Microsoft-Windows-Bluetooth-Policy", + "providerGuid": "0602ECEF-6381-4BC0-AEDA-EB9BB919B276" + }, + { + "providerName": "Microsoft-Windows-BootUX", + "providerGuid": "67D781BD-CBD2-4BD2-AD1F-6152FB891246" + }, + { + "providerName": "Microsoft-Windows-BranchCache", + "providerGuid": "7EAFCF79-06A7-460B-8A55-BD0A0C9248AA" + }, + { + "providerName": "Microsoft-Windows-BranchCacheClientEventProvider", + "providerGuid": "E837619C-A2A8-4689-833F-47B48EBD2442" + }, + { + "providerName": "Microsoft-Windows-BranchCacheEventProvider", + "providerGuid": "DD85457F-4E2D-44A5-A7A7-6253362E34DC" + }, + { + "providerName": "Microsoft-Windows-BranchCacheMonitoring", + "providerGuid": "A2F55524-8EBC-45FD-88E4-A1B39F169E08" + }, + { + "providerName": "Microsoft-Windows-BranchCacheSMB", + "providerGuid": "4A933674-FB3D-4E8D-B01D-17EE14E91A3E" + }, + { + "providerName": "Microsoft-Windows-BrokerInfrastructure", + "providerGuid": "E6835967-E0D2-41FB-BCEC-58387404E25A" + }, + { + "providerName": "Microsoft-Windows-BTH-BTHPORT", + "providerGuid": "8A1F9517-3A8C-4A9E-A018-4F17A200F277" + }, + { + "providerName": "Microsoft-Windows-BTH-BTHUSB", + "providerGuid": "33693E1D-246A-471B-83BE-3E75F47A832D" + }, + { + "providerName": "Microsoft-Windows-Build-RegDll", + "providerGuid": "D39B6336-CFCB-483B-8C76-7C3E7D02BCB8" + }, + { + "providerName": "Microsoft-Windows-CAPI2", + "providerGuid": "5BBCA4A8-B209-48DC-A8C7-B23D3E5216FB" + }, + { + "providerName": "Microsoft-Windows-CDROM", + "providerGuid": "9B6123DC-9AF6-4430-80D7-7D36F054FB9F" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient", + "providerGuid": "73370BD6-85E5-430B-B60A-FEA1285808A7" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient-AutoEnrollment", + "providerGuid": "F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient-CertEnroll", + "providerGuid": "54164045-7C50-4905-963F-E5BC1EEF0CCA" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient-CredentialRoaming", + "providerGuid": "89A2278B-C662-4AFF-A06C-46AD3F220BCA" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient-Lifecycle-System", + "providerGuid": "BC0669E1-A10D-4A78-834E-1CA3C806C93B" + }, + { + "providerName": "Microsoft-Windows-CertificateServicesClient-Lifecycle-User", + "providerGuid": "BEA18B89-126F-4155-9EE4-D36038B02680" + }, + { + "providerName": "Microsoft-Windows-CertificationAuthorityClient-CertCli", + "providerGuid": "98BF1CD3-583E-4926-95EE-A61BF3F46470" + }, + { + "providerName": "Microsoft-Windows-CertPolEng", + "providerGuid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799" + }, + { + "providerName": "Microsoft-Windows-Cleanmgr", + "providerGuid": "9AE87B12-A014-5288-92DF-E3030981EBAB" + }, + { + "providerName": "Microsoft-Windows-ClearTypeTextTuner", + "providerGuid": "0A88862D-20A3-4C1F-B76F-162C55ADBF93" + }, + { + "providerName": "Microsoft-Windows-CloudFiles-Filter", + "providerGuid": "4580BB06-BAED-5B62-A4D5-92FA7156E7DB" + }, + { + "providerName": "Microsoft-Windows-CloudRestoreLauncher", + "providerGuid": "DC327E90-7748-58ED-F39C-8A8987CFAC58" + }, + { + "providerName": "Microsoft-Windows-CloudStore", + "providerGuid": "741BB90C-A7A3-49D6-BD82-1E6B858403F7" + }, + { + "providerName": "Microsoft-Windows-CmiSetup", + "providerGuid": "75EBC33E-0CC6-49DA-8CD9-8903A5222AA0" + }, + { + "providerName": "Microsoft-Windows-CodeIntegrity", + "providerGuid": "4EE76BD8-3CF4-44A0-A0AC-3937643E37A3" + }, + { + "providerName": "Microsoft-Windows-COM", + "providerGuid": "D4263C98-310C-4D97-BA39-B55354F08584" + }, + { + "providerName": "Microsoft-Windows-COM-Perf", + "providerGuid": "B8D6861B-D20F-4EEC-BBAE-87E0DD80602B" + }, + { + "providerName": "Microsoft-Windows-COM-RundownInstrumentation", + "providerGuid": "2957313D-FCAA-5D4A-2F69-32CE5F0AC44E" + }, + { + "providerName": "Microsoft-Windows-ComDlg32", + "providerGuid": "7F912B92-21AD-496E-B97A-88622A72BC42" + }, + { + "providerName": "Microsoft-Windows-Compat-Appraiser", + "providerGuid": "442C11C5-304B-45A4-AE73-DC2194C4E876" + }, + { + "providerName": "Microsoft-Windows-Complus", + "providerGuid": "0F177893-4A9C-4709-B921-F432D67F43D5" + }, + { + "providerName": "Microsoft-Windows-COMRuntime", + "providerGuid": "BF406804-6AFA-46E7-8A48-6C357E1D6D61" + }, + { + "providerName": "Microsoft-Windows-Configuration-Change-Monitor", + "providerGuid": "A148CF02-BE6D-5F08-94E3-B68DE60D8422" + }, + { + "providerName": "Microsoft-Windows-Containers-BindFlt", + "providerGuid": "FC4E8F51-7A04-4BAB-8B91-6321416F72AB" + }, + { + "providerName": "Microsoft-Windows-Containers-Wcifs", + "providerGuid": "AEC5C129-7C10-407D-BE97-91A042C61AAA" + }, + { + "providerName": "Microsoft-Windows-CoreSystem-InitMachineConfig", + "providerGuid": "0B886108-1899-4D3A-9C0D-42D8FC4B9108" + }, + { + "providerName": "Microsoft-Windows-CoreSystem-NetProvision-JoinProviderOnline", + "providerGuid": "3629DD4D-D6F1-4302-A623-0768B51501C7" + }, + { + "providerName": "Microsoft-Windows-CoreSystem-SmsRouter", + "providerGuid": "A9C11050-9E93-4FA4-8FE0-7C4750A345B2" + }, + { + "providerName": "Microsoft-Windows-CoreWindow", + "providerGuid": "A3D95055-34CC-4E4A-B99F-EC88F5370495" + }, + { + "providerName": "Microsoft-Windows-CorruptedFileRecovery-Client", + "providerGuid": "BA093605-3909-4345-990B-26B746ADEE0A" + }, + { + "providerName": "Microsoft-Windows-CorruptedFileRecovery-Server", + "providerGuid": "D6F68875-CDF5-43A5-A3E3-53FFD683311C" + }, + { + "providerName": "Microsoft-Windows-Crashdump", + "providerGuid": "ECDAACFA-6FE9-477C-B5F0-85B76F8F50AA" + }, + { + "providerName": "Microsoft-Windows-CredUI", + "providerGuid": "5A24FCDB-1CF3-477B-B422-EF4909D51223" + }, + { + "providerName": "Microsoft-Windows-Crypto-BCrypt", + "providerGuid": "C7E089AC-BA2A-11E0-9AF7-68384824019B" + }, + { + "providerName": "Microsoft-Windows-Crypto-CNG", + "providerGuid": "E3E0E2F0-C9C5-11E0-8AB9-9EBC4824019B" + }, + { + "providerName": "Microsoft-Windows-Crypto-DPAPI", + "providerGuid": "89FE8F40-CDCE-464E-8217-15EF97D4C7C3" + }, + { + "providerName": "Microsoft-Windows-Crypto-DSSEnh", + "providerGuid": "43DAD447-735F-4829-A6FF-9829A87419FF" + }, + { + "providerName": "Microsoft-Windows-Crypto-NCrypt", + "providerGuid": "E8ED09DC-100C-45E2-9FC8-B53399EC1F70" + }, + { + "providerName": "Microsoft-Windows-Crypto-RNG", + "providerGuid": "54D5AC20-E14F-4FDA-92DA-EBF7556FF176" + }, + { + "providerName": "Microsoft-Windows-Crypto-RSAEnh", + "providerGuid": "152FDB2B-6E9D-4B60-B317-815D5F174C4A" + }, + { + "providerName": "Microsoft-Windows-D3D10Level9", + "providerGuid": "7E7D3382-023C-43CB-95D2-6F0CA6D70381" + }, + { + "providerName": "Microsoft-Windows-D3D9", + "providerGuid": "783ACA0A-790E-4D7F-8451-AA850511C6B9" + }, + { + "providerName": "Microsoft-Windows-DAL-Provider", + "providerGuid": "7E87506F-BACE-4BF1-BC09-3A1F37045C71" + }, + { + "providerName": "Microsoft-Windows-Data-Pdf", + "providerGuid": "B97561FE-B27A-4C48-AA3E-7D3ADDC105B1" + }, + { + "providerName": "Microsoft-Windows-DataIntegrityScan", + "providerGuid": "13BC4371-4E21-4E46-A84F-8C0FFB548CED" + }, + { + "providerName": "Microsoft-Windows-DateTimeControlPanel", + "providerGuid": "741FC222-44ED-4BA7-98E3-F405B2D2C4B4" + }, + { + "providerName": "Microsoft-Windows-DCLocator", + "providerGuid": "CFAA5446-C6C4-4F5C-866F-31C9B55B962D" + }, + { + "providerName": "Microsoft-Windows-DDisplay", + "providerGuid": "75051C9D-2833-4A29-8923-046DB7A432CA" + }, + { + "providerName": "Microsoft-Windows-Deduplication", + "providerGuid": "F9FE3908-44B8-48D9-9A32-5A763FF5ED79" + }, + { + "providerName": "Microsoft-Windows-Deduplication-Change", + "providerGuid": "1D5E499D-739C-45A6-A3E1-8CBE0A352BEB" + }, + { + "providerName": "Microsoft-Windows-Defrag-Core", + "providerGuid": "E3257C8C-C7CB-444F-9DA0-5D92A2625289" + }, + { + "providerName": "Microsoft-Windows-DeliveryOptimization", + "providerGuid": "F8AD09BA-419C-5134-1750-270F4D0FB889" + }, + { + "providerName": "Microsoft-Windows-Deplorch", + "providerGuid": "B9DA9FE6-AE5F-4F3E-B2FA-8E623C11DC75" + }, + { + "providerName": "Microsoft-Windows-DesktopActivityModerator", + "providerGuid": "32DD13DF-9C0B-4C3B-B854-EE76C050F5F4" + }, + { + "providerName": "Microsoft-Windows-DeviceAssociationService", + "providerGuid": "56C71C31-CFBD-4CDD-8559-505E042BBBE1" + }, + { + "providerName": "Microsoft-Windows-DeviceConfidence", + "providerGuid": "1D5990C1-EC62-49F0-9E37-1F4DB12DB41E" + }, + { + "providerName": "Microsoft-Windows-DeviceGuard", + "providerGuid": "F717D024-F5B4-4F03-9AB9-331B2DC38FFB" + }, + { + "providerName": "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider", + "providerGuid": "3DA494E4-0FE2-415C-B895-FB5265C5C83B" + }, + { + "providerName": "Microsoft-Windows-DeviceManagement-Pushrouter", + "providerGuid": "F1201B5A-E170-42B6-8D20-B57AC57E6416" + }, + { + "providerName": "Microsoft-Windows-Devices-AccessBroker", + "providerGuid": "64FB8D23-F0B6-5D2D-B1F6-488303C1761F" + }, + { + "providerName": "Microsoft-Windows-Devices-Background", + "providerGuid": "64EF2B1C-4AE1-4E64-8599-1636E441EC88" + }, + { + "providerName": "Microsoft-Windows-Devices-Query", + "providerGuid": "DF63D0DC-97C2-5E48-C1CC-7B46BFD4DF88" + }, + { + "providerName": "Microsoft-Windows-DeviceSetupManager", + "providerGuid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2" + }, + { + "providerName": "Microsoft-Windows-DeviceSync", + "providerGuid": "09EC9687-D7AD-40CA-9C5E-78A04A5AE993" + }, + { + "providerName": "Microsoft-Windows-DeviceUpdateAgent", + "providerGuid": "E8F9AF91-AFBE-5A03-DFEC-5D591686326C" + }, + { + "providerName": "Microsoft-Windows-DeviceUx", + "providerGuid": "DED165CF-485D-4770-A3E7-9C5F0320E80C" + }, + { + "providerName": "Microsoft-Windows-DevMgmt-UefiCsp", + "providerGuid": "739D66D8-76C4-4004-873F-169AE5C6EACA" + }, + { + "providerName": "Microsoft-Windows-DfsSvc", + "providerGuid": "7DA4FE0E-FD42-4708-9AA5-89B77A224885" + }, + { + "providerName": "Microsoft-Windows-Dhcp-Client", + "providerGuid": "15A7A4F8-0072-4EAB-ABAD-F98A4D666AED" + }, + { + "providerName": "Microsoft-Windows-DHCPv6-Client", + "providerGuid": "6A1F2B00-6A90-4C38-95A5-5CAB3B056778" + }, + { + "providerName": "Microsoft-Windows-DiagCpl", + "providerGuid": "1A396961-5F3C-4C71-8310-44C653C0BF8A" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-AdvancedTaskManager", + "providerGuid": "178DADAF-7AC4-4593-AB3E-A45FDA6D0D55" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-DPS", + "providerGuid": "6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-MSDE", + "providerGuid": "A50B09F8-93EB-4396-84C9-DC921259F952" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-PCW", + "providerGuid": "AABF8B86-7936-4FA2-ACB0-63127F879DBF" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-PLA", + "providerGuid": "E4D53F84-7DE3-11D8-9435-505054503030" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-Scheduled", + "providerGuid": "40AB57C2-1C53-4DF9-9324-FF7CF898A02C" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-Scripted", + "providerGuid": "E1DD7E52-621D-44E3-A1AD-0370C2B25946" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider", + "providerGuid": "9363CCD9-D429-4452-9ADB-2501E704B810" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-WDC", + "providerGuid": "05921578-2261-42C7-A0D3-26DDBCE6C50D" + }, + { + "providerName": "Microsoft-Windows-Diagnosis-WDI", + "providerGuid": "E01B1A7C-C5C9-4E67-99A9-5E85ACFB2E10" + }, + { + "providerName": "Microsoft-Windows-Diagnostics-LoggingChannel", + "providerGuid": "4BD2826E-54A1-4BA9-BF63-92B73EA1AC4A" + }, + { + "providerName": "Microsoft-Windows-Diagnostics-Networking", + "providerGuid": "36C23E18-0E66-11D9-BBEB-505054503030" + }, + { + "providerName": "Microsoft-Windows-Diagnostics-Performance", + "providerGuid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A" + }, + { + "providerName": "Microsoft-Windows-Diagnostics-PerfTrack", + "providerGuid": "030F2F57-ABD0-4427-BCF1-3A3587D7DC7D" + }, + { + "providerName": "Microsoft-Windows-Direct3D10", + "providerGuid": "9B7E4C0F-342C-4106-A19F-4F2704F689F0" + }, + { + "providerName": "Microsoft-Windows-Direct3D10_1", + "providerGuid": "9B7E4C8F-342C-4106-A19F-4F2704F689F0" + }, + { + "providerName": "Microsoft-Windows-Direct3D11", + "providerGuid": "DB6F6DDB-AC77-4E88-8253-819DF9BBF140" + }, + { + "providerName": "Microsoft-Windows-Direct3D12", + "providerGuid": "5D8087DD-3A9B-4F56-90DF-49196CDC4F11" + }, + { + "providerName": "Microsoft-Windows-Direct3DShaderCache", + "providerGuid": "2D4EBCA6-EA64-453F-A292-AE2EA0EE513B" + }, + { + "providerName": "Microsoft-Windows-DirectComposition", + "providerGuid": "C44219D0-F344-11DF-A5E2-B307DFD72085" + }, + { + "providerName": "Microsoft-Windows-DirectManipulation", + "providerGuid": "5786E035-EF2D-4178-84F2-5A6BBEDBB947" + }, + { + "providerName": "Microsoft-Windows-Directory-Services-SAM", + "providerGuid": "0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE" + }, + { + "providerName": "Microsoft-Windows-Directory-Services-SAM-Utility", + "providerGuid": "BD8FEA17-5549-4B49-AA03-1981D16396A9" + }, + { + "providerName": "Microsoft-Windows-DirectShow-Core", + "providerGuid": "968F313B-097F-4E09-9CDD-BC62692D138B" + }, + { + "providerName": "Microsoft-Windows-DirectShow-KernelSupport", + "providerGuid": "3CC2D4AF-DA5E-4ED4-BCBE-3CF995940483" + }, + { + "providerName": "Microsoft-Windows-DirectSound", + "providerGuid": "8A93B54B-C75A-49B5-A5BE-9060715B1A33" + }, + { + "providerName": "Microsoft-Windows-Disk", + "providerGuid": "6B4DB0BC-9A3D-467D-81B9-A84C6F2F3D40" + }, + { + "providerName": "Microsoft-Windows-DiskDiagnostic", + "providerGuid": "E670A5A2-CE74-4AB4-9347-61B815319F4C" + }, + { + "providerName": "Microsoft-Windows-DiskDiagnosticDataCollector", + "providerGuid": "E104FB41-6B04-4F3A-B47D-F0DF2F02B954" + }, + { + "providerName": "Microsoft-Windows-DiskDiagnosticResolver", + "providerGuid": "6B1FFE48-5B1E-4793-9F7F-AE926454499D" + }, + { + "providerName": "Microsoft-Windows-Dism-Api", + "providerGuid": "75B0DA21-8B50-42EB-9448-EC48B1729B57" + }, + { + "providerName": "Microsoft-Windows-Dism-Cli", + "providerGuid": "2F959466-24D4-4972-8729-0D5E3539EBC3" + }, + { + "providerName": "Microsoft-Windows-Display", + "providerGuid": "6ECE3302-FEE1-4EA9-8B88-086D459ED976" + }, + { + "providerName": "Microsoft-Windows-DisplayColorCalibration", + "providerGuid": "3239EB6F-C7FC-4953-AA15-646829A4CA4C" + }, + { + "providerName": "Microsoft-Windows-DisplaySwitch", + "providerGuid": "192EDE41-9175-4C86-AC02-9D003C9D43AB" + }, + { + "providerName": "Microsoft-Windows-DistributedCOM", + "providerGuid": "1B562E86-B7AA-4131-BADC-B6F3A001407E" + }, + { + "providerName": "Microsoft-Windows-DLNA-Namespace", + "providerGuid": "D38FB874-33E4-4DCF-911E-1B53BB106D53" + }, + { + "providerName": "Microsoft-Windows-DNS-Client", + "providerGuid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D" + }, + { + "providerName": "Microsoft-Windows-Documents", + "providerGuid": "C89B991E-3B48-49B2-80D3-AC000DFC9749" + }, + { + "providerName": "Microsoft-Windows-DomainJoinManagerTriggerProvider", + "providerGuid": "5B004607-1087-4F16-B10E-979685A8D131" + }, + { + "providerName": "Microsoft-Windows-DotNETRuntime", + "providerGuid": "E13C0D23-CCBC-4E12-931B-D9CC2EEE27E4" + }, + { + "providerName": "Microsoft-Windows-DotNETRuntimeRundown", + "providerGuid": "A669021C-C450-4609-A035-5AF59AF4DF18" + }, + { + "providerName": "Microsoft-Windows-DriverFrameworks-KernelMode-Performance", + "providerGuid": "486A5C7C-11CC-46C5-9DE7-43DFE0BB57C1" + }, + { + "providerName": "Microsoft-Windows-DriverFrameworks-UserMode", + "providerGuid": "2E35AAEB-857F-4BEB-A418-2E6C0E54D988" + }, + { + "providerName": "Microsoft-Windows-DriverFrameworks-UserMode-Performance", + "providerGuid": "9FA5DD5D-999E-466A-8CA9-7B3A66F8882F" + }, + { + "providerName": "Microsoft-Windows-DriverProxy", + "providerGuid": "45C0E4CB-5120-5F84-0418-8A18ED702E9A" + }, + { + "providerName": "Microsoft-Windows-DSC", + "providerGuid": "50DF9E12-A8C4-4939-B281-47E1325BA63E" + }, + { + "providerName": "Microsoft-Windows-DUI", + "providerGuid": "8360BD0F-A7DC-4391-91A7-A457C5C381E4" + }, + { + "providerName": "Microsoft-Windows-DUSER", + "providerGuid": "8429E243-345B-47C1-8A91-2C94CAF0DAAB" + }, + { + "providerName": "Microsoft-Windows-DVD", + "providerGuid": "E18D0FCA-9515-4232-98E4-89E456D8551B" + }, + { + "providerName": "Microsoft-Windows-Dwm-Api", + "providerGuid": "292A52C4-FA27-4461-B526-54A46430BD54" + }, + { + "providerName": "Microsoft-Windows-Dwm-Compositor", + "providerGuid": "044A9015-D96C-5DD1-0199-72D258325298" + }, + { + "providerName": "Microsoft-Windows-Dwm-Core", + "providerGuid": "9E9BBA3C-2E38-40CB-99F4-9E8281425164" + }, + { + "providerName": "Microsoft-Windows-Dwm-Dwm", + "providerGuid": "D29D56EA-4867-4221-B02E-CFD998834075" + }, + { + "providerName": "Microsoft-Windows-Dwm-Redir", + "providerGuid": "7D99F6A4-1BEC-4C09-9703-3AAA8148347F" + }, + { + "providerName": "Microsoft-Windows-Dwm-Udwm", + "providerGuid": "A2D1C713-093B-43A7-B445-D09370EC9F47" + }, + { + "providerName": "Microsoft-Windows-DXGI", + "providerGuid": "CA11C036-0102-4A2D-A6AD-F03CFED5D3C9" + }, + { + "providerName": "Microsoft-Windows-DXGIDebug", + "providerGuid": "F1FF64EF-FAF3-5699-8E51-F6EC2FBD97D1" + }, + { + "providerName": "Microsoft-Windows-DxgKrnl", + "providerGuid": "802EC45A-1E99-4B83-9920-87C98277BA9D" + }, + { + "providerName": "Microsoft-Windows-DxgKrnl-SysMm", + "providerGuid": "9DE90B19-62C4-511D-A1C5-9E990812D18B" + }, + { + "providerName": "Microsoft-Windows-DXP", + "providerGuid": "728B8C72-0F0F-4071-9BCC-27CB3B6DACBE" + }, + { + "providerName": "Microsoft-Windows-DxpTaskSyncProvider", + "providerGuid": "271C5228-C3FE-4E47-831F-48C3652CE5AC" + }, + { + "providerName": "Microsoft-Windows-EapHost", + "providerGuid": "6EB8DB94-FE96-443F-A366-5FE0CEE7FB1C" + }, + { + "providerName": "Microsoft-Windows-EapMethods-RasChap", + "providerGuid": "58980F4B-BD39-4A3E-B344-492ED2254A4E" + }, + { + "providerName": "Microsoft-Windows-EapMethods-RasTls", + "providerGuid": "9CC0413E-5717-4AF5-82EB-6103D8707B45" + }, + { + "providerName": "Microsoft-Windows-EapMethods-Sim", + "providerGuid": "3D42A67D-9CE8-4284-B755-2550672B0CE0" + }, + { + "providerName": "Microsoft-Windows-EapMethods-Ttls", + "providerGuid": "D710D46C-235D-4798-AC20-9F83E1DCD557" + }, + { + "providerName": "Microsoft-Windows-EaseOfAccess", + "providerGuid": "74B4A4B1-2302-4768-AC5B-9773DD456B08" + }, + { + "providerName": "Microsoft-Windows-EDP-AppLearning", + "providerGuid": "9803DAA0-81BA-483A-986C-F0E395B9F8D1" + }, + { + "providerName": "Microsoft-Windows-EDP-Audit-Regular", + "providerGuid": "50F99B2D-96D2-421F-BE4C-222C4140DA9F" + }, + { + "providerName": "Microsoft-Windows-EDP-Audit-TCB", + "providerGuid": "287D59B6-79BA-4741-A08B-2FEDEEDE6435" + }, + { + "providerName": "Microsoft-Windows-EFS", + "providerGuid": "3663A992-84BE-40EA-BBA9-90C7ED544222" + }, + { + "providerName": "Microsoft-Windows-ELS-Hyphenation", + "providerGuid": "51AEDB05-890B-4ADE-8BA1-0BA14B8E8973" + }, + { + "providerName": "Microsoft-Windows-EndpointTriggerProvider", + "providerGuid": "92AAB24D-D9A9-4A60-9F94-201FED3E3E88" + }, + { + "providerName": "Microsoft-Windows-Energy-Estimation-Engine", + "providerGuid": "DDCC3826-A68A-4E0D-BCFD-9C06C27C6948" + }, + { + "providerName": "Microsoft-Windows-EnergyEfficiencyWizard", + "providerGuid": "1A772F65-BE1E-4FC6-96BB-248E03FA60F5" + }, + { + "providerName": "Microsoft-Windows-EnhancedPhishingProtection-Events", + "providerGuid": "E8ABC5FB-BF87-5462-278D-1B5E18775A8F" + }, + { + "providerName": "Microsoft-Windows-EnhancedStorage-ClassDriver", + "providerGuid": "F6CF91BE-E7D7-57D6-2A3D-278CA406D190" + }, + { + "providerName": "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv", + "providerGuid": "AA3AA23B-BB6D-425A-B58C-1D7E37F5D02A" + }, + { + "providerName": "Microsoft-Windows-EQoS", + "providerGuid": "54CB22FF-26B4-4393-A8C2-6B0715912C5F" + }, + { + "providerName": "Microsoft-Windows-ErrorReportingConsole", + "providerGuid": "017247F2-7E96-11DC-8314-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-ESE", + "providerGuid": "478EA8A8-00BE-4BA6-8E75-8B9DC7DB9F78" + }, + { + "providerName": "Microsoft-Windows-EventCollector", + "providerGuid": "B977CF02-76F6-DF84-CC1A-6A4B232322B6" + }, + { + "providerName": "Microsoft-Windows-Eventlog", + "providerGuid": "FC65DDD8-D6EF-4962-83D5-6E5CFE9CE148" + }, + { + "providerName": "Microsoft-Windows-EventLog-WMIProvider", + "providerGuid": "35AC6CE8-6104-411D-976C-877F183D2D32" + }, + { + "providerName": "Microsoft-Windows-EventSystem", + "providerGuid": "899DAACE-4868-4295-AFCD-9EB8FB497561" + }, + { + "providerName": "Microsoft-Windows-exFAT-SQM", + "providerGuid": "494E7A3D-8DB9-4EC4-B43E-2844AF6E38D6" + }, + { + "providerName": "Microsoft-Windows-FailoverClustering-Client", + "providerGuid": "A82FDA5D-745F-409C-B0FE-18AE0678A0E0" + }, + { + "providerName": "Microsoft-Windows-Fat-SQM", + "providerGuid": "3E59A529-B0B3-4A11-8129-9FFE6BB46EB9" + }, + { + "providerName": "Microsoft-Windows-Fault-Tolerant-Heap", + "providerGuid": "6B93BF66-A922-4C11-A617-CF60D95C133D" + }, + { + "providerName": "Microsoft-Windows-FeatureConfiguration", + "providerGuid": "C2F36562-A1E4-4BC3-A6F6-01A7ADB643E8" + }, + { + "providerName": "Microsoft-Windows-Feedback-Service-TriggerProvider", + "providerGuid": "E46EEAD8-0C54-4489-9898-8FA79D059E0E" + }, + { + "providerName": "Microsoft-Windows-FileHistory-Catalog", + "providerGuid": "B447B4DC-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-ConfigManager", + "providerGuid": "B447B4DD-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-Core", + "providerGuid": "B447B4DB-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-Engine", + "providerGuid": "B447B4DE-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-EventListener", + "providerGuid": "B447B4DF-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-Service", + "providerGuid": "B447B4E0-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileHistory-UI", + "providerGuid": "B447B4E1-7780-11E0-ADA3-18A90531A85A" + }, + { + "providerName": "Microsoft-Windows-FileInfoMinifilter", + "providerGuid": "A319D300-015C-48BE-ACDB-47746E154751" + }, + { + "providerName": "Microsoft-Windows-FilterManager", + "providerGuid": "F3C5E28E-63F6-49C7-A204-E48A1BC4B09D" + }, + { + "providerName": "Microsoft-Windows-Firewall", + "providerGuid": "E595F735-B42A-494B-AFCD-B68666945CD3" + }, + { + "providerName": "Microsoft-Windows-Firewall-CPL", + "providerGuid": "546549BE-9D63-46AA-9154-4F6EB9526378" + }, + { + "providerName": "Microsoft-Windows-FirstUX-PerfInstrumentation", + "providerGuid": "FBEF8096-2CA3-4082-ACDE-DCFB47E96B72" + }, + { + "providerName": "Microsoft-Windows-FltMgrTrace_307b3ab035ae31a8462e37b4da258d1a", + "providerGuid": "307B3AB0-35AE-31A8-462E-37B4DA258D1A" + }, + { + "providerName": "Microsoft-Windows-FMS", + "providerGuid": "DEA07764-0790-44DE-B9C4-49677B17174F" + }, + { + "providerName": "Microsoft-Windows-Folder Redirection", + "providerGuid": "7D7B0C39-93F6-4100-BD96-4DDA859652C5" + }, + { + "providerName": "Microsoft-Windows-Forwarding", + "providerGuid": "699E309C-E782-4400-98C8-E21D162D7B7B" + }, + { + "providerName": "Microsoft-Windows-FunctionDiscovery", + "providerGuid": "9DB0FDB5-3B21-440E-A94B-63738A4BE5DE" + }, + { + "providerName": "Microsoft-Windows-FunctionDiscoveryHost", + "providerGuid": "538CBBAD-4877-4EB2-B26E-7CAEE8F0F8CB" + }, + { + "providerName": "Microsoft-Windows-GenericRoaming", + "providerGuid": "4EACB4D0-263B-4B93-8CD6-778A278E5642" + }, + { + "providerName": "Microsoft-Windows-GPIO-ClassExtension", + "providerGuid": "55AB77F6-FA04-43EF-AF45-688FBF500482" + }, + { + "providerName": "Microsoft-Windows-GPIOButtons", + "providerGuid": "E13FF11E-E989-4838-A9FA-38A4D13914CF" + }, + { + "providerName": "Microsoft-Windows-Graphics-Capture-Server", + "providerGuid": "7D0CBD25-390E-524D-8C1E-2A8E846055C0" + }, + { + "providerName": "Microsoft-Windows-Graphics-Printing", + "providerGuid": "E7AA32FB-77D0-477F-987D-7E83DF1B7ED0" + }, + { + "providerName": "Microsoft-Windows-Graphics-Printing3D", + "providerGuid": "BE967569-E3C8-425B-AD0E-4F2C790B1848" + }, + { + "providerName": "Microsoft-Windows-GraphicsCapture-API", + "providerGuid": "347D2CDF-F126-56D7-12B1-69E27C655D7E" + }, + { + "providerName": "Microsoft-Windows-GroupPolicy", + "providerGuid": "AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9" + }, + { + "providerName": "Microsoft-Windows-GroupPolicyTriggerProvider", + "providerGuid": "BD2F4252-5E1E-49FC-9A30-F3978AD89EE2" + }, + { + "providerName": "Microsoft-Windows-HAL", + "providerGuid": "63D1E632-95CC-4443-9312-AF927761D52A" + }, + { + "providerName": "Microsoft-Windows-HealthCenter", + "providerGuid": "588C5C5A-FFC5-44A2-9A7F-D5E8DBE6EFD7" + }, + { + "providerName": "Microsoft-Windows-HealthCenterCPL", + "providerGuid": "959F1FAC-7CA8-4ED1-89DC-CDFA7E093CB0" + }, + { + "providerName": "Microsoft-Windows-Heap-Snapshot", + "providerGuid": "901D2AFA-4FF6-46D7-8D0E-53645E1A47F5" + }, + { + "providerName": "Microsoft-Windows-HelloForBusiness", + "providerGuid": "906B8A99-63CE-58D7-86AB-10989BBD5567" + }, + { + "providerName": "Microsoft-Windows-Help", + "providerGuid": "DE513A55-C345-438B-9A74-E18CAC5C5CC5" + }, + { + "providerName": "Microsoft-Windows-hidcfu", + "providerGuid": "7628E972-6D6F-4974-B58F-6428622EC09A" + }, + { + "providerName": "Microsoft-Windows-HomeGroup-ControlPanel", + "providerGuid": "134EA407-755D-4A93-B8A6-F290CD155023" + }, + { + "providerName": "Microsoft-Windows-Host-Network-Management", + "providerGuid": "93F693DC-9163-4DEE-AF64-D855218AF242" + }, + { + "providerName": "Microsoft-Windows-Host-Network-Service", + "providerGuid": "0C885E0D-6EB6-476C-A048-2457EED3A5C1" + }, + { + "providerName": "Microsoft-Windows-HostGuardianClient-Service", + "providerGuid": "5D487FAD-104B-5CA6-CA4E-14C206850501" + }, + { + "providerName": "Microsoft-Windows-HostGuardianService-CA", + "providerGuid": "9FB3388C-A54C-4E98-BDD1-445A82ED4BF7" + }, + { + "providerName": "Microsoft-Windows-HostGuardianService-Client", + "providerGuid": "7DEE1FDC-FFA8-4087-912A-95189D6A2D7F" + }, + { + "providerName": "Microsoft-Windows-Hotpatch-Monitor", + "providerGuid": "57EAF242-3772-533C-9FD2-29ED95606D14" + }, + { + "providerName": "Microsoft-Windows-HotspotAuth", + "providerGuid": "DE095DBE-8667-4168-94C2-48CA61665ACA" + }, + { + "providerName": "Microsoft-Windows-Http-SQM-Provider", + "providerGuid": "F5344219-87A4-4399-B14A-E59CD118ABB8" + }, + { + "providerName": "Microsoft-Windows-HttpEvent", + "providerGuid": "7B6BC78C-898B-4170-BBF8-1A469EA43FC5" + }, + { + "providerName": "Microsoft-Windows-HttpLog", + "providerGuid": "C42A2738-2333-40A5-A32F-6ACC36449DCC" + }, + { + "providerName": "Microsoft-Windows-HttpService", + "providerGuid": "DD5EF90A-6398-47A4-AD34-4DCECDEF795F" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Chipset", + "providerGuid": "DE9BA731-7F33-4F44-98C9-6CAC856B9F83" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Compute", + "providerGuid": "17103E3F-3C6E-4677-BB17-3B267EB5BE57" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-ComputeLib", + "providerGuid": "AF7FD3A7-B248-460C-A9F5-FEC39EF8468C" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Config", + "providerGuid": "02F3A5E3-E742-4720-85A5-F64C4184E511" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-CrashDump", + "providerGuid": "C7C9E4F7-C41D-5C68-F104-D72A920016C7" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Debug", + "providerGuid": "EDED5085-79D0-4E31-9B4E-4299B78CBEEB" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-DynMem", + "providerGuid": "B1D080A6-F3A5-42F6-B6F1-B9FD86C088DA" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-EmulatedDevices", + "providerGuid": "DA5A028B-B248-4A75-B60A-024FE6457484" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-EmulatedNic", + "providerGuid": "09242393-1349-4F4D-9FD7-59CC79F553CE" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-EmulatedStor", + "providerGuid": "86E15E01-EDF1-4AC7-89CF-B19563FD6894" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Dynamic-Memory", + "providerGuid": "BA2FFB5C-E20A-4FB9-91B4-45F61B4B66A0" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Storage-Filter", + "providerGuid": "0B9FDCCC-451C-449C-9BD8-6756FCC6091A" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Vmbus", + "providerGuid": "F2E2CE31-0E8A-4E46-A03B-2E0FE97E93C2" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Hierarchical-NIC-Switch", + "providerGuid": "31732CA5-D67C-59FD-DD5C-60A136EE4953" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Hypervisor", + "providerGuid": "52FC89F8-995E-434C-A91E-199986449890" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Integration", + "providerGuid": "2B74A015-3873-4C56-9928-EA80C58B2787" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Integration-RDV", + "providerGuid": "FDFF33EC-70AA-46D3-BA65-7210009FA2A7" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-KMCL", + "providerGuid": "FA3F78FF-BA6D-4EDE-96B2-9C5BB803E3BA" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-KMCL-Child", + "providerGuid": "16D90D71-CACA-5CD9-A618-8210D93015F3" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Netvsc", + "providerGuid": "152FBE4B-C7AD-4F68-BADA-A4FCC1464F6C" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Serial", + "providerGuid": "8F9DF503-1D12-49EC-BB28-F6EC42D361D4" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-StorageVSP", + "providerGuid": "10B3D268-9782-49A4-AACC-A93C5482CB6F" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-SynthFcVdev", + "providerGuid": "5B621A17-3B58-4D03-94F0-314F4E9C79AE" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-SynthNic", + "providerGuid": "C29C4FB7-B60E-4FFF-9AF9-CF21F9B09A34" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-SynthStor", + "providerGuid": "EDACD782-2564-4497-ADE6-7199377850F2" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Tpm", + "providerGuid": "13EAE551-76CA-4DDC-B974-D3A0F8D44A03" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-UiDevices", + "providerGuid": "339AAD0A-4124-4968-8147-4CBBB1F8B3D5" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VfpExt", + "providerGuid": "9F2660EA-CFE7-428F-9850-AECA612619B0" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VfpExt-Ifr", + "providerGuid": "DBA692D9-D755-51B8-84EE-FE38FD18F4F0" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VID", + "providerGuid": "5931D877-4860-4EE7-A95C-610A5F0D1407" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Virtual-PMEM", + "providerGuid": "AE3F5BF8-AB9F-56D6-29C8-8C312E2FAEC2" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VmbusVdev", + "providerGuid": "177D1599-9764-4E3A-BF9A-C86887AADDCE" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VMMS", + "providerGuid": "6066F867-7CA1-4418-85FD-36E3F9C0600C" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VMSP", + "providerGuid": "1CEB22B1-97FF-4703-BEB2-333EB89B522A" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VmSwitch", + "providerGuid": "67DC0D66-3695-47C0-9642-33F76F7BD7AD" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-VSmb", + "providerGuid": "7B0EA079-E3BC-424A-B2F0-E3D8478D204B" + }, + { + "providerName": "Microsoft-Windows-Hyper-V-Worker", + "providerGuid": "51DDFA29-D5C8-4803-BE4B-2ECB715570FE" + }, + { + "providerName": "Microsoft-Windows-IdCtrls", + "providerGuid": "6D7662A9-034E-4B1F-A167-67819C401632" + }, + { + "providerName": "Microsoft-Windows-IdleTriggerProvider", + "providerGuid": "9E03F75A-BCBE-428A-8F3C-D46F2A444935" + }, + { + "providerName": "Microsoft-Windows-IE-F12-Provider", + "providerGuid": "D17FFF2F-392D-478C-A41D-737A216EB2A4" + }, + { + "providerName": "Microsoft-Windows-IE-SmartScreen", + "providerGuid": "52F82079-1974-4C67-81DA-807B892778BB" + }, + { + "providerName": "Microsoft-Windows-IME-Broker", + "providerGuid": "E2C15FD7-8924-4C8C-8CFE-DA0BE539CE27" + }, + { + "providerName": "Microsoft-Windows-IME-CandidateUI", + "providerGuid": "7C4117B1-ED82-4F47-B2CA-29E4E25719C7" + }, + { + "providerName": "Microsoft-Windows-IME-CustomerFeedbackManager", + "providerGuid": "E2242B38-9453-42FD-B446-00746E76EB82" + }, + { + "providerName": "Microsoft-Windows-IME-CustomerFeedbackManagerUI", + "providerGuid": "1B734B40-A458-4B81-954F-AD7C9461BED8" + }, + { + "providerName": "Microsoft-Windows-IME-JPAPI", + "providerGuid": "31BCAC7F-4AB8-47A1-B73A-A161EE68D585" + }, + { + "providerName": "Microsoft-Windows-IME-JPLMP", + "providerGuid": "DBC388BC-89C2-4FE0-B71F-6E4881FB575C" + }, + { + "providerName": "Microsoft-Windows-IME-JPPRED", + "providerGuid": "3AD571F3-BDAE-4942-8733-4D1B85870A1E" + }, + { + "providerName": "Microsoft-Windows-IME-JPSetting", + "providerGuid": "14371053-1813-471A-9510-1CF1D0A055A8" + }, + { + "providerName": "Microsoft-Windows-IME-JPTIP", + "providerGuid": "8C8A69AD-CC89-481F-BBAD-FD95B5006256" + }, + { + "providerName": "Microsoft-Windows-IME-KRAPI", + "providerGuid": "7562948E-2671-4DDA-8F8F-BF945EF984A1" + }, + { + "providerName": "Microsoft-Windows-IME-KRTIP", + "providerGuid": "E013E74B-97F4-4E1C-A120-596E5629ECFE" + }, + { + "providerName": "Microsoft-Windows-IME-OEDCompiler", + "providerGuid": "FD44A6E7-580F-4A9C-83D9-D820B7D3A033" + }, + { + "providerName": "Microsoft-Windows-IME-TCCORE", + "providerGuid": "F67B2345-47FA-4721-A6FB-FE08110EECF7" + }, + { + "providerName": "Microsoft-Windows-IME-TCTIP", + "providerGuid": "D5268C02-6F51-436F-983B-74F2EFBFAF3A" + }, + { + "providerName": "Microsoft-Windows-IME-TIP", + "providerGuid": "BDD4B92E-19EF-4497-9C4A-E10E7FD2E227" + }, + { + "providerName": "Microsoft-Windows-Immersive-Shell", + "providerGuid": "315A8872-923E-4EA2-9889-33CD4754BF64" + }, + { + "providerName": "Microsoft-Windows-Immersive-Shell-API", + "providerGuid": "5F0E257F-C224-43E5-9555-2ADCB8540A58" + }, + { + "providerName": "Microsoft-Windows-IndirectDisplays-ClassExtension-Events", + "providerGuid": "966CD1C0-3F69-42AD-9877-517DCE8462B4" + }, + { + "providerName": "Microsoft-Windows-Input-HIDCLASS", + "providerGuid": "6465DA78-E7A0-4F39-B084-8F53C7C30DC6" + }, + { + "providerName": "Microsoft-Windows-InputSwitch", + "providerGuid": "BB8E7234-BBF4-48A7-8741-339206ED1DFB" + }, + { + "providerName": "Microsoft-Windows-Install-Agent", + "providerGuid": "E0C6F6DE-258A-50E0-AC1A-103482D118BC" + }, + { + "providerName": "Microsoft-Windows-International-RegionalOptionsControlPanel", + "providerGuid": "C6BF6832-F7BD-4151-AC21-753CE4707453" + }, + { + "providerName": "Microsoft-Windows-Iphlpsvc", + "providerGuid": "66A5C15C-4F8E-4044-BF6E-71D896038977" + }, + { + "providerName": "Microsoft-Windows-Iphlpsvc-Trace", + "providerGuid": "6600E712-C3B6-44A2-8A48-935C511F28C8" + }, + { + "providerName": "Microsoft-Windows-IPMIProvider", + "providerGuid": "2A45D52E-BBF3-4843-8E18-B356ED5F6A65" + }, + { + "providerName": "Microsoft-Windows-IPNAT", + "providerGuid": "A67075C2-3E39-4109-B6CD-6D750058A732" + }, + { + "providerName": "Microsoft-Windows-IPSEC-SRV", + "providerGuid": "C91EF675-842F-4FCF-A5C9-6EA93F2E4F8B" + }, + { + "providerName": "Microsoft-Windows-IPxlatCfg", + "providerGuid": "3E5AC668-AF52-4C15-B99B-A3E7A6616EBD" + }, + { + "providerName": "Microsoft-Windows-IsolatedUserMode", + "providerGuid": "73A33AB2-1966-4999-8ADD-868C41415269" + }, + { + "providerName": "Microsoft-Windows-KdsSvc", + "providerGuid": "89203471-D554-47D4-BDE4-7552EC219999" + }, + { + "providerName": "Microsoft-Windows-Kerberos-Local-Key-Distribution-Center", + "providerGuid": "57C834D7-0368-5D1B-8F01-1E2F89F0000D" + }, + { + "providerName": "Microsoft-Windows-Kernel-Acpi", + "providerGuid": "C514638F-7723-485B-BCFC-96565D735D4A" + }, + { + "providerName": "Microsoft-Windows-Kernel-AppCompat", + "providerGuid": "16A1ADC1-9B7F-4CD9-94B3-D8296AB1B130" + }, + { + "providerName": "Microsoft-Windows-Kernel-Audit-API-Calls", + "providerGuid": "E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23" + }, + { + "providerName": "Microsoft-Windows-Kernel-Boot", + "providerGuid": "15CA44FF-4D7A-4BAA-BBA5-0998955E531E" + }, + { + "providerName": "Microsoft-Windows-Kernel-BootDiagnostics", + "providerGuid": "96AC7637-5950-4A30-B8F7-E07E8E5734C1" + }, + { + "providerName": "Microsoft-Windows-Kernel-Cache", + "providerGuid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD" + }, + { + "providerName": "Microsoft-Windows-Kernel-CPU-Partition", + "providerGuid": "3A493674-937F-5A23-F598-D56B9BD10D28" + }, + { + "providerName": "Microsoft-Windows-Kernel-CPU-Starvation", + "providerGuid": "7F54CA8A-6C72-5CBC-B96F-D0EF905B8BCE" + }, + { + "providerName": "Microsoft-Windows-Kernel-Disk", + "providerGuid": "C7BDE69A-E1E0-4177-B6EF-283AD1525271" + }, + { + "providerName": "Microsoft-Windows-Kernel-Dump", + "providerGuid": "17D2A329-4539-5F4D-3435-F510634CE3B9" + }, + { + "providerName": "Microsoft-Windows-Kernel-EventTracing", + "providerGuid": "B675EC37-BDB6-4648-BC92-F3FDC74D3CA2" + }, + { + "providerName": "Microsoft-Windows-Kernel-File", + "providerGuid": "EDD08927-9CC4-4E65-B970-C2560FB5C289" + }, + { + "providerName": "Microsoft-Windows-Kernel-General", + "providerGuid": "A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D" + }, + { + "providerName": "Microsoft-Windows-Kernel-Interrupt-Steering", + "providerGuid": "951B41EA-C830-44DC-A671-E2C9958809B8" + }, + { + "providerName": "Microsoft-Windows-Kernel-IO", + "providerGuid": "ABF1F586-2E50-4BA8-928D-49044E6F0DB7" + }, + { + "providerName": "Microsoft-Windows-Kernel-IoTrace", + "providerGuid": "A103CABD-8242-4A93-8DF5-1CDF3B3F26A6" + }, + { + "providerName": "Microsoft-Windows-Kernel-Licensing-StartServiceTrigger", + "providerGuid": "F5528ADA-BE5F-4F14-8AEF-A95DE7281161" + }, + { + "providerName": "Microsoft-Windows-Kernel-LicensingSqm", + "providerGuid": "A0AF438F-4431-41CB-A675-A265050EE947" + }, + { + "providerName": "Microsoft-Windows-Kernel-LiveDump", + "providerGuid": "BEF2AA8E-81CD-11E2-A7BB-5EAC6188709B" + }, + { + "providerName": "Microsoft-Windows-Kernel-Memory", + "providerGuid": "D1D93EF7-E1F2-4F45-9943-03D245FE6C00" + }, + { + "providerName": "Microsoft-Windows-Kernel-Network", + "providerGuid": "7DD42A49-5329-4832-8DFD-43D979153A88" + }, + { + "providerName": "Microsoft-Windows-Kernel-Pep", + "providerGuid": "5412704E-B2E1-4624-8FFD-55777B8F7373" + }, + { + "providerName": "Microsoft-Windows-Kernel-PnP", + "providerGuid": "9C205A39-1250-487D-ABD7-E831C6290539" + }, + { + "providerName": "Microsoft-Windows-Kernel-PnP-Rundown", + "providerGuid": "B3A0C2C8-83BB-4DDF-9F8D-4B22D3C38AD7" + }, + { + "providerName": "Microsoft-Windows-Kernel-Power", + "providerGuid": "331C3B3A-2005-44C2-AC5E-77220C37D6B4" + }, + { + "providerName": "Microsoft-Windows-Kernel-PowerTrigger", + "providerGuid": "AA1F73E8-15FD-45D2-ABFD-E7F64F78EB11" + }, + { + "providerName": "Microsoft-Windows-Kernel-Prefetch", + "providerGuid": "5322D61A-9EFA-4BC3-A3F9-14BE95C144F8" + }, + { + "providerName": "Microsoft-Windows-Kernel-Prm", + "providerGuid": "B931ED29-66F4-576E-0579-0B8818A5DC6B" + }, + { + "providerName": "Microsoft-Windows-Kernel-Process", + "providerGuid": "22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716" + }, + { + "providerName": "Microsoft-Windows-Kernel-Processor-Power", + "providerGuid": "0F67E49F-FE51-4E9F-B490-6F2948CC6027" + }, + { + "providerName": "Microsoft-Windows-Kernel-Registry", + "providerGuid": "70EB4F03-C1DE-4F73-A051-33D13D5413BD" + }, + { + "providerName": "Microsoft-Windows-Kernel-ShimEngine", + "providerGuid": "0BF2FB94-7B60-4B4D-9766-E82F658DF540" + }, + { + "providerName": "Microsoft-Windows-Kernel-StoreMgr", + "providerGuid": "A6AD76E3-867A-4635-91B3-4904BA6374D7" + }, + { + "providerName": "Microsoft-Windows-Kernel-Tm", + "providerGuid": "4CEC9C95-A65F-4591-B5C4-30100E51D870" + }, + { + "providerName": "Microsoft-Windows-Kernel-Tm-Trigger", + "providerGuid": "CE20D1C3-A247-4C41-BCB8-3C7F52C8B805" + }, + { + "providerName": "Microsoft-Windows-Kernel-WDI", + "providerGuid": "2FF3E6B7-CB90-4700-9621-443F389734ED" + }, + { + "providerName": "Microsoft-Windows-Kernel-WHEA", + "providerGuid": "7B563579-53C8-44E7-8236-0F87B9FE6594" + }, + { + "providerName": "Microsoft-Windows-Kernel-WSService-StartServiceTrigger", + "providerGuid": "3635D4B6-77E3-4375-8124-D545B7149337" + }, + { + "providerName": "Microsoft-Windows-Kernel-XDV", + "providerGuid": "F029AC39-38F0-4A40-B7DE-404D244004CB" + }, + { + "providerName": "Microsoft-Windows-KernelStreaming", + "providerGuid": "548C4417-CE45-41FF-99DD-528F01CE0FE1" + }, + { + "providerName": "Microsoft-Windows-KeyboardFilter", + "providerGuid": "84DE80EB-86E8-4FF6-85A6-9319ABD578A4" + }, + { + "providerName": "Microsoft-Windows-KnownFolders", + "providerGuid": "8939299F-2315-4C5C-9B91-ABB86AA0627D" + }, + { + "providerName": "Microsoft-Windows-L2NACP", + "providerGuid": "85FE7609-FF4A-48E9-9D50-12918E43E1DA" + }, + { + "providerName": "Microsoft-Windows-LanGPA", + "providerGuid": "CB070027-1534-4CF3-98EA-B9751F508376" + }, + { + "providerName": "Microsoft-Windows-LanguagePackSetup", + "providerGuid": "7237FFF9-A08A-4804-9C79-4A8704B70B87" + }, + { + "providerName": "Microsoft-Windows-LAPS", + "providerGuid": "4FCC72A9-D7CA-5DD2-8D34-6F41A0CDB7E0" + }, + { + "providerName": "Microsoft-Windows-LDAP-Client", + "providerGuid": "099614A5-5DD7-4788-8BC9-E29F43DB28FC" + }, + { + "providerName": "Microsoft-Windows-LimitsManagement", + "providerGuid": "73AA0094-FACB-4AEB-BD1D-A7B98DD5C799" + }, + { + "providerName": "Microsoft-Windows-LinkLayerDiscoveryProtocol", + "providerGuid": "DCBFB8F0-CD19-4F1C-A27D-23AC706DED72" + }, + { + "providerName": "Microsoft-Windows-LiveId", + "providerGuid": "05F02597-FE85-4E67-8542-69567AB8FD4F" + }, + { + "providerName": "Microsoft-Windows-LLTD-Mapper", + "providerGuid": "CCC64809-6B5F-4C1B-AB39-336904DA9B3B" + }, + { + "providerName": "Microsoft-Windows-LLTD-MapperIO", + "providerGuid": "0741C7BE-DAAC-4A5B-B00A-4BD9A2D89D0E" + }, + { + "providerName": "Microsoft-Windows-LLTD-Responder", + "providerGuid": "E159FC63-02FE-42F3-A234-028B9B8561CB" + }, + { + "providerName": "Microsoft-Windows-LocationServiceProvider", + "providerGuid": "8E889F0C-7D54-52B3-E4AE-2C8B27A482C2" + }, + { + "providerName": "Microsoft-Windows-LUA", + "providerGuid": "93C05D69-51A3-485E-877F-1806A8731346" + }, + { + "providerName": "Microsoft-Windows-Magnification", + "providerGuid": "C882FF1D-7585-4B33-B135-95C577179137" + }, + { + "providerName": "Microsoft-Windows-Management-SecureAssessment", + "providerGuid": "A329CF81-57EC-46ED-AB7C-261A52B0754A" + }, + { + "providerName": "Microsoft-Windows-MapControls", + "providerGuid": "ACD88D21-E1D4-4483-B974-0C1DA66CC529" + }, + { + "providerName": "Microsoft-Windows-MCCS-AccountAccessor", + "providerGuid": "4025D192-273D-42EC-BDF8-940EC34EEDCA" + }, + { + "providerName": "Microsoft-Windows-MCCS-AccountsHost", + "providerGuid": "04ECCF8E-8490-4AD1-8ED5-0AE7750E69E6" + }, + { + "providerName": "Microsoft-Windows-MCCS-AccountsRT", + "providerGuid": "DD2743C6-1722-4674-9F6F-C80044C4232E" + }, + { + "providerName": "Microsoft-Windows-MCCS-ActiveSyncCsp", + "providerGuid": "602A0873-9BDE-48B3-B6B7-277035293458" + }, + { + "providerName": "Microsoft-Windows-MCCS-ActiveSyncProvider", + "providerGuid": "4A155F10-25AD-47E6-ABA8-2C4F5EEE7846" + }, + { + "providerName": "Microsoft-Windows-MCCS-DavSyncProvider", + "providerGuid": "5D86C4E2-8FCD-48D7-A713-9A04609C0189" + }, + { + "providerName": "Microsoft-Windows-MCCS-EngineShared", + "providerGuid": "BF460FC6-45C5-4119-ADD3-E361A6E7D5AC" + }, + { + "providerName": "Microsoft-Windows-MCCS-InternetMail", + "providerGuid": "618473BC-8EEF-4868-ADFF-A1B640B06411" + }, + { + "providerName": "Microsoft-Windows-MCCS-InternetMailCsp", + "providerGuid": "BEC5E7A4-0527-42E8-8174-FABDE799AD7F" + }, + { + "providerName": "Microsoft-Windows-MCCS-NetworkHelper", + "providerGuid": "25B99A4C-2F80-4FCD-982D-69CD1F77BADF" + }, + { + "providerName": "Microsoft-Windows-MCCS-SyncController", + "providerGuid": "7FCB9791-F481-46D1-846E-2EB6F003C4D3" + }, + { + "providerName": "Microsoft-Windows-MCCS-SyncUtil", + "providerGuid": "DCA074CE-547C-4595-AE90-56229B8E3BD9" + }, + { + "providerName": "Microsoft-Windows-Media-Protection-PlayReady-Performance", + "providerGuid": "D2402FDE-7526-5A7B-501A-25DC7C9C282E" + }, + { + "providerName": "Microsoft-Windows-Media-Streaming", + "providerGuid": "982824E5-E446-46AE-BC74-836401FFB7B6" + }, + { + "providerName": "Microsoft-Windows-MediaEngine", + "providerGuid": "8F2048E0-F260-4F57-A8D1-932376291682" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-MFCaptureEngine", + "providerGuid": "B8197C10-845F-40CA-82AB-9341E98CFC2B" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-MFReadWrite", + "providerGuid": "4B7EAC67-FC53-448C-A49D-7CC6DB524DA7" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-MSVProc", + "providerGuid": "A4112D1A-6DFA-476E-BB75-E350D24934E1" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-Performance", + "providerGuid": "F404B94E-27E0-4384-BFE8-1D8D390B0AA3" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-Performance-Core", + "providerGuid": "B20E65AC-C905-4014-8F78-1B6A508142EB" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-Platform", + "providerGuid": "BC97B970-D001-482F-8745-B8D7D5759F99" + }, + { + "providerName": "Microsoft-Windows-MediaFoundation-PlayAPI", + "providerGuid": "B65471E1-019D-436F-BC38-E15FA8E87F53" + }, + { + "providerName": "Microsoft-Windows-Memory-Diagnostic-Task-Handler", + "providerGuid": "BABDA89A-4D5E-48EB-AF3D-E0E8410207C0" + }, + { + "providerName": "Microsoft-Windows-MemoryDiagnostics-Results", + "providerGuid": "5F92BC59-248F-4111-86A9-E393E12C6139" + }, + { + "providerName": "Microsoft-Windows-MemoryDiagnostics-Schedule", + "providerGuid": "73E9C9DE-A148-41F7-B1DB-4DA051FDC327" + }, + { + "providerName": "Microsoft-Windows-MF", + "providerGuid": "A7364E1A-894F-4B3D-A930-2ED9C8C4C811" + }, + { + "providerName": "Microsoft-Windows-MF-FrameServer", + "providerGuid": "9E22A3ED-7B32-4B99-B6C2-21DD6ACE01E1" + }, + { + "providerName": "Microsoft-Windows-MF-MFDshowReverseBridge", + "providerGuid": "AA1105FA-5AF2-5FD6-89B5-002421C5E2CA" + }, + { + "providerName": "Microsoft-Windows-MFH264Enc", + "providerGuid": "2A49DE31-8A5B-4D3A-A904-7FC7409AE90D" + }, + { + "providerName": "Microsoft-Windows-Minstore", + "providerGuid": "55B24B1D-DD9C-44C0-BA77-4F749F1B6976" + }, + { + "providerName": "Microsoft-Windows-MMCSS", + "providerGuid": "36008301-E154-466C-ACEC-5F4CBD6B4694" + }, + { + "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-Api", + "providerGuid": "2E2BBB16-0C36-4B9B-A567-40924A199FD5" + }, + { + "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal", + "providerGuid": "2AABD03B-F48B-419A-B4CE-7A14403F4A46" + }, + { + "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi", + "providerGuid": "0FF1C24B-7F05-45C0-ABDC-3C8521BE4F62" + }, + { + "providerName": "Microsoft-Windows-MobilityCenter", + "providerGuid": "91F42016-0B4E-4A4B-9BBB-825D06CBED35" + }, + { + "providerName": "Microsoft-Windows-mobsync", + "providerGuid": "B44AEC44-38F4-4B59-8DF3-10306ABF19B2" + }, + { + "providerName": "Microsoft-Windows-ModernDeployment-Diagnostics-Provider", + "providerGuid": "BAB3AD92-FB96-5902-450B-B8421BDEC7BD" + }, + { + "providerName": "Microsoft-Windows-MosHost", + "providerGuid": "D116F0F2-A6D6-4F1F-BDDA-0C88C8D1F2E9" + }, + { + "providerName": "Microsoft-Windows-MountMgr", + "providerGuid": "E3BAC9F8-27BE-4823-8D7F-1CC320C05FA7" + }, + { + "providerName": "Microsoft-Windows-MP4SDECD", + "providerGuid": "7F2BD991-AE93-454A-B219-0BC23F02262A" + }, + { + "providerName": "Microsoft-Windows-MPEG2_DLNA-Encoder", + "providerGuid": "86EFFF39-2BDD-4EFD-BD0B-853D71B2A9DC" + }, + { + "providerName": "Microsoft-Windows-Mprddm", + "providerGuid": "3A5BEF13-D0F7-4E7F-9EC8-5E707DF711D0" + }, + { + "providerName": "Microsoft-Windows-MPRMSG", + "providerGuid": "F2C628AE-D26C-4352-9C45-74754E1E2F9F" + }, + { + "providerName": "Microsoft-Windows-MPS-CLNT", + "providerGuid": "37945DC2-899B-44D1-B79C-DD4A9E57FF98" + }, + { + "providerName": "Microsoft-Windows-MPS-DRV", + "providerGuid": "50BD1BFD-936B-4DB3-86BE-E25B96C25898" + }, + { + "providerName": "Microsoft-Windows-MPS-SRV", + "providerGuid": "5444519F-2484-45A2-991E-953E4B54C8E0" + }, + { + "providerName": "Microsoft-Windows-MPTF", + "providerGuid": "EA6C5BEA-F5CC-56A4-E146-671BF483D53B" + }, + { + "providerName": "Microsoft-Windows-MSDTC", + "providerGuid": "719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D" + }, + { + "providerName": "Microsoft-Windows-MSDTC 2", + "providerGuid": "5D9E0020-3761-4F36-90C8-38CE6511BD12" + }, + { + "providerName": "Microsoft-Windows-MSDTC Client", + "providerGuid": "7A67066E-193F-4D3A-82D3-322FEE5259DE" + }, + { + "providerName": "Microsoft-Windows-MSDTC Client 2", + "providerGuid": "155CB334-3D7F-4FF1-B107-DF8AFC3C0363" + }, + { + "providerName": "Microsoft-Windows-MSFTEDIT", + "providerGuid": "9640427C-7D03-4331-B8EE-FB77625BF381" + }, + { + "providerName": "Microsoft-Windows-MsiServer", + "providerGuid": "17E92E2A-3D08-413E-BAEB-A79A262BF486" + }, + { + "providerName": "Microsoft-Windows-MSMPEG2ADEC", + "providerGuid": "51311DE3-D55E-454A-9C58-43DC7B4C01D2" + }, + { + "providerName": "Microsoft-Windows-MSMPEG2VDEC", + "providerGuid": "AE5CF422-786A-476A-AC96-753B05877C99" + }, + { + "providerName": "Microsoft-Windows-msmpeg2venc", + "providerGuid": "D17B213A-C505-49C9-98CC-734253EF65D4" + }, + { + "providerName": "Microsoft-Windows-MUI", + "providerGuid": "A8A1F2F6-A13A-45E9-B1FE-3419569E5EF2" + }, + { + "providerName": "Microsoft-Windows-Narrator", + "providerGuid": "835B79E2-E76A-44C4-9885-26AD122D3B4D" + }, + { + "providerName": "Microsoft-Windows-Ncasvc", + "providerGuid": "126DED58-A28D-4113-8E7A-59D7444B2AF1" + }, + { + "providerName": "Microsoft-Windows-NcdAutoSetup", + "providerGuid": "EC23F986-AE2D-4269-B52F-4E20765C1A94" + }, + { + "providerName": "Microsoft-Windows-NCSI", + "providerGuid": "314DE49F-CE63-4779-BA2B-D616F6963A88" + }, + { + "providerName": "Microsoft-Windows-NDF-HelperClassDiscovery", + "providerGuid": "FC3BC8A7-2F61-449C-A8B4-22AC22058F92" + }, + { + "providerName": "Microsoft-Windows-NDIS", + "providerGuid": "CDEAD503-17F5-4A3E-B7AE-DF8CC2902EB9" + }, + { + "providerName": "Microsoft-Windows-NDIS-PacketCapture", + "providerGuid": "2ED6006E-4729-4609-B423-3EE7BCD678EF" + }, + { + "providerName": "Microsoft-Windows-NdisImPlatformEventProvider", + "providerGuid": "11C5D8AD-756A-42C2-8087-EB1B4A72A846" + }, + { + "providerName": "Microsoft-Windows-NdisImPlatformSysEvtProvider", + "providerGuid": "62DE9E48-90C6-4755-8813-6A7D655B0802" + }, + { + "providerName": "Microsoft-Windows-Ndu", + "providerGuid": "DF271536-4298-45E1-B0F2-E88F78619C5D" + }, + { + "providerName": "Microsoft-Windows-NetAdapterCim-Diag", + "providerGuid": "6CC2405D-817F-4886-886F-D5D1643210F0" + }, + { + "providerName": "Microsoft-Windows-Netshell", + "providerGuid": "AF2E340C-0743-4F5A-B2D3-2F7225D215DE" + }, + { + "providerName": "Microsoft-Windows-Network-and-Sharing-Center", + "providerGuid": "6A502821-AB44-40C8-B32F-37315D9D52E0" + }, + { + "providerName": "Microsoft-Windows-Network-Connection-Broker", + "providerGuid": "3EB875EB-8F4A-4800-A00B-E484C97D7551" + }, + { + "providerName": "Microsoft-Windows-Network-ExecutionContext", + "providerGuid": "0075E1AB-E1D1-5D1F-35F5-DA36FB4F41B1" + }, + { + "providerName": "Microsoft-Windows-Network-Setup", + "providerGuid": "A111F1C2-5923-47C0-9A68-D0BAFB577901" + }, + { + "providerName": "Microsoft-Windows-NetworkBridge", + "providerGuid": "A67075C2-3E39-4109-B6CD-6D750058A731" + }, + { + "providerName": "Microsoft-Windows-NetworkConnectivityStatus", + "providerGuid": "014DE49F-CE63-4779-BA2B-D616F6963A87" + }, + { + "providerName": "Microsoft-Windows-NetworkGCW", + "providerGuid": "BE932B00-0F8E-4386-AB89-873F7D0274AA" + }, + { + "providerName": "Microsoft-Windows-Networking-Correlation", + "providerGuid": "83ED54F0-4D48-4E45-B16E-726FFD1FA4AF" + }, + { + "providerName": "Microsoft-Windows-Networking-RealTimeCommunication", + "providerGuid": "1E39B4CE-D1E6-46CE-B65B-5AB05D6CC266" + }, + { + "providerName": "Microsoft-Windows-NetworkManagerTriggerProvider", + "providerGuid": "9B307223-4E4D-4BF5-9BE8-995CD8E7420B" + }, + { + "providerName": "Microsoft-Windows-NetworkProfile", + "providerGuid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E" + }, + { + "providerName": "Microsoft-Windows-NetworkProfileTriggerProvider", + "providerGuid": "FBCFAC3F-8460-419F-8E48-1F0B49CDB85E" + }, + { + "providerName": "Microsoft-Windows-NetworkProvider", + "providerGuid": "1E9A4978-78C2-441E-8858-75B5D1326BC5" + }, + { + "providerName": "Microsoft-Windows-NetworkProvisioning", + "providerGuid": "93A19AB3-FB2C-46EB-91EF-56B0A318B983" + }, + { + "providerName": "Microsoft-Windows-NetworkSecurity", + "providerGuid": "7B702970-90BC-4584-8B20-C0799086EE5A" + }, + { + "providerName": "Microsoft-Windows-NlaSvc", + "providerGuid": "63B530F8-29C9-4880-A5B4-B8179096E7B8" + }, + { + "providerName": "Microsoft-Windows-Ntfs", + "providerGuid": "3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482" + }, + { + "providerName": "Microsoft-Windows-Ntfs-UBPM", + "providerGuid": "8E6A5303-A4CE-498F-AFDB-E03A8A82B077" + }, + { + "providerName": "Microsoft-Windows-NtfsLog_38cd4a5ae98f33938fa5234e6817e23d", + "providerGuid": "38CD4A5A-E98F-3393-8FA5-234E6817E23D" + }, + { + "providerName": "Microsoft-Windows-NTLM", + "providerGuid": "AC43300D-5FCC-4800-8E99-1BD3F85F0320" + }, + { + "providerName": "Microsoft-Windows-ntshrui", + "providerGuid": "676F167F-F72C-446E-A498-EDA43319A5E3" + }, + { + "providerName": "Microsoft-Windows-NvmeDisk", + "providerGuid": "9799276C-FB04-47E8-845E-36946045C218" + }, + { + "providerName": "Microsoft-Windows-NWiFi", + "providerGuid": "0BD3506A-9030-4F76-9B88-3E8FE1F7CFB6" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles", + "providerGuid": "95353826-4FBE-41D4-9C42-F521C6E86360" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscApi", + "providerGuid": "19EE4CF9-5322-4843-B0D8-BAB81BE4E81E" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscDclUser", + "providerGuid": "D5418619-C167-44D9-BC36-765BEB5D55F3" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscFastSync", + "providerGuid": "791CD79C-65B5-48A3-804C-786048994F47" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscNetApi", + "providerGuid": "361F227C-AA14-4D19-9007-0C8D1A8A541B" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscService", + "providerGuid": "89D89015-C0DF-414C-BC48-F50E114832BC" + }, + { + "providerName": "Microsoft-Windows-OfflineFiles-CscUM", + "providerGuid": "5E23B838-5B71-47E6-B123-6FE02EF573EF" + }, + { + "providerName": "Microsoft-Windows-OLE-Perf", + "providerGuid": "84958368-7DA7-49A0-B33D-07FABB879626" + }, + { + "providerName": "Microsoft-Windows-OLEACC", + "providerGuid": "19D2C934-EE9B-49E5-AAEB-9CCE721D2C65" + }, + { + "providerName": "Microsoft-Windows-OneBackup", + "providerGuid": "72561CF0-C85C-4F78-9E8D-CBA9093DF62D" + }, + { + "providerName": "Microsoft-Windows-OneX", + "providerGuid": "AB0D8EF9-866D-4D39-B83F-453F3B8F6325" + }, + { + "providerName": "Microsoft-Windows-OOBE-FirstLogonAnim", + "providerGuid": "2D4C0C5E-6704-493A-A44B-F5ADD4FC9283" + }, + { + "providerName": "Microsoft-Windows-OOBE-Machine-Core", + "providerGuid": "EC276CDE-2A17-473C-A010-2FF78D5426D2" + }, + { + "providerName": "Microsoft-Windows-OOBE-Machine-DUI", + "providerGuid": "F5DBAA02-15D6-4644-A784-7032D508BF64" + }, + { + "providerName": "Microsoft-Windows-OobeLdr", + "providerGuid": "75EBC33E-8670-4EB6-B535-3B9D6BB222FD" + }, + { + "providerName": "Microsoft-Windows-osk", + "providerGuid": "4F768BE8-9C69-4BBC-87FC-95291D3F9D0C" + }, + { + "providerName": "Microsoft-Windows-OtpCredentialProviderEvt", + "providerGuid": "5CAD485A-210F-4C16-80C5-F892DE74E28D" + }, + { + "providerName": "Microsoft-Windows-OverlayFilter", + "providerGuid": "46C78E5C-A213-46A8-8A6B-622F6916201D" + }, + { + "providerName": "Microsoft-Windows-ParentalControls", + "providerGuid": "01090065-B467-4503-9B28-533766761087" + }, + { + "providerName": "Microsoft-Windows-Partition", + "providerGuid": "412BDFF2-A8C4-470D-8F33-63FE0D8C20E2" + }, + { + "providerName": "Microsoft-Windows-PCI", + "providerGuid": "1A9443D4-B099-44D6-8EB1-829B9C2FE290" + }, + { + "providerName": "Microsoft-Windows-PCRPF", + "providerGuid": "5909C524-5E57-5275-803F-DDB7B74C52F2" + }, + { + "providerName": "Microsoft-Windows-PDC", + "providerGuid": "A6BF0DEB-3659-40AD-9F81-E25AF62CE3C7" + }, + { + "providerName": "Microsoft-Windows-PDFReader", + "providerGuid": "DFA86FAA-2C55-4140-BFF9-5CC586217A7B" + }, + { + "providerName": "Microsoft-Windows-PDH", + "providerGuid": "04D66358-C4A1-419B-8023-23B73902DE2C" + }, + { + "providerName": "Microsoft-Windows-PerceptionRuntime", + "providerGuid": "ADD0DE40-32B0-4B58-9D5E-938B2F5C1D1F" + }, + { + "providerName": "Microsoft-Windows-PerceptionSensorDataService", + "providerGuid": "85BE49EA-38F1-4547-A604-80060202FB27" + }, + { + "providerName": "Microsoft-Windows-PerfDisk", + "providerGuid": "7F9D83DE-8ABB-457F-98E8-4AD161449ECC" + }, + { + "providerName": "Microsoft-Windows-Perflib", + "providerGuid": "13B197BD-7CEE-4B4E-8DD0-59314CE374CE" + }, + { + "providerName": "Microsoft-Windows-PerfNet", + "providerGuid": "CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B" + }, + { + "providerName": "Microsoft-Windows-Performance-Recorder-Control", + "providerGuid": "36B6F488-AAD7-48C2-AFE3-D4EC2C8B46FA" + }, + { + "providerName": "Microsoft-Windows-PerfOS", + "providerGuid": "F82FB576-E941-4956-A2C7-A0CF83F6450A" + }, + { + "providerName": "Microsoft-Windows-PerfProc", + "providerGuid": "72D211E1-4C54-4A93-9520-4901681B2271" + }, + { + "providerName": "Microsoft-Windows-PersistentMemory-Nvdimm", + "providerGuid": "A7F2235F-BE51-51ED-DECF-F4498812A9A2" + }, + { + "providerName": "Microsoft-Windows-PersistentMemory-PmemDisk", + "providerGuid": "0FA2EE03-1FEB-5057-3BB3-EB25521B8482" + }, + { + "providerName": "Microsoft-Windows-PersistentMemory-ScmBus", + "providerGuid": "C03715CE-EA6F-5B67-4449-DA1D1E1AFEB8" + }, + { + "providerName": "Microsoft-Windows-Photo-Image-Codec", + "providerGuid": "BE3A31EA-AA6C-4196-9DCC-9CA13A49E09F" + }, + { + "providerName": "Microsoft-Windows-PhotoAcq", + "providerGuid": "76CFA528-B26E-B773-62D0-9588270442A6" + }, + { + "providerName": "Microsoft-Windows-PktMon", + "providerGuid": "4D4F80D9-C8BD-4D73-BB5B-19C90402C5AC" + }, + { + "providerName": "Microsoft-Windows-PlayToManager", + "providerGuid": "BB311100-2D9F-4CD3-B2D6-F4EA3839C548" + }, + { + "providerName": "Microsoft-Windows-PortableDeviceStatusProvider", + "providerGuid": "8C63B5A5-B484-4381-892D-EDD424582DF7" + }, + { + "providerName": "Microsoft-Windows-PortableDeviceSyncProvider", + "providerGuid": "A3E1697B-A12C-46B9-84D1-7FFE73C4B678" + }, + { + "providerName": "Microsoft-Windows-Power-CAD", + "providerGuid": "DABA4D32-CC40-4266-BB95-C30344DBC680" + }, + { + "providerName": "Microsoft-Windows-Power-Meter-Polling", + "providerGuid": "306C4E0B-E148-543D-315B-C618EB93157C" + }, + { + "providerName": "Microsoft-Windows-Power-Troubleshooter", + "providerGuid": "CDC05E28-C449-49C6-B9D2-88CF761644DF" + }, + { + "providerName": "Microsoft-Windows-PowerCfg", + "providerGuid": "9F0C4EA8-EC01-4200-A00D-B9701CBEA5D8" + }, + { + "providerName": "Microsoft-Windows-PowerCpl", + "providerGuid": "B1F90B27-4551-49D6-B2BD-DFC6453762A6" + }, + { + "providerName": "Microsoft-Windows-PowerShell", + "providerGuid": "A0C1853B-5C40-4B15-8766-3CF1C58F985A" + }, + { + "providerName": "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager", + "providerGuid": "AAF67066-0BF8-469F-AB76-275590C434EE" + }, + { + "providerName": "Microsoft-Windows-PrintBRM", + "providerGuid": "CF3F502E-B40D-4071-996F-00981EDF938E" + }, + { + "providerName": "Microsoft-Windows-PrintService", + "providerGuid": "747EF6FD-E535-4D16-B510-42C90F6873A1" + }, + { + "providerName": "Microsoft-Windows-PrintService-USBMon", + "providerGuid": "7F812073-B28D-4AFC-9CED-B8010F914EF6" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing", + "providerGuid": "D67FBB76-D18A-5AE3-24A3-8C1DB52D6C62" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-Activity-History-Privacy-Settings", + "providerGuid": "63DD5DFB-2488-5E1F-7895-D49FF5BC7125" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-CPSS", + "providerGuid": "15F4CD44-CA53-5422-DB17-4E76821B5A69" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-DiagnosticData", + "providerGuid": "D3610DCA-4501-5A5D-21A7-30CA91130711" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-OneSettingsClient", + "providerGuid": "23F0F2C7-C77C-51EE-0AC1-5AC7796A85DF" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-PermissiveLearningMode", + "providerGuid": "811A1DDB-2E69-5F25-ADC0-4B186170E760" + }, + { + "providerName": "Microsoft-Windows-Privacy-Auditing-TailoredExperiences", + "providerGuid": "1BD672B8-445E-53FC-35EF-09F53672C385" + }, + { + "providerName": "Microsoft-Windows-ProcessExitMonitor", + "providerGuid": "FD771D53-8492-4057-8E35-8C02813AF49B" + }, + { + "providerName": "Microsoft-Windows-Processor-Aggregator", + "providerGuid": "CBA16CF2-2FAB-49F8-89AE-894E718649E7" + }, + { + "providerName": "Microsoft-Windows-ProcessStateManager", + "providerGuid": "D49918CF-9489-4BF1-9D7B-014D864CF71F" + }, + { + "providerName": "Microsoft-Windows-Program-Compatibility-Assistant", + "providerGuid": "4CB314DF-C11F-47D7-9C04-65FB0051561B" + }, + { + "providerName": "Microsoft-Windows-ProjFS-Filter", + "providerGuid": "B6D7DC51-78CF-4E85-8BAC-488A9F47A0BB" + }, + { + "providerName": "Microsoft-Windows-Provisioning-Diagnostics-Provider", + "providerGuid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9" + }, + { + "providerName": "Microsoft-Windows-Proximity-Common", + "providerGuid": "28058203-D394-4AFC-B2A6-2F9155A3BB95" + }, + { + "providerName": "Microsoft-Windows-Push-To-Install-Service", + "providerGuid": "3A718A68-6974-4075-ABD3-E8243CAEF398" + }, + { + "providerName": "Microsoft-Windows-PushNotifications-Developer", + "providerGuid": "5CAD3597-5FEC-4C62-9CE1-9D7ABC723D3A" + }, + { + "providerName": "Microsoft-Windows-PushNotifications-InProc", + "providerGuid": "815A1F4A-3F8D-4B37-9B31-5142F9D724A5" + }, + { + "providerName": "Microsoft-Windows-PushNotifications-Platform", + "providerGuid": "88CD9180-4491-4640-B571-E3BEE2527943" + }, + { + "providerName": "Microsoft-Windows-QoS-Pacer", + "providerGuid": "914ED502-B70D-4ADD-B758-95692854F8A3" + }, + { + "providerName": "Microsoft-Windows-QoS-qWAVE", + "providerGuid": "6BA132C4-DA49-415B-A7F4-31870DC9FE25" + }, + { + "providerName": "Microsoft-Windows-QoS-WMI-Diag", + "providerGuid": "725BA9B3-C1F3-4518-AF1B-C8D669191E15" + }, + { + "providerName": "Microsoft-Windows-RadioManager", + "providerGuid": "92061E3D-21CD-45BC-A3DF-0E8AE5E8580A" + }, + { + "providerName": "Microsoft-Windows-Ras-AgileVpn", + "providerGuid": "B5325CD6-438E-4EC1-AA46-14F46F2570E4" + }, + { + "providerName": "Microsoft-Windows-Ras-NdisWanPacketCapture", + "providerGuid": "D84521F7-2235-4237-A7C0-14E3A9676286" + }, + { + "providerName": "Microsoft-Windows-RasServer", + "providerGuid": "29D13147-1C2E-48EC-9994-E29DFE496EB3" + }, + { + "providerName": "Microsoft-Windows-RasSstp", + "providerGuid": "6C260F2C-049A-43D8-BF4D-D350A4E6611A" + }, + { + "providerName": "Microsoft-Windows-Rdp-Graphics-RdpAvenc", + "providerGuid": "EC7B8A8B-1432-58B3-6025-BE73D4EA28ED" + }, + { + "providerName": "Microsoft-Windows-Rdp-Graphics-RdpLite", + "providerGuid": "54DE4FB6-64D0-5710-3C14-13E4456119CE" + }, + { + "providerName": "Microsoft-Windows-ReadyBoost", + "providerGuid": "E6307A09-292C-497E-AAD6-498F68E2B619" + }, + { + "providerName": "Microsoft-Windows-ReadyBoostDriver", + "providerGuid": "2A274310-42D5-4019-B816-E4B8C7ABE95C" + }, + { + "providerName": "Microsoft-Windows-ReFS", + "providerGuid": "CD9C6198-BF73-4106-803B-C17D26559018" + }, + { + "providerName": "Microsoft-Windows-ReFS-v1", + "providerGuid": "059F0F37-910E-4FF0-A7EE-AE8D49DD319B" + }, + { + "providerName": "Microsoft-Windows-ReFsDedupSvc", + "providerGuid": "596CB176-FB71-587A-8FFB-F5CF15EE1E36" + }, + { + "providerName": "Microsoft-Windows-Remote-FileSystem-Log", + "providerGuid": "20C46239-D059-4214-A11E-7D6769CBE020" + }, + { + "providerName": "Microsoft-Windows-Remote-FileSystem-Monitor", + "providerGuid": "51734B23-5B7E-4892-BA8E-45BC110B735C" + }, + { + "providerName": "Microsoft-Windows-RemoteApp and Desktop Connections", + "providerGuid": "1B8B402D-78DC-46FB-BF71-46E64AEDF165" + }, + { + "providerName": "Microsoft-Windows-RemoteAssistance", + "providerGuid": "5B0A651A-8807-45CC-9656-7579815B6AF0" + }, + { + "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpClipCdv", + "providerGuid": "B1E2EE25-B5BC-5129-0582-81A0A146B59B" + }, + { + "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV", + "providerGuid": "C8E6DC53-660C-44EE-8D00-E47F189DB87F" + }, + { + "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", + "providerGuid": "1139C61B-B549-4251-8ED3-27250A1EDEC8" + }, + { + "providerName": "Microsoft-Windows-RemoteDesktopServices-SessionServices", + "providerGuid": "F1394DE0-32C7-4A76-A6DE-B245E48F4615" + }, + { + "providerName": "Microsoft-Windows-Remotefs-Rdbss", + "providerGuid": "1A870028-F191-4699-8473-6FCD299EAB77" + }, + { + "providerName": "Microsoft-Windows-RemoteHelp", + "providerGuid": "8B7587BF-3253-5620-FB1F-625BCA71D28D" + }, + { + "providerName": "Microsoft-Windows-ResetEng", + "providerGuid": "A4445C76-ED85-C8A3-02C1-532A38614A9E" + }, + { + "providerName": "Microsoft-Windows-ResetEng-Trace", + "providerGuid": "7FA514B5-A023-4B62-A6AB-2946A483E065" + }, + { + "providerName": "Microsoft-Windows-Resource-Exhaustion-Detector", + "providerGuid": "9988748E-C2E8-4054-85F6-0C3E1CAD2470" + }, + { + "providerName": "Microsoft-Windows-Resource-Exhaustion-Resolver", + "providerGuid": "91F5FB12-FDEA-4095-85D5-614B495CD9DE" + }, + { + "providerName": "Microsoft-Windows-ResourcePublication", + "providerGuid": "74C2135F-CC76-45C3-879A-EF3BB1EEAF86" + }, + { + "providerName": "Microsoft-Windows-RestartManager", + "providerGuid": "0888E5EF-9B98-4695-979D-E92CE4247224" + }, + { + "providerName": "Microsoft-Windows-RetailDemo", + "providerGuid": "D3F29EDA-805D-428A-9902-B259B937F84B" + }, + { + "providerName": "Microsoft-Windows-RPC", + "providerGuid": "6AD52B32-D609-4BE9-AE07-CE8DAE937E39" + }, + { + "providerName": "Microsoft-Windows-RPC-Audit", + "providerGuid": "3C578D57-F85A-5FC9-DEA0-8C663CCFF942" + }, + { + "providerName": "Microsoft-Windows-RPC-Events", + "providerGuid": "F4AED7C7-A898-4627-B053-44A7CAA12FCD" + }, + { + "providerName": "Microsoft-Windows-RPC-FirewallManager", + "providerGuid": "F997CD11-0FC9-4AB4-ACBA-BC742A4C0DD3" + }, + { + "providerName": "Microsoft-Windows-RPC-Proxy-LBS", + "providerGuid": "272A979B-34B5-48EC-94F5-7225A59C85A0" + }, + { + "providerName": "Microsoft-Windows-RPCSS", + "providerGuid": "D8975F88-7DDB-4ED0-91BF-3ADF48C48E0C" + }, + { + "providerName": "Microsoft-Windows-RRAS", + "providerGuid": "24989972-0967-4E21-A926-93854033638E" + }, + { + "providerName": "Microsoft-Windows-RTWorkQueue-Extended", + "providerGuid": "83FAAA86-63C8-4DD8-A2DA-FBADDDFC0655" + }, + { + "providerName": "Microsoft-Windows-RTWorkQueue-Threading", + "providerGuid": "E18D0FC9-9515-4232-98E4-89E456D8551B" + }, + { + "providerName": "Microsoft-Windows-Runtime-Graphics", + "providerGuid": "FA5CF675-72EB-49E2-B447-DE5552FAFF1C" + }, + { + "providerName": "Microsoft-Windows-Runtime-Media", + "providerGuid": "8F0DB3A8-299B-4D64-A4ED-907B409D4584" + }, + { + "providerName": "Microsoft-Windows-Runtime-Networking", + "providerGuid": "6EB875EB-8F4A-4800-A00B-E484C97D7561" + }, + { + "providerName": "Microsoft-Windows-Runtime-Networking-BackgroundTransfer", + "providerGuid": "B9D5B35D-BBB8-4625-9450-F71A5D414F4F" + }, + { + "providerName": "Microsoft-Windows-Runtime-Web-Http", + "providerGuid": "41877CB4-11FC-4188-B590-712C143C881D" + }, + { + "providerName": "Microsoft-Windows-Runtime-WebAPI", + "providerGuid": "6BD96334-DC49-441A-B9C4-41425BA628D8" + }, + { + "providerName": "Microsoft-Windows-Schannel-Events", + "providerGuid": "91CC1150-71AA-47E2-AE18-C96E61736B6F" + }, + { + "providerName": "Microsoft-Windows-SCPNP", + "providerGuid": "9F650C63-9409-453C-A652-83D7185A2E83" + }, + { + "providerName": "Microsoft-Windows-Sdbus", + "providerGuid": "FE28004E-B08F-4407-92B3-BAD3A2C51708" + }, + { + "providerName": "Microsoft-Windows-Sdstor", + "providerGuid": "AFE654EB-0A83-4EB4-948F-D4510EC39C30" + }, + { + "providerName": "Microsoft-Windows-Search", + "providerGuid": "CA4E628D-8567-4896-AB6B-835B221F373F" + }, + { + "providerName": "Microsoft-Windows-Search-Core", + "providerGuid": "49C2C27C-FE2D-40BF-8C4E-C3FB518037E7" + }, + { + "providerName": "Microsoft-Windows-Search-ProfileNotify", + "providerGuid": "FC6F77DD-769A-470E-BCF9-1B6555A118BE" + }, + { + "providerName": "Microsoft-Windows-Search-ProtocolHandlers", + "providerGuid": "DAB065A9-620F-45BA-B5D6-D6BB8EFEDEE9" + }, + { + "providerName": "Microsoft-Windows-SEC", + "providerGuid": "16C6501A-FF2D-46EA-868D-8F96CB0CB52D" + }, + { + "providerName": "Microsoft-Windows-SEC-WFP", + "providerGuid": "62834E12-795F-5AB2-B404-8D6D870DBBEB" + }, + { + "providerName": "Microsoft-Windows-Security-Audit-Configuration-Client", + "providerGuid": "08466062-AED4-4834-8B04-CDDB414504E5" + }, + { + "providerName": "Microsoft-Windows-Security-Auditing", + "providerGuid": "54849625-5478-4994-A5BA-3E3B0328C30D" + }, + { + "providerName": "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager", + "providerGuid": "2CD58181-0BB6-463E-828A-056FF837F966" + }, + { + "providerName": "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning", + "providerGuid": "9249D0D0-F034-402F-A29B-92FA8853D9F3" + }, + { + "providerName": "Microsoft-Windows-Security-IdentityStore", + "providerGuid": "00B7E1DF-B469-4C69-9C41-53A6576E3DAD" + }, + { + "providerName": "Microsoft-Windows-Security-Isolation-BrokeringFileSystem", + "providerGuid": "CD8B60A0-2A19-5EB9-564F-6154E2D987F4" + }, + { + "providerName": "Microsoft-Windows-Security-Kerberos", + "providerGuid": "98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1" + }, + { + "providerName": "Microsoft-Windows-Security-LessPrivilegedAppContainer", + "providerGuid": "45EEC9E5-4A1B-5446-7AD8-A4AB1313C437" + }, + { + "providerName": "Microsoft-Windows-Security-Mitigations", + "providerGuid": "FAE10392-F0AF-4AC0-B8FF-9F4D920C3CDF" + }, + { + "providerName": "Microsoft-Windows-Security-Netlogon", + "providerGuid": "E5BA83F6-07D0-46B1-8BC7-7E669A1D31DC" + }, + { + "providerName": "Microsoft-Windows-Security-SPP", + "providerGuid": "E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156" + }, + { + "providerName": "Microsoft-Windows-Security-SPP-UX", + "providerGuid": "6BDADC96-673E-468C-9F5B-F382F95B2832" + }, + { + "providerName": "Microsoft-Windows-Security-SPP-UX-GC", + "providerGuid": "BBBDD6A3-F35E-449B-A471-4D830C8EDA1F" + }, + { + "providerName": "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging", + "providerGuid": "FB829150-CD7D-44C3-AF5B-711A3C31CEDC" + }, + { + "providerName": "Microsoft-Windows-Security-SPP-UX-Notifications", + "providerGuid": "C4EFC9BB-2570-4821-8923-1BAD317D2D4B" + }, + { + "providerName": "Microsoft-Windows-Security-UserConsentVerifier", + "providerGuid": "40783728-8921-45D0-B231-919037B4B4FD" + }, + { + "providerName": "Microsoft-Windows-Security-Vault", + "providerGuid": "E6C92FB8-89D7-4D1F-BE46-D56E59804783" + }, + { + "providerName": "Microsoft-Windows-SecurityMitigationsBroker", + "providerGuid": "EA8CD8A5-78FF-4418-B292-AADC6A7181DF" + }, + { + "providerName": "Microsoft-Windows-SendTo", + "providerGuid": "35642CF5-DA5E-410B-9D9C-A45F3638042B" + }, + { + "providerName": "Microsoft-Windows-Sens", + "providerGuid": "BE69781C-B63B-41A1-8E24-A4FC7B3FC498" + }, + { + "providerName": "Microsoft-Windows-SENSE", + "providerGuid": "FAE96D09-ADE1-5223-0098-AF7B67348531" + }, + { + "providerName": "Microsoft-Windows-SenseIR", + "providerGuid": "B6D775EF-1436-4FE6-BAD3-9E436319E218" + }, + { + "providerName": "Microsoft-Windows-Sensors", + "providerGuid": "D8900E18-36CB-4548-966F-13F068D1F78E" + }, + { + "providerName": "Microsoft-Windows-Sensors-Core", + "providerGuid": "751C292B-23E6-58CF-1FD4-38F8512C66C2" + }, + { + "providerName": "Microsoft-Windows-Sensors-Core-Performance", + "providerGuid": "9E051EAA-7FEE-4F9F-8897-D86F3692E8AF" + }, + { + "providerName": "Microsoft-Windows-Serial-ClassExtension", + "providerGuid": "47BC9477-A8BA-452E-B951-4F2ED3593CF9" + }, + { + "providerName": "Microsoft-Windows-Serial-ClassExtension-V2", + "providerGuid": "EEE173EF-7ED2-45DE-9877-01C70A852FBD" + }, + { + "providerName": "Microsoft-Windows-ServiceReportingApi", + "providerGuid": "606A6A38-70EC-4309-B3A3-82FF86F73329" + }, + { + "providerName": "Microsoft-Windows-Services", + "providerGuid": "0063715B-EEDA-4007-9429-AD526F62696E" + }, + { + "providerName": "Microsoft-Windows-Services-Svchost", + "providerGuid": "06184C97-5201-480E-92AF-3A3626C5B140" + }, + { + "providerName": "Microsoft-Windows-ServiceTriggerPerfEventProvider", + "providerGuid": "6545939F-3398-411A-88B7-6A8914B8CEC7" + }, + { + "providerName": "Microsoft-Windows-Servicing", + "providerGuid": "BD12F3B8-FC40-4A61-A307-B7A013A069C1" + }, + { + "providerName": "Microsoft-Windows-Setup", + "providerGuid": "75EBC33E-997F-49CF-B49F-ECC50184B75D" + }, + { + "providerName": "Microsoft-Windows-SetupCl", + "providerGuid": "75EBC33E-D017-4D0F-93AB-0B4F86579164" + }, + { + "providerName": "Microsoft-Windows-SetupPlatform", + "providerGuid": "530FB9B9-C515-4472-9313-FB346F9255E3" + }, + { + "providerName": "Microsoft-Windows-SetupQueue", + "providerGuid": "A615ACB9-D5A4-4738-B561-1DF301D207F8" + }, + { + "providerName": "Microsoft-Windows-SetupUGC", + "providerGuid": "75EBC33E-0870-49E5-BDCE-9D7028279489" + }, + { + "providerName": "Microsoft-Windows-SharedAccess_NAT", + "providerGuid": "A6F32731-9A38-4159-A220-3D9B7FC5FE5D" + }, + { + "providerName": "Microsoft-Windows-ShareMedia-ControlPanel", + "providerGuid": "02012A8A-ADF5-4FAB-92CB-CCB7BB3E689A" + }, + { + "providerName": "Microsoft-Windows-Shell-AppWizCpl", + "providerGuid": "08D945EB-C8BD-44AA-994F-86079D8DCE35" + }, + { + "providerName": "Microsoft-Windows-Shell-AuthUI", + "providerGuid": "63D2BB1D-E39A-41B8-9A3D-52DD06677588" + }, + { + "providerName": "Microsoft-Windows-Shell-ConnectedAccountState", + "providerGuid": "6DF57621-E7E4-410F-A7E9-E43EEB61B11F" + }, + { + "providerName": "Microsoft-Windows-Shell-Core", + "providerGuid": "30336ED4-E327-447C-9DE0-51B652C86108" + }, + { + "providerName": "Microsoft-Windows-Shell-DefaultPrograms", + "providerGuid": "65D99466-7A8E-489C-B8E1-962BC945031E" + }, + { + "providerName": "Microsoft-Windows-Shell-LockScreenContent", + "providerGuid": "A3C0D58A-9FE5-4F24-A2CE-E16DE8BAA0D2" + }, + { + "providerName": "Microsoft-Windows-Shell-OpenWith", + "providerGuid": "11BD2A68-77FF-4991-9658-F451F2EB6CE1" + }, + { + "providerName": "Microsoft-Windows-Shell-Shwebsvc", + "providerGuid": "F61CEFC0-AA2E-11DA-A746-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-Shell-ZipFolder", + "providerGuid": "1F84007D-19CE-4B15-9E81-8A3DD8EB9ECB" + }, + { + "providerName": "Microsoft-Windows-ShellCommon-StartLayoutPopulation", + "providerGuid": "97CA8142-10B1-4BAA-9FBB-70A7D11231C3" + }, + { + "providerName": "Microsoft-Windows-Shsvcs", + "providerGuid": "059C3E04-5535-4929-85E1-93030E78F47B" + }, + { + "providerName": "Microsoft-Windows-SleepStudy", + "providerGuid": "D37687E7-8BF0-4D11-B589-A7ABE080756A" + }, + { + "providerName": "Microsoft-Windows-SmartCard-Audit", + "providerGuid": "09AC07B9-6AC9-43BC-A50F-58419A797C69" + }, + { + "providerName": "Microsoft-Windows-SmartCard-DeviceEnum", + "providerGuid": "AAEAC398-3028-487C-9586-44EACAD03637" + }, + { + "providerName": "Microsoft-Windows-Smartcard-Server", + "providerGuid": "4FCBF664-A33A-4652-B436-9D558983D955" + }, + { + "providerName": "Microsoft-Windows-SmartCard-TPM-VCard-Module", + "providerGuid": "125F2CF1-2768-4D33-976E-527137D080F8" + }, + { + "providerName": "Microsoft-Windows-Smartcard-Trigger", + "providerGuid": "AEDD909F-41C6-401A-9E41-DFC33006AF5D" + }, + { + "providerName": "Microsoft-Windows-SmartScreen", + "providerGuid": "3CB2A168-FE34-4A4E-BDAD-DCF422F34473" + }, + { + "providerName": "Microsoft-Windows-SMBClient", + "providerGuid": "988C59C5-0A1C-45B6-A555-0C62276E327D" + }, + { + "providerName": "Microsoft-Windows-SMBDirect", + "providerGuid": "DB66EA65-B7BB-4CA9-8748-334CB5C32400" + }, + { + "providerName": "Microsoft-Windows-SMBServer", + "providerGuid": "D48CE617-33A2-4BC3-A5C7-11AA4F29619E" + }, + { + "providerName": "Microsoft-Windows-SMBWitnessClient", + "providerGuid": "32254F6C-AA33-46F0-A5E3-1CBCC74BF683" + }, + { + "providerName": "Microsoft-Windows-SmbWmiProvider", + "providerGuid": "50B9E206-9D55-4092-92E8-F157A8235799" + }, + { + "providerName": "Microsoft-Windows-SoftwareRestrictionPolicies", + "providerGuid": "7D29D58A-931A-40AC-8743-48C733045548" + }, + { + "providerName": "Microsoft-Windows-SPB-ClassExtension", + "providerGuid": "72CD9FF7-4AF8-4B89-AEDE-5F26FDA13567" + }, + { + "providerName": "Microsoft-Windows-SPB-HIDI2C", + "providerGuid": "991F8FE6-249D-44D6-B93D-5A3060C1DEDB" + }, + { + "providerName": "Microsoft-Windows-SpecialAdministrationConsole", + "providerGuid": "8551491D-2545-5955-44BD-F5F1EFACFCDA" + }, + { + "providerName": "Microsoft-Windows-Speech-TTS", + "providerGuid": "74DCC47A-846E-4C98-9E2C-80043ED82B15" + }, + { + "providerName": "Microsoft-Windows-Speech-UserExperience", + "providerGuid": "13480A22-D79F-4334-9D32-AA239398AD3C" + }, + { + "providerName": "Microsoft-Windows-Spell-Checking", + "providerGuid": "D0E22EFC-AC66-4B25-A72D-382736B5E940" + }, + { + "providerName": "Microsoft-Windows-SpellChecker", + "providerGuid": "B2FCD41F-9A40-4150-8C92-B224B7D8C8AA" + }, + { + "providerName": "Microsoft-Windows-Spellchecking-Host", + "providerGuid": "1BDA2AB1-BBC1-4ACB-A849-C0EF2B249672" + }, + { + "providerName": "Microsoft-Windows-SruMon", + "providerGuid": "C8DBF506-E3D3-4822-930D-84C557EB6247" + }, + { + "providerName": "Microsoft-Windows-SrumTelemetry", + "providerGuid": "48D445A8-2F64-4D49-B093-A5774D8DC531" + }, + { + "providerName": "Microsoft-Windows-StartNameRes", + "providerGuid": "277C9237-51D8-5C1C-B089-F02C683E5BA7" + }, + { + "providerName": "Microsoft-Windows-StartupRepair", + "providerGuid": "C914F0DF-835A-4A22-8C70-732C9A80C634" + }, + { + "providerName": "Microsoft-Windows-StateRepository", + "providerGuid": "89592015-D996-4636-8F61-066B5D4DD739" + }, + { + "providerName": "Microsoft-Windows-stobject", + "providerGuid": "86133982-63D7-4741-928E-EF1349B80219" + }, + { + "providerName": "Microsoft-Windows-Storage-Tiering", + "providerGuid": "4A104570-EC6D-4560-A40F-858FA955E84F" + }, + { + "providerName": "Microsoft-Windows-Storage-Tiering-IoHeat", + "providerGuid": "990C55FC-2662-47F6-B7D7-EB3C027CB13F" + }, + { + "providerName": "Microsoft-Windows-StorageManagement", + "providerGuid": "7E58E69A-E361-4F06-B880-AD2F4B64C944" + }, + { + "providerName": "Microsoft-Windows-StorageManagement-PartUtil", + "providerGuid": "93DB76C2-63AB-5DE1-88B3-C068686675B8" + }, + { + "providerName": "Microsoft-Windows-StorageManagement-WSP-FS", + "providerGuid": "435F8E4B-8CC4-430E-9796-28CAE4976576" + }, + { + "providerName": "Microsoft-Windows-StorageManagement-WSP-Health", + "providerGuid": "B1F01D1A-AE3A-4940-81EE-DDCCBAD380EF" + }, + { + "providerName": "Microsoft-Windows-StorageManagement-WSP-Host", + "providerGuid": "595F33EA-D4AF-4F4D-B4DD-9DACDD17FC6E" + }, + { + "providerName": "Microsoft-Windows-StorageManagement-WSP-Spaces", + "providerGuid": "88C09888-118D-48FC-8863-E1C6D39CA4DF" + }, + { + "providerName": "Microsoft-Windows-StorageSettings", + "providerGuid": "E934E6DD-62BE-55D8-1CC8-416D0039498B" + }, + { + "providerName": "Microsoft-Windows-StorageSpaces-Api", + "providerGuid": "BCF0C6A7-6130-5208-F27D-FA77A91F12DF" + }, + { + "providerName": "Microsoft-Windows-StorageSpaces-Driver", + "providerGuid": "595F7F52-C90A-4026-A125-8EB5E083F15E" + }, + { + "providerName": "Microsoft-Windows-StorageSpaces-ManagementAgent", + "providerGuid": "AA4C798D-D91B-4B07-A013-787F5803D6FC" + }, + { + "providerName": "Microsoft-Windows-StorageSpaces-Parser", + "providerGuid": "5BCF2A5C-2E90-5A03-AA4E-2E459BAE21B4" + }, + { + "providerName": "Microsoft-Windows-StorageSpaces-SpaceManager", + "providerGuid": "69C8CA7E-1ADF-472B-BA4C-A0485986B9F6" + }, + { + "providerName": "Microsoft-Windows-StorageVolume", + "providerGuid": "C8127B86-E611-5638-63F4-AE37539084D2" + }, + { + "providerName": "Microsoft-Windows-StorDiag", + "providerGuid": "F5D05B38-80A6-4653-825D-C414E4AB3C68" + }, + { + "providerName": "Microsoft-Windows-Store", + "providerGuid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0" + }, + { + "providerName": "Microsoft-Windows-StorPort", + "providerGuid": "C4636A1E-7986-4646-BF10-7BC3B4A76E8E" + }, + { + "providerName": "Microsoft-Windows-Storsvc", + "providerGuid": "A963A23C-0058-521D-71EC-A1CCE6173F21" + }, + { + "providerName": "Microsoft-Windows-Subsys-Csr", + "providerGuid": "E8316A2D-0D94-4F52-85DD-1E15B66C5891" + }, + { + "providerName": "Microsoft-Windows-Subsys-SMSS", + "providerGuid": "43E63DA5-41D1-4FBF-ADED-1BBED98FDD1D" + }, + { + "providerName": "Microsoft-Windows-Sudo", + "providerGuid": "9D74DC62-B75F-54CD-BE9E-C28940B5FEED" + }, + { + "providerName": "Microsoft-Windows-Superfetch", + "providerGuid": "99806515-9F51-4C2F-B918-1EAE407AA8CB" + }, + { + "providerName": "Microsoft-Windows-Sysprep", + "providerGuid": "75EBC33E-77B8-4BA8-9474-4F4A9DB2F5C6" + }, + { + "providerName": "Microsoft-Windows-System-Profile-HardwareId", + "providerGuid": "3419DE6D-5D7F-4668-ACC8-F80566814D96" + }, + { + "providerName": "Microsoft-Windows-System-Restore", + "providerGuid": "126CDB97-D346-4894-8A34-658DA5EEA1B6" + }, + { + "providerName": "Microsoft-Windows-SystemEventsBroker", + "providerGuid": "B6BFCC79-A3AF-4089-8D4D-0EECB1B80779" + }, + { + "providerName": "Microsoft-Windows-SystemSettingsHandlers", + "providerGuid": "FBBD52E1-DF97-529D-4B67-53F67DA99A98" + }, + { + "providerName": "Microsoft-Windows-SystemSettingsThreshold", + "providerGuid": "8BCDF442-3070-4118-8C94-E8843BE363B3" + }, + { + "providerName": "Microsoft-Windows-TabletPC-InputPanel", + "providerGuid": "E978F84E-582D-4167-977E-32AF52706888" + }, + { + "providerName": "Microsoft-Windows-TabletPC-MathInput", + "providerGuid": "8443CCB7-FEB0-4B8D-8E28-8D4C7CB814E8" + }, + { + "providerName": "Microsoft-Windows-TabletPC-MathRecognizer", + "providerGuid": "BDB462FC-A297-49A2-BF2E-4F1809E12ABC" + }, + { + "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Core", + "providerGuid": "B5FD844A-01D4-4B10-A57F-58B13B561582" + }, + { + "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Ninput", + "providerGuid": "2C3E6D9F-8298-450F-8E5D-49B724F1216F" + }, + { + "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Wisp", + "providerGuid": "E5AA2A53-30BE-40F5-8D84-AD3F40A404CD" + }, + { + "providerName": "Microsoft-Windows-TabletPC-Platform-Manipulations", + "providerGuid": "2FD7A9A5-B1A1-4FC7-B95C-C32FED818F30" + }, + { + "providerName": "Microsoft-Windows-TaskbarCPL", + "providerGuid": "05D7B0F0-2121-4EFF-BF6B-ED3F69B894D7" + }, + { + "providerName": "Microsoft-Windows-TaskScheduler", + "providerGuid": "DE7B24EA-73C8-4A09-985D-5BDADCFA9017" + }, + { + "providerName": "Microsoft-Windows-TCPIP", + "providerGuid": "2F07E2EE-15DB-40F1-90EF-9D7BA282188A" + }, + { + "providerName": "Microsoft-Windows-TenantRestrictions", + "providerGuid": "4053FADA-178B-5AA8-746B-7CF8538B5118" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-ClientActiveXCore", + "providerGuid": "28AA95BB-D444-4719-A36F-40462168127E" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-ClientUSBDevices", + "providerGuid": "6E400999-5B82-475F-B800-CEF6FE361539" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-LocalSessionManager", + "providerGuid": "5D896912-022D-40AA-A3A8-4FA5515C76D7" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-MediaRedirection", + "providerGuid": "3F7B2F99-B863-4045-AD05-F6AFB62E7AF1" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-PnPDevices", + "providerGuid": "27A8C1E2-EB19-463E-8424-B399DF27A216" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-Printers", + "providerGuid": "952773BF-C2B7-49BC-88F4-920744B82C43" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-RdpSoundDriver", + "providerGuid": "127E0DC5-E13B-4935-985E-78FD508B1D80" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-RemoteConnectionManager", + "providerGuid": "C76BAA63-AE81-421C-B425-340B4B24157F" + }, + { + "providerName": "Microsoft-Windows-TerminalServices-ServerUSBDevices", + "providerGuid": "DCBE5AAA-16E2-457C-9337-366950045F0A" + }, + { + "providerName": "Microsoft-Windows-Tethering-Manager", + "providerGuid": "CC311F1F-623C-4CA4-BA44-A458016555E8" + }, + { + "providerName": "Microsoft-Windows-Tethering-Station", + "providerGuid": "585CAB4F-9351-436E-9D99-DC4B41A20DE0" + }, + { + "providerName": "Microsoft-Windows-TextPredictionEngine", + "providerGuid": "39A63500-7D76-49CD-994F-FFD796EF5A53" + }, + { + "providerName": "Microsoft-Windows-ThemeCPL", + "providerGuid": "61F044AF-9104-4CA5-81EE-CB6C51BB01AB" + }, + { + "providerName": "Microsoft-Windows-ThemeUI", + "providerGuid": "869FB599-80AA-485D-BCA7-DB18D72B7219" + }, + { + "providerName": "Microsoft-Windows-Thermal-Polling", + "providerGuid": "E8A7C168-81EE-465C-8E8E-D39A2AC1CA41" + }, + { + "providerName": "Microsoft-Windows-Threat-Intelligence", + "providerGuid": "F4E1897C-BB5D-5668-F1D8-040F4D8DD344" + }, + { + "providerName": "Microsoft-Windows-Time-Service", + "providerGuid": "06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB" + }, + { + "providerName": "Microsoft-Windows-Time-Service-PTP-Provider", + "providerGuid": "CFFB980E-327C-5B87-19C6-62C4C3BE2290" + }, + { + "providerName": "Microsoft-Windows-TimeBroker", + "providerGuid": "0657ADC1-9AE8-4E18-932D-E6079CDA5AB3" + }, + { + "providerName": "Microsoft-Windows-TPM-WMI", + "providerGuid": "7D5387B0-CBE0-11DA-A94D-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-TriggerEmulatorProvider", + "providerGuid": "F230D19A-5D93-47D9-A83F-53829EDFB8DF" + }, + { + "providerName": "Microsoft-Windows-Troubleshooting-Recommended", + "providerGuid": "4969DE67-439C-516F-F805-A82A4F905730" + }, + { + "providerName": "Microsoft-Windows-TSF-msctf", + "providerGuid": "4FBA1227-F606-4E5F-B9E8-FAB9AB5740F3" + }, + { + "providerName": "Microsoft-Windows-TSF-msutb", + "providerGuid": "74B655A2-8958-410E-80E2-3457051B8DFF" + }, + { + "providerName": "Microsoft-Windows-TSF-UIManager", + "providerGuid": "4DD778B8-379C-4D8C-B659-517A43D6DF7D" + }, + { + "providerName": "Microsoft-Windows-TunnelDriver", + "providerGuid": "4EDBE902-9ED3-4CF0-93E8-B8B5FA920299" + }, + { + "providerName": "Microsoft-Windows-TunnelDriver-SQM-Provider", + "providerGuid": "4214DCD2-7C33-4F74-9898-719CCCEEC20F" + }, + { + "providerName": "Microsoft-Windows-TZSync", + "providerGuid": "3527CB55-1298-49D4-AB94-1243DB0FCAFF" + }, + { + "providerName": "Microsoft-Windows-TZUtil", + "providerGuid": "2D318B91-E6E7-4C46-BD04-BFE6DB412CF9" + }, + { + "providerName": "Microsoft-Windows-UAC", + "providerGuid": "E7558269-3FA5-46ED-9F4D-3C6E282DDE55" + }, + { + "providerName": "Microsoft-Windows-UAC-FileVirtualization", + "providerGuid": "C02AFC2B-E24E-4449-AD76-BCC2C2575EAD" + }, + { + "providerName": "Microsoft-Windows-UI-Input-Inking", + "providerGuid": "BF1DB390-3E67-4D4D-A287-8958044A3DB4" + }, + { + "providerName": "Microsoft-Windows-UI-Search", + "providerGuid": "D8965FCF-7397-4E0E-B750-21A4580BD880" + }, + { + "providerName": "Microsoft-Windows-UIAnimation", + "providerGuid": "E0A40B26-30C4-4656-BC9A-74A5C3A0B2EC" + }, + { + "providerName": "Microsoft-Windows-UIAutomationCore", + "providerGuid": "820A42D8-38C4-465D-B64E-D7D56EA1D612" + }, + { + "providerName": "Microsoft-Windows-UIRibbon", + "providerGuid": "87D476FE-1A0F-4370-B785-60B028019693" + }, + { + "providerName": "Microsoft-Windows-UniversalTelemetryClient", + "providerGuid": "6489B27F-7C43-5886-1D00-0A61BB2A375B" + }, + { + "providerName": "Microsoft-Windows-URLMon", + "providerGuid": "245F975D-909D-49ED-B8F9-9A75691D6B6B" + }, + { + "providerName": "Microsoft-Windows-USB-CCID", + "providerGuid": "F708C483-4880-11E6-9121-5CF37068B67B" + }, + { + "providerName": "Microsoft-Windows-USB-MAUSBHOST", + "providerGuid": "7725B5F9-1F2E-4E21-BAEB-B2AF4690BC87" + }, + { + "providerName": "Microsoft-Windows-USB-UCMUCSICX", + "providerGuid": "569D11AA-5068-5EE5-DA22-CE541C0B1481" + }, + { + "providerName": "Microsoft-Windows-USB-UCX", + "providerGuid": "36DA592D-E43A-4E28-AF6F-4BC57C5A11E8" + }, + { + "providerName": "Microsoft-Windows-USB-USB4DeviceRouter-EventLogs", + "providerGuid": "D07E8C3F-78FB-4C22-B77C-2203D00BFDF3" + }, + { + "providerName": "Microsoft-Windows-USB-USBHUB", + "providerGuid": "7426A56B-E2D5-4B30-BDEF-B31815C1A74A" + }, + { + "providerName": "Microsoft-Windows-USB-USBHUB3", + "providerGuid": "AC52AD17-CC01-4F85-8DF5-4DCE4333C99B" + }, + { + "providerName": "Microsoft-Windows-USB-USBPORT", + "providerGuid": "C88A4EF5-D048-4013-9408-E04B7DB2814A" + }, + { + "providerName": "Microsoft-Windows-USB-USBXHCI", + "providerGuid": "30E1D284-5D88-459C-83FD-6345B39B19EC" + }, + { + "providerName": "Microsoft-Windows-User Device Registration", + "providerGuid": "23B8D46B-67DD-40A3-B636-D43E50552C6D" + }, + { + "providerName": "Microsoft-Windows-User Profiles General", + "providerGuid": "DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770" + }, + { + "providerName": "Microsoft-Windows-User Profiles Service", + "providerGuid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845" + }, + { + "providerName": "Microsoft-Windows-User-ControlPanel", + "providerGuid": "319122A9-1485-4E48-AF35-7DB2D93B8AD2" + }, + { + "providerName": "Microsoft-Windows-User-Diagnostic", + "providerGuid": "305FC87B-002A-5E26-D297-60223012CA9C" + }, + { + "providerName": "Microsoft-Windows-User-Loader", + "providerGuid": "B059B83F-D946-4B13-87CA-4292839DC2F2" + }, + { + "providerName": "Microsoft-Windows-UserAccountControl", + "providerGuid": "2683B597-3CCA-410A-97FE-6F7EE3D09B94" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-CallHistoryClient", + "providerGuid": "F5988ABB-323A-4098-8A34-85A3613D4638" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-CEMAPI", + "providerGuid": "83A9277A-D2FC-4B34-BF81-8CEB4407824F" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-PimIndexMaintenance", + "providerGuid": "99C66BA7-5A97-40D5-AA01-8A07FB3DB292" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-Poom", + "providerGuid": "0BD19909-EB6F-4B16-8074-6DCE803F091D" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-UnifiedStore", + "providerGuid": "56F519AB-9DF6-4345-8491-A4BA21AC825B" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-UserDataApis", + "providerGuid": "B9B2DE3C-3FBD-4F42-8FF7-33C3BAD35FD4" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-UserDataService", + "providerGuid": "FB19EE2C-0D22-4A2E-969E-DD41AE0CE1A9" + }, + { + "providerName": "Microsoft-Windows-UserDataAccess-UserDataUtils", + "providerGuid": "D1F688BF-012F-4AEC-A38C-E7D4649F8CD2" + }, + { + "providerName": "Microsoft-Windows-UserModePowerService", + "providerGuid": "CE8DEE0B-D539-4000-B0F8-77BED049C590" + }, + { + "providerName": "Microsoft-Windows-UserPnp", + "providerGuid": "96F4A050-7E31-453C-88BE-9634F4E02139" + }, + { + "providerName": "Microsoft-Windows-UserSettingsBackup-BackupUnitProcessor", + "providerGuid": "DC84BBF4-CDED-56EF-BF3B-E2051D5589D5" + }, + { + "providerName": "Microsoft-Windows-UserSettingsBackup-EarlyDownloader", + "providerGuid": "C675305E-51BD-5DA6-08B4-D4CB88D198F0" + }, + { + "providerName": "Microsoft-Windows-UserSettingsBackup-Orchestrator", + "providerGuid": "47AE8351-B61A-51D1-0AD0-9D870C38F53A" + }, + { + "providerName": "Microsoft-Windows-UxInit", + "providerGuid": "4154A29C-40D9-445F-8D65-24DA473E8F65" + }, + { + "providerName": "Microsoft-Windows-UxTheme", + "providerGuid": "422088E6-CD0C-4F99-BD0B-6985FA290BDF" + }, + { + "providerName": "Microsoft-Windows-VDRVROOT", + "providerGuid": "E4480490-85B6-11DD-AD8B-0800200C9A66" + }, + { + "providerName": "Microsoft-Windows-VerifyHardwareSecurity", + "providerGuid": "F3F53C76-B06D-4F15-B412-61164A0D2B73" + }, + { + "providerName": "Microsoft-Windows-VHDMP", + "providerGuid": "E2816346-87F4-4F85-95C3-0C79409AA89D" + }, + { + "providerName": "Microsoft-Windows-Video-For-Windows", + "providerGuid": "712ABB2D-D806-4B42-9682-26DA01D8B307" + }, + { + "providerName": "Microsoft-Windows-VIRTDISK", + "providerGuid": "4D20DF22-E177-4514-A369-F1759FEEDEB3" + }, + { + "providerName": "Microsoft-Windows-VolumeControl", + "providerGuid": "07DE7879-1C96-41CE-AFBD-C659A0E8E643" + }, + { + "providerName": "Microsoft-Windows-VolumeSnapshot-Driver", + "providerGuid": "67FE2216-727A-40CB-94B2-C02211EDB34A" + }, + { + "providerName": "Microsoft-Windows-VPN-Client", + "providerGuid": "3C088E51-65BE-40D1-9B90-62BFEC076737" + }, + { + "providerName": "Microsoft-Windows-VWiFi", + "providerGuid": "314B2B0D-81EE-4474-B6E0-C2AAEC0DDBDE" + }, + { + "providerName": "Microsoft-Windows-WABSyncProvider", + "providerGuid": "17F14A23-551D-40CC-A086-E4194D64ED4C" + }, + { + "providerName": "Microsoft-Windows-Wallet", + "providerGuid": "6ED11B00-C1B5-48CB-AECC-FF72EBEFBAE8" + }, + { + "providerName": "Microsoft-Windows-Watchdog-Events", + "providerGuid": "70E74DD8-39DB-5F6F-6FD1-F5581B29E834" + }, + { + "providerName": "Microsoft-Windows-Wcmsvc", + "providerGuid": "67D07935-283A-4791-8F8D-FA9117F3E6F2" + }, + { + "providerName": "Microsoft-Windows-WCN-Config-Registrar", + "providerGuid": "C100BECF-D33A-4A4B-BF23-BBEF4663D017" + }, + { + "providerName": "Microsoft-Windows-WCN-Config-Registrar-Secure", + "providerGuid": "C100BECC-D33A-4A4B-BF23-BBEF4663D017" + }, + { + "providerName": "Microsoft-Windows-WCNWiz", + "providerGuid": "E8AA5402-26A1-455E-A21B-F240ED62D155" + }, + { + "providerName": "Microsoft-Windows-WDAG-PolicyEvaluator-CSP", + "providerGuid": "64A98C25-9E00-404E-84AD-6700DFE02529" + }, + { + "providerName": "Microsoft-Windows-WDAG-PolicyEvaluator-GP", + "providerGuid": "E53DF8BA-367A-4406-98D5-709FFB169681" + }, + { + "providerName": "Microsoft-Windows-WebAuth", + "providerGuid": "DB6972B6-DDDF-4820-84B1-2ED6AC0B96E5" + }, + { + "providerName": "Microsoft-Windows-WebAuthN", + "providerGuid": "3AE1EA61-C002-47FB-B06C-4022A8C98929" + }, + { + "providerName": "Microsoft-Windows-WebcamExperience", + "providerGuid": "9E12CEB1-E3FF-46AD-A0AA-11738B122D20" + }, + { + "providerName": "Microsoft-Windows-WebdavClient-LookupServiceTrigger", + "providerGuid": "22B6D684-FA63-4578-87C9-EFFCBE6643C7" + }, + { + "providerName": "Microsoft-Windows-WebDeploy", + "providerGuid": "AB77E98E-0138-4C77-8BFB-DECD33EDFE3C" + }, + { + "providerName": "Microsoft-Windows-WebIO", + "providerGuid": "50B3E73C-9370-461D-BB9F-26F32D68887D" + }, + { + "providerName": "Microsoft-Windows-WebServices", + "providerGuid": "E04FE2E0-C6CF-4273-B59D-5C97C9C374A4" + }, + { + "providerName": "Microsoft-Windows-Websocket-Protocol-Component", + "providerGuid": "CBA5F63C-E2CF-4B36-8305-BDE1311924FC" + }, + { + "providerName": "Microsoft-Windows-WEPHOSTSVC", + "providerGuid": "D5F7235B-48E2-4E9C-92FE-0E4950ABA9E8" + }, + { + "providerName": "Microsoft-Windows-WER-Diag", + "providerGuid": "AD8AA069-A01B-40A0-BA40-948D1D8DEDC5" + }, + { + "providerName": "Microsoft-Windows-WER-PayloadHealth", + "providerGuid": "4AFDDFDE-002D-51AC-C109-C3B7897858D0" + }, + { + "providerName": "Microsoft-Windows-WER-SystemErrorReporting", + "providerGuid": "ABCE23E7-DE45-4366-8631-84FA6C525952" + }, + { + "providerName": "Microsoft-Windows-WerKernel", + "providerGuid": "87A623F0-8DB5-5C11-7C80-A2EBBCBE5189" + }, + { + "providerName": "Microsoft-Windows-WFP", + "providerGuid": "0C478C5B-0351-41B1-8C58-4A6737DA32E3" + }, + { + "providerName": "Microsoft-Windows-WHEA-Logger", + "providerGuid": "C26C4F3C-3F66-4E99-8F8A-39405CFED220" + }, + { + "providerName": "Microsoft-Windows-WiFiDisplay", + "providerGuid": "712880E9-7813-41A3-8E4C-E4E0C4F6580A" + }, + { + "providerName": "Microsoft-Windows-WiFiHotspotService", + "providerGuid": "814182FE-58F7-11E1-853C-78E7D1CA7337" + }, + { + "providerName": "Microsoft-Windows-WiFiNetworkManager", + "providerGuid": "E5C16D49-2464-4382-BB20-97A4B5465DB9" + }, + { + "providerName": "Microsoft-Windows-Win32k", + "providerGuid": "8C416C79-D49B-4F01-A467-E56D3AA8234C" + }, + { + "providerName": "Microsoft-Windows-Windeploy", + "providerGuid": "75EBC33E-C8AE-4F93-9CA1-683A53E20CB6" + }, + { + "providerName": "Microsoft-Windows-Windows Defender", + "providerGuid": "11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78" + }, + { + "providerName": "Microsoft-Windows-Windows Firewall With Advanced Security", + "providerGuid": "D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85" + }, + { + "providerName": "Microsoft-Windows-WindowsBackup", + "providerGuid": "01979C6A-42FA-414C-B8AA-EEE2C8202018" + }, + { + "providerName": "Microsoft-Windows-WindowsColorSystem", + "providerGuid": "D53270E3-C8CF-4707-958A-DAD20C90073C" + }, + { + "providerName": "Microsoft-Windows-WindowsSystemAssessmentTool", + "providerGuid": "11A75546-3234-465E-BEC8-2D301CB501AC" + }, + { + "providerName": "Microsoft-Windows-WindowsToGo-StartupOptions", + "providerGuid": "2E6CB42E-161D-413B-A6C1-84CA4C1E5890" + }, + { + "providerName": "Microsoft-Windows-WindowsUIImmersive", + "providerGuid": "74827CBB-1E0F-45A2-8523-C605866D2F22" + }, + { + "providerName": "Microsoft-Windows-WindowsUpdateClient", + "providerGuid": "945A8954-C147-4ACD-923F-40C45405A658" + }, + { + "providerName": "Microsoft-Windows-WinHttp", + "providerGuid": "7D44233D-3055-4B9C-BA64-0D47CA40A232" + }, + { + "providerName": "Microsoft-Windows-WinHttp-Diagnostics", + "providerGuid": "64DE121B-5F08-5853-AB48-7758F2EA2DD3" + }, + { + "providerName": "Microsoft-Windows-WinHttp-Pca", + "providerGuid": "D071CE03-0D7B-5B27-E817-B9C12961934E" + }, + { + "providerName": "Microsoft-Windows-WinINet", + "providerGuid": "43D1A55C-76D6-4F7E-995C-64C711E5CAFE" + }, + { + "providerName": "Microsoft-Windows-WinINet-Capture", + "providerGuid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B" + }, + { + "providerName": "Microsoft-Windows-WinINet-Config", + "providerGuid": "5402E5EA-1BDD-4390-82BE-E108F1E634F5" + }, + { + "providerName": "Microsoft-Windows-WinINet-Pca", + "providerGuid": "4860EA43-3F05-5FB8-20CE-7BA346A44747" + }, + { + "providerName": "Microsoft-Windows-Wininit", + "providerGuid": "206F6DEA-D3C5-4D10-BC72-989F03C8B84B" + }, + { + "providerName": "Microsoft-Windows-Winlogon", + "providerGuid": "DBE9B383-7CF3-4331-91CC-A3CB16A3B538" + }, + { + "providerName": "Microsoft-Windows-WinMDE", + "providerGuid": "77549803-7BB1-418B-A98E-F2E22F35A873" + }, + { + "providerName": "Microsoft-Windows-WinML", + "providerGuid": "C8517E09-BEA2-5BB6-BEF3-50B4C91C431E" + }, + { + "providerName": "Microsoft-Windows-WinNat", + "providerGuid": "66C07ECD-6667-43FC-93F8-05CF07F446EC" + }, + { + "providerName": "Microsoft-Windows-WinREAgent", + "providerGuid": "1F7A6C55-5532-573B-35B7-2107E43A6EF5" + }, + { + "providerName": "Microsoft-Windows-WinRM", + "providerGuid": "A7975C8F-AC13-49F1-87DA-5A984A4AB417" + }, + { + "providerName": "Microsoft-Windows-WinRT-Error", + "providerGuid": "A86F8471-C31D-4FBC-A035-665D06047B03" + }, + { + "providerName": "Microsoft-Windows-Winsock-AFD", + "providerGuid": "E53C6823-7BB8-44BB-90DC-3F86090D48A6" + }, + { + "providerName": "Microsoft-Windows-Winsock-NameResolution", + "providerGuid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56" + }, + { + "providerName": "Microsoft-Windows-Winsock-Sockets", + "providerGuid": "BDE46AEA-2357-51FE-7367-D5296F530BD1" + }, + { + "providerName": "Microsoft-Windows-Winsock-SQM", + "providerGuid": "093DA50C-0BB9-4D7D-B95C-3BB9FCDA5EE8" + }, + { + "providerName": "Microsoft-Windows-Winsock-WS2HELP", + "providerGuid": "D5C25F9A-4D47-493E-9184-40DD397A004D" + }, + { + "providerName": "Microsoft-Windows-Winsrv", + "providerGuid": "9D55B53D-449B-4824-A637-24F9D69AA02F" + }, + { + "providerName": "Microsoft-Windows-Wired-AutoConfig", + "providerGuid": "B92CF7FD-DC10-4C6B-A72D-1613BF25E597" + }, + { + "providerName": "Microsoft-Windows-WLAN-AutoConfig", + "providerGuid": "9580D7DD-0379-4658-9870-D5BE7D52D6DE" + }, + { + "providerName": "Microsoft-Windows-WLAN-Driver", + "providerGuid": "DAA6A96B-F3E7-4D4D-A0D6-31A350E6A445" + }, + { + "providerName": "Microsoft-Windows-WlanDlg", + "providerGuid": "D4AFA0DC-4DD1-40AF-AFCE-CB0D0E6736A7" + }, + { + "providerName": "Microsoft-Windows-WlanPref", + "providerGuid": "CA5BA219-C0D4-4EFA-9CEB-72AFF92672B0" + }, + { + "providerName": "Microsoft-Windows-WLGPA", + "providerGuid": "46098845-8A94-442D-9095-366A6BCFEFA9" + }, + { + "providerName": "Microsoft-Windows-wmbclass", + "providerGuid": "12D25187-6C0D-4783-AD3A-84CAA135ACFD" + }, + { + "providerName": "Microsoft-Windows-Wmbclass-Opn", + "providerGuid": "A42FE227-A7BF-4483-A502-6BCDA428CD96" + }, + { + "providerName": "Microsoft-Windows-WMI", + "providerGuid": "1EDEEE53-0AFE-4609-B846-D8C0B2075B1F" + }, + { + "providerName": "Microsoft-Windows-WMI-Activity", + "providerGuid": "1418EF04-B0B4-4623-BF7E-D74AB47BBDAA" + }, + { + "providerName": "Microsoft-Windows-WMP", + "providerGuid": "F3F14FF3-7B80-4868-91D0-D77E497B025E" + }, + { + "providerName": "Microsoft-Windows-WMP-Setup_WM", + "providerGuid": "0D759F0F-CFF9-4902-8867-EB9E29D7A98B" + }, + { + "providerName": "Microsoft-Windows-WMPDMCUI", + "providerGuid": "3F9E07BD-0E26-4241-A5A5-28CAFA150A75" + }, + { + "providerName": "Microsoft-Windows-WMPNSS-PublicAPI", + "providerGuid": "614696C9-85AF-4E64-B389-D2C0DB4FF87B" + }, + { + "providerName": "Microsoft-Windows-WMPNSS-Service", + "providerGuid": "6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C" + }, + { + "providerName": "Microsoft-Windows-WMPNSSUI", + "providerGuid": "7C314E58-8246-47D1-8F7A-4049DC543E0B" + }, + { + "providerName": "Microsoft-Windows-wmvdecod", + "providerGuid": "55BACC9F-9AC0-46F5-968A-A5A5DD024F8A" + }, + { + "providerName": "Microsoft-Windows-WMVENCOD", + "providerGuid": "313B0545-BF9C-492E-9173-8DE4863B8573" + }, + { + "providerName": "Microsoft-Windows-WorkFolders", + "providerGuid": "34A3697E-0F10-4E48-AF3C-F869B5BABEBB" + }, + { + "providerName": "Microsoft-Windows-Workplace Join", + "providerGuid": "76AB12D5-C986-4E60-9D7C-2A092B284CDD" + }, + { + "providerName": "Microsoft-Windows-WPD-API", + "providerGuid": "31569DCF-9C6F-4B8E-843A-B7C1CC7FFCBA" + }, + { + "providerName": "Microsoft-Windows-WPD-CompositeClassDriver", + "providerGuid": "355C44FE-0C8E-4BF8-BE28-8BC7B5A42720" + }, + { + "providerName": "Microsoft-Windows-WPD-MTPBT", + "providerGuid": "92AB58D3-F351-4AF5-9C72-D52F36EE2C92" + }, + { + "providerName": "Microsoft-Windows-WPD-MTPClassDriver", + "providerGuid": "21B7C16E-C5AF-4A69-A74A-7245481C1B97" + }, + { + "providerName": "Microsoft-Windows-WPD-MTPIP", + "providerGuid": "C374D21E-69B2-4CD7-9A25-62187C5A5619" + }, + { + "providerName": "Microsoft-Windows-WPD-MTPUS", + "providerGuid": "DCFC4489-9CE0-403C-99DF-A05422C60898" + }, + { + "providerName": "Microsoft-Windows-WPDClassInstaller", + "providerGuid": "AD5162D8-DAF0-4A25-88A7-01CBEB33902E" + }, + { + "providerName": "Microsoft-Windows-WSC-SRV", + "providerGuid": "5857D6CA-9732-4454-809B-2A87B70881F8" + }, + { + "providerName": "Microsoft-Windows-WUSA", + "providerGuid": "09608C12-C1DA-4104-A6FE-B959CF57560A" + }, + { + "providerName": "Microsoft-Windows-WWAN-MM-EVENTS", + "providerGuid": "7839BB2A-2EA3-4ECA-A00F-B558BA678BEC" + }, + { + "providerName": "Microsoft-Windows-WWAN-NDISUIO-EVENTS", + "providerGuid": "B3EEE223-D0A9-40CD-ADFC-50F1888138AB" + }, + { + "providerName": "Microsoft-Windows-WWAN-SVC-EVENTS", + "providerGuid": "3CB40AAA-1145-4FB8-B27B-7E30F0454316" + }, + { + "providerName": "Microsoft-Windows-WwanClient_0ca4cac9670d3ec454b4175eb8aa80b3", + "providerGuid": "0CA4CAC9-670D-3EC4-54B4-175EB8AA80B3" + }, + { + "providerName": "Microsoft-Windows-WwanProtDim_e72a6a5d74743941a6fa83201a9f8ef4", + "providerGuid": "E72A6A5D-7474-3941-A6FA-83201A9F8EF4" + }, + { + "providerName": "Microsoft-Windows-XAML", + "providerGuid": "531A35AB-63CE-4BCF-AA98-F88C7A89E455" + }, + { + "providerName": "Microsoft-Windows-XAML-Diagnostics", + "providerGuid": "59E7A714-73A4-4147-B47E-0957048C75C4" + }, + { + "providerName": "Microsoft-Windows-XAudio2", + "providerGuid": "1EE3ABDB-C1FC-4B43-9E56-11064ABBA866" + }, + { + "providerName": "Microsoft-Windows-XWizards", + "providerGuid": "777BA8FE-2498-4875-933A-3067DE883070" + }, + { + "providerName": "Microsoft-Windows-ZTDNS", + "providerGuid": "8507CD07-F18B-54F0-B871-23C43A5BF118" + }, + { + "providerName": "Microsoft-Windows-ZTHELPER", + "providerGuid": "40E3FC75-59E8-5443-47CB-A1E1B197FDE0" + }, + { + "providerName": "Microsoft-Windows-ZTraceMaps", + "providerGuid": "B865B57B-BDDA-4E1D-A2C8-ADFA69FE6AB9" + }, + { + "providerName": "Microsoft-WindowsAzure-Diagnostics", + "providerGuid": "9148C98F-152C-44D3-A496-26350C475D74" + }, + { + "providerName": "Microsoft-WindowsAzure-Status", + "providerGuid": "9E3B8BEE-15EB-444B-A692-BAB4546644F2" + }, + { + "providerName": "Microsoft-WindowsPhone-ConfigManager2", + "providerGuid": "2F94E1CC-A8C5-4FE7-A1C3-53D7BDA8E73E" + }, + { + "providerName": "Microsoft-WindowsPhone-CoreMessaging", + "providerGuid": "922CDCF3-6123-42DA-A877-1A24F23E39C5" + }, + { + "providerName": "Microsoft-WindowsPhone-CoreUIComponents", + "providerGuid": "A0B7550F-4E9A-4F03-AD41-B8042D06A2F7" + }, + { + "providerName": "Microsoft-WindowsPhone-Ufx", + "providerGuid": "E98EBDBF-3058-4784-8521-47860B1D2B8E" + }, + { + "providerName": "Microsoft-WindowsPhone-UfxSynopsys", + "providerGuid": "49B12C7C-4BD5-4F93-BB75-30FCE739600B" + }, + { + "providerName": "Microsoft.Windows.HyperV.GpupVDev", + "providerGuid": "C3A331B2-AF4F-5472-FD2F-4313035C4E77" + }, + { + "providerName": "Microsoft.Windows.HyperV.VmIcCore", + "providerGuid": "E5EA3CA6-5EB0-597D-504A-2FD09CCDEFDA" + }, + { + "providerName": "Microsoft.Windows.ResourceManager", + "providerGuid": "4180C4F7-E238-5519-338F-EC214F0B49AA" + }, + { + "providerName": "Microsoft_SideCar", + "providerGuid": "1DB28F2E-8F80-4027-8C5A-A11F7F10F62D" + }, + { + "providerName": "MMC", + "providerGuid": "9C88041D-349D-4647-8BFD-2C0A167BFE58" + }, + { + "providerName": "Mobility Center Performance Trace", + "providerGuid": "8A8B5246-6EB6-4339-8B59-B0085B9F4890" + }, + { + "providerName": "Mobility Center Trace", + "providerGuid": "082DFF20-F430-11D9-8CD6-0800200C9A66" + }, + { + "providerName": "Mount Manager Trace", + "providerGuid": "467C1914-37F0-4C7D-B6DB-5CD7DFE7BD5E" + }, + { + "providerName": "MSADCE.1", + "providerGuid": "76DBA919-5A36-FC80-2CAD-3185532B7CB1" + }, + { + "providerName": "MSADCF.1", + "providerGuid": "101C0E21-EBBA-A60A-EC3D-58797788928A" + }, + { + "providerName": "MSADCO.1", + "providerGuid": "5C6CE734-1B3E-705E-C2AB-B272D99AAF8F" + }, + { + "providerName": "MSADDS.1", + "providerGuid": "13CD7F92-5BAA-8C7C-3D72-B69FAC139A46" + }, + { + "providerName": "MSADOX.1", + "providerGuid": "6C770D53-0441-AFD4-DCAB-1D89155FECFC" + }, + { + "providerName": "MSDADIAG.ETW", + "providerGuid": "8B98D3F2-3CC6-0B9C-6651-9649CCE5C752" + }, + { + "providerName": "MSDAPRST.1", + "providerGuid": "64A552E0-6C60-B907-E59C-10F1DFF76B0D" + }, + { + "providerName": "MSDAREM.1", + "providerGuid": "564F1E24-FC86-28E1-74F8-5CA0D950BEE0" + }, + { + "providerName": "MSDART.1", + "providerGuid": "CEB7253C-BB96-9DFE-51D1-53D966D0CF8B" + }, + { + "providerName": "MSDASQL_1", + "providerGuid": "B6501BA0-C61A-C4E6-6FA2-A4E7F8C8E7A0" + }, + { + "providerName": "MSDATL3.1", + "providerGuid": "87B93A44-1F73-EC83-7261-2DFC972D9B1E" + }, + { + "providerName": "msiscsi_iScsi", + "providerGuid": "1BABEFB4-59CB-49E5-9698-FD38AC830A91" + }, + { + "providerName": "MUI Resource Trace", + "providerGuid": "D3DE60B2-A663-45D5-9826-A0A5949D2CB0" + }, + { + "providerName": "Native WIFI Filter Driver Trace", + "providerGuid": "D905AC1C-65E7-4242-99EA-FE66A8355DF8" + }, + { + "providerName": "Native WIFI MSM Trace", + "providerGuid": "D905AC1D-65E7-4242-99EA-FE66A8355DF8" + }, + { + "providerName": "NetJoin", + "providerGuid": "9741FD4E-3757-479F-A3C6-FC49F6D5EDD0" + }, + { + "providerName": "Network Location Awareness Trace", + "providerGuid": "1AC55562-D4FF-4BC5-8EF3-A18E07C4668E" + }, + { + "providerName": "Network Profile Manager", + "providerGuid": "D9131565-E1DD-4C9E-A728-951999C2ADB5" + }, + { + "providerName": "NisDrvWFP Provider", + "providerGuid": "49D6AD7B-52C4-4F79-A164-4DCD908391E4" + }, + { + "providerName": "Ntfs", + "providerGuid": "DD70BC80-EF44-421B-8AC3-CD31DA613A4E" + }, + { + "providerName": "Ntfs_NtfsLog", + "providerGuid": "B2FC00C4-2941-4D11-983B-B16E8AA4E25D" + }, + { + "providerName": "NTLM Security Protocol", + "providerGuid": "C92CF544-91B3-4DC0-8E11-C580339A0BF8" + }, + { + "providerName": "ODBC.1", + "providerGuid": "F34765F6-A1BE-4B9D-1400-B8A12921F704" + }, + { + "providerName": "ODBCBCP.1", + "providerGuid": "932B59F1-90C2-D8BA-0956-3975C344AE2B" + }, + { + "providerName": "OfficeAirSpace", + "providerGuid": "F562BB8E-422D-4B5C-B20E-90D710F7D11C" + }, + { + "providerName": "OfficeLoggingLiblet", + "providerGuid": "F50D9315-E17E-43C1-8370-3EDF6CC057BE" + }, + { + "providerName": "OLEDB.1", + "providerGuid": "0DD082C4-66F2-271F-74BA-2BF1F9F65C66" + }, + { + "providerName": "OpenSSH", + "providerGuid": "C4B57D35-0636-4BC3-A262-370F249F9802" + }, + { + "providerName": "PNPX AssocDB Trace", + "providerGuid": "7311AD03-18D6-45AC-9B08-B020BDD6A590" + }, + { + "providerName": "Portable Device Connectivity API Trace", + "providerGuid": "02FE721A-0725-469E-A26D-37B3C09FAAC1" + }, + { + "providerName": "PowerShellCore", + "providerGuid": "F90714A8-5509-434A-BF6D-B1624C8A19A2" + }, + { + "providerName": "PrintFilterPipelineSvc_ObjectsGuid", + "providerGuid": "AEFE45F4-8548-42B4-B1C8-25673B07AD8B" + }, + { + "providerName": "Refsv1WppTrace", + "providerGuid": "6D2FD9C5-8BD8-4A5D-8AA8-01E5C3B2AE23" + }, + { + "providerName": "RefsWppTrace", + "providerGuid": "740F3C34-57DF-4BAD-8EEA-72AC69AD5DF5" + }, + { + "providerName": "RmClient_RestartManager", + "providerGuid": "0888E5EF-9B98-4695-979D-E92CE4247224" + }, + { + "providerName": "RowsetHelper.1", + "providerGuid": "74A75B02-36D8-EDE6-D10E-95B691503408" + }, + { + "providerName": "RSS Platform Backgroundsync Perf Trace", + "providerGuid": "CA1CF55C-9E49-4AD3-8038-39CB6F66AF11" + }, + { + "providerName": "RSS Platform Backgroundsync Trace", + "providerGuid": "F59D1D86-CC03-4736-BC9C-4C7936871B3D" + }, + { + "providerName": "RSS Platform Perf Trace", + "providerGuid": "2B240425-3141-43EE-931F-EC9F997C7D7E" + }, + { + "providerName": "RSS Platform Trace", + "providerGuid": "8C50FA6E-394E-4B47-B6D1-A880A5F225A2" + }, + { + "providerName": "RuntimeInstaller", + "providerGuid": "417879EB-0EFB-4A9A-87EF-B9B55086AAF1" + }, + { + "providerName": "RuntimeRestServer", + "providerGuid": "EC93ADF0-A939-4E61-B96D-BFA285EBA2D5" + }, + { + "providerName": "SBP2 Port Driver Tracing Provider", + "providerGuid": "6710597F-7319-4AAE-9B85-C8D87136A56B" + }, + { + "providerName": "Schannel", + "providerGuid": "1F678132-5938-4686-9FDC-C8FF68F15C85" + }, + { + "providerName": "SD Bus Trace", + "providerGuid": "3B9E3DA4-70B8-46D3-9EF2-3DDF128BDED8" + }, + { + "providerName": "Security: Kerberos Authentication", + "providerGuid": "6B510852-3583-4E2D-AFFE-A67F9F223438" + }, + { + "providerName": "Security: NTLM Authentication", + "providerGuid": "5BBB6C18-AA45-49B1-A15F-085F7ED0AA90" + }, + { + "providerName": "Security: SChannel", + "providerGuid": "37D2C3CD-C5D4-4587-8531-4696C44244C8" + }, + { + "providerName": "Security: TSPkg", + "providerGuid": "6165F3E2-AE38-45D4-9B23-6B4818758BD9" + }, + { + "providerName": "Security: WDigest", + "providerGuid": "FB6A424F-B5D6-4329-B9D5-A975B3A93EAD" + }, + { + "providerName": "Sensor ClassExtension Trace", + "providerGuid": "A1E89BB0-EF73-4980-8C99-DD15F7271D7E" + }, + { + "providerName": "Service Control Manager", + "providerGuid": "555908D1-A6D7-4695-8E1E-26931D2012F4" + }, + { + "providerName": "Service Control Manager Trace", + "providerGuid": "EBCCA1C2-AB46-4A1D-8C2A-906C2FF25F39" + }, + { + "providerName": "ServiceRuntime", + "providerGuid": "3A867E2E-2C45-4B6C-9654-D7575E57F3CF" + }, + { + "providerName": "SQLOLEDB_1", + "providerGuid": "C5BFFE2E-9D87-D568-A09E-08FC83D0C7C2" + }, + { + "providerName": "SQLSRV32.1", + "providerGuid": "4B647745-F438-0A42-F870-5DBD29949C99" + }, + { + "providerName": "TCPIP Service Trace", + "providerGuid": "EB004A05-9B1A-11D4-9123-0050047759BC" + }, + { + "providerName": "Telemetry", + "providerGuid": "7C203661-7420-49DE-B8E0-7CC5878EBED0" + }, + { + "providerName": "TerminalServer-MediaFoundationPlugin", + "providerGuid": "4199EE71-D55D-47D7-9F57-34A1D5B2C904" + }, + { + "providerName": "Thread Pool", + "providerGuid": "C861D0E2-A2C1-4D36-9F9C-970BAB943A12" + }, + { + "providerName": "TPM", + "providerGuid": "1B6B0772-251B-4D42-917D-FACA166BC059" + }, + { + "providerName": "TransparentInstaller", + "providerGuid": "747C00B6-F0B4-438C-8B48-F3E5D7ED38A2" + }, + { + "providerName": "TS Client ActiveX Control Trace", + "providerGuid": "DAA6CAF5-6678-43F8-A6FE-B40EE096E06E" + }, + { + "providerName": "TS Client Trace", + "providerGuid": "0C51B20C-F755-48A8-8123-BF6DA2ADC727" + }, + { + "providerName": "TS Rdp Init Trace", + "providerGuid": "C127C1A8-6CEB-11DA-8BDE-F66BAD1E3F3A" + }, + { + "providerName": "TS RDP Shell Trace", + "providerGuid": "BFA655DC-6C51-11DA-8BDE-F66BAD1E3F3A" + }, + { + "providerName": "TS Rdp Sound End Point Trace", + "providerGuid": "5A966D1C-6B48-11DA-8BDE-F66BAD1E3F3A" + }, + { + "providerName": "UMB Trace", + "providerGuid": "96AB095A-9519-4F5C-81EE-C510B0A45463" + }, + { + "providerName": "UmBus Driver Trace", + "providerGuid": "F9BE9C98-10DB-4318-BB61-CB0DDEA08BF7" + }, + { + "providerName": "UMDF - Driver Manager Trace", + "providerGuid": "485E7DEA-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Framework Trace", + "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Host Process Trace", + "providerGuid": "485E7DF0-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Lpc Driver Trace", + "providerGuid": "485E7DED-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Lpc Trace", + "providerGuid": "485E7DEF-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Platform Library Trace", + "providerGuid": "485E7DE8-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Reflector Trace", + "providerGuid": "485E7DEE-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - Test Trace", + "providerGuid": "485E7DEB-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMDF - WDF Core", + "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "UMPass Driver Trace", + "providerGuid": "FF9E2BDD-0E24-437C-84BE-7CFCAE635808" + }, + { + "providerName": "USB Storage Driver Tracing Provider", + "providerGuid": "72FB9358-A9B3-41E0-AE41-E8DECA41E3A8" + }, + { + "providerName": "User-mode PnP Manager Trace", + "providerGuid": "A676B545-4CFB-4306-A067-502D9A0F2220" + }, + { + "providerName": "User32", + "providerGuid": "B0AA8734-56F7-41CC-B2F4-DE228E98B946" + }, + { + "providerName": "Volsnap", + "providerGuid": "CB017CD2-1F37-4E65-82BC-3E91F6A37559" + }, + { + "providerName": "VSS tracing provider", + "providerGuid": "9138500E-3648-4EDB-AA4C-859E9F7B7C38" + }, + { + "providerName": "Windows Connect Now", + "providerGuid": "C100BECE-D33A-4A4B-BF23-BBEF4663D017" + }, + { + "providerName": "Windows Defender Firewall API", + "providerGuid": "28C9F48F-D244-45A8-842F-DC9FBC9B6E92" + }, + { + "providerName": "Windows Defender Firewall API - GP", + "providerGuid": "0EFF663F-8B6E-4E6D-8182-087A8EAA29CB" + }, + { + "providerName": "Windows Defender Firewall Driver", + "providerGuid": "D5E09122-D0B2-4235-ADC1-C89FAAAF1069" + }, + { + "providerName": "Windows Defender Firewall NetShell Plugin", + "providerGuid": "28C9F48F-D244-45A8-842F-DC9FBC9B6E94" + }, + { + "providerName": "Windows Defender Firewall Service", + "providerGuid": "5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D" + }, + { + "providerName": "Windows Error Reporting", + "providerGuid": "0EAD09BD-2157-539A-8D6D-C87F95B64D70" + }, + { + "providerName": "Windows Kernel Trace", + "providerGuid": "9E814AAD-3204-11D2-9A82-006008A86939" + }, + { + "providerName": "Windows Media Player Trace", + "providerGuid": "A9C1A3B7-54F3-4724-ADCE-58BC03E3BC78" + }, + { + "providerName": "Windows NetworkItemFactory Trace", + "providerGuid": "D2A60D61-0F87-4673-A86C-9C461457FE27" + }, + { + "providerName": "Windows Notification Facility Provider", + "providerGuid": "42695762-EA50-497A-9068-5CBBB35E0B95" + }, + { + "providerName": "Windows Remote Management Trace", + "providerGuid": "04C6E16D-B99F-4A3A-9B3E-B8325BBC781E" + }, + { + "providerName": "Windows Wininit Trace", + "providerGuid": "C2BA06E2-F7CE-44AA-9E7E-62652CDEFE97" + }, + { + "providerName": "Windows Winlogon Trace", + "providerGuid": "D451642C-63A6-11D7-9720-00B0D03E0347" + }, + { + "providerName": "Windows-ApplicationModel-Store-SDK", + "providerGuid": "FF79A477-C45F-4A52-8AE0-2B324346D4E4" + }, + { + "providerName": "WindowsAzure-GuestAgent-Diagnostic", + "providerGuid": "DE49CBBE-8388-4C87-8310-2F9EC1338BDE" + }, + { + "providerName": "WindowsAzure-GuestAgent-Metrics", + "providerGuid": "FFF0196F-EE4C-4EAF-9AA5-776F622DEB4F" + }, + { + "providerName": "WindowsAzure-GuestAgent-Status", + "providerGuid": "69B669B9-4AF8-4C50-BDC4-6006FA76E975" + }, + { + "providerName": "WindowsAzureGuestAgent", + "providerGuid": "3000B92B-CA8B-4269-90EA-C4185EE09E92" + }, + { + "providerName": "WINSATAPI_ETW_PROVIDER", + "providerGuid": "617853D6-728B-4B59-8A78-C3A9A5EADE92" + }, + { + "providerName": "winsrvext", + "providerGuid": "2B9537F0-4A90-557B-1313-D0CE2827A94A" + }, + { + "providerName": "Wireless Client Trace", + "providerGuid": "8A3CF0B5-E0BC-450B-AE4B-61728FFA1D58" + }, + { + "providerName": "WLAN AutoConfig Trace", + "providerGuid": "0C5A3172-2248-44FD-B9A6-8389CB1DC56A" + }, + { + "providerName": "WLAN Diagnostics Trace", + "providerGuid": "637A0F36-DFF5-4B2F-83DD-B106C1C725E2" + }, + { + "providerName": "WLAN Dialog Trace", + "providerGuid": "520319A9-B932-4EC7-943C-61E560939101" + }, + { + "providerName": "WLAN Extensibility Trace", + "providerGuid": "E2EB5B52-08B1-4391-B670-F58317376247" + }, + { + "providerName": "WMI_Tracing", + "providerGuid": "1FF6B227-2CA7-40F9-9A66-980EADAA602E" + }, + { + "providerName": "WMI_Tracing_Client_Operations", + "providerGuid": "8E6B6962-AB54-4335-8229-3255B919DD0E" + }, + { + "providerName": "WMP Network Sharing API", + "providerGuid": "8ED60A3A-8C12-49C5-A518-FDF451BC10FC" + }, + { + "providerName": "WMP Network Sharing Service", + "providerGuid": "A7EB57F6-145E-4F18-BD75-DBBF6F7E23A7" + }, + { + "providerName": "WMP Network Sharing Taskbar", + "providerGuid": "D804A67F-4C25-43C1-896F-89FF78B3A911" + }, + { + "providerName": "WPD API Trace", + "providerGuid": "C3C5D8AF-2FD5-4500-A8E7-379C2D0BBE2E" + }, + { + "providerName": "WPD Bluetooth MTP Emumerator Driver Trace", + "providerGuid": "4B6EFB94-30EA-49A7-BB29-E9ED9DCE67DA" + }, + { + "providerName": "WPD BusEnumService Trace", + "providerGuid": "0381564E-D5CB-4E48-AB35-BE24389B0F59" + }, + { + "providerName": "WPD ClassExtension Trace", + "providerGuid": "A0A352C5-B8EC-41E9-9936-8452C1C0A6CF" + }, + { + "providerName": "WPD ClassInstaller Trace", + "providerGuid": "45350D79-4497-42F1-BD1B-83587575B91A" + }, + { + "providerName": "WPD FSDriver Trace", + "providerGuid": "1311095B-B9FF-497A-8560-2F43CA5438E4" + }, + { + "providerName": "WPD MTPDriver Trace", + "providerGuid": "97496DDA-C211-4FFE-B1B1-68E6E98EBC38" + }, + { + "providerName": "WPD ShellExtension Trace", + "providerGuid": "A42C7BD1-5AF3-4B32-9BC6-B85EB31D3F4A" + }, + { + "providerName": "WPD ShellServiceObject Trace", + "providerGuid": "1AB5AC29-037F-43A1-9484-78C9DB61F869" + }, + { + "providerName": "WPD Types Trace", + "providerGuid": "58E8F67D-29E9-456C-B23D-C6489E341BB0" + }, + { + "providerName": "WPD WiaCompat Trace", + "providerGuid": "B809F4FF-3023-473C-971B-AB594429EA57" + }, + { + "providerName": "WPD WMDMCompat Trace", + "providerGuid": "17ABF473-982C-4D0E-B502-3A59D89E71DE" + }, + { + "providerName": "WSAT_TraceProvider", + "providerGuid": "7F3FE630-462B-47C5-AB07-67CA84934ABD" + }, + { + "providerName": "Wudfx02000_KmdfTraceGuid", + "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" + }, + { + "providerName": "XWizard Framework", + "providerGuid": "777BA8FF-2498-4875-933A-3067DE883070" + } + ] +} \ No newline at end of file diff --git a/internal/uvm/etw/provider_map.go b/internal/uvm/etw/provider_map.go new file mode 100644 index 0000000000..a647ae1f72 --- /dev/null +++ b/internal/uvm/etw/provider_map.go @@ -0,0 +1,279 @@ +package etw + +import ( + "embed" + "encoding/base64" + "encoding/json" + "fmt" + "strings" + "sync" +) + +//go:embed etw-map.json +//go:embed default-logsources.json + +var etwFS embed.FS +var listFS embed.FS + +const ( + EtwMapFileName = "etw-map.json" + DefaultLogSourcesFile = "default-logsources.json" +) + +var ( + onceLists sync.Once + onceListMap sync.Once + defaultLogSources LogSourcesInfo + defaultLogSourcesWithMap LogSourcesInfo +) + +var ( + onceProvider sync.Once + nameToGUID map[string]string // STATIC + guidToName map[string]string // STATIC +) + +// Log Sources JSON structure +type LogSourcesInfo struct { + LogConfig LogConfig `json:"LogConfig"` +} + +type LogConfig struct { + Sources []Source `json:"sources"` +} + +type Source struct { + Type string `json:"type"` + Providers []EtwProvider `json:"providers"` +} + +type EtwProvider struct { + ProviderName string `json:"providerName,omitempty"` + ProviderGuid string `json:"providerGuid,omitempty"` + Level string `json:"level,omitempty"` + Keywords string `json:"keywords,omitempty"` +} + +// ETW - Map JSON structure +type EtwInfo struct { + EtwMap []EtwProviderMap `json:"EtwProviderMap"` +} + +type EtwProviderMap struct { + ProviderName string `json:"providerName"` + ProviderGuid string `json:"providerGuid"` +} + +// NormalizeGuid takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID. +func NormalizeGuid(in string) (string, error) { + s := strings.TrimSpace(in) + s = strings.TrimPrefix(s, "{") + s = strings.TrimSuffix(s, "}") + s = strings.TrimSpace(s) + + compact := strings.ReplaceAll(s, "-", "") + if len(compact) != 32 { + return "", fmt.Errorf("GUID %q has invalid length after normalization (%d, want 32 hex chars)", in, len(compact)) + } + + for i := 0; i < len(compact); i++ { + c := compact[i] + isHex := (c >= '0' && c <= '9') || + (c >= 'a' && c <= 'f') || + (c >= 'A' && c <= 'F') + if !isHex { + return "", fmt.Errorf("GUID %q contains non-hex character %q", in, c) + } + } + + compact = strings.ToUpper(compact) + return compact[0:8] + "-" + + compact[8:12] + "-" + + compact[12:16] + "-" + + compact[16:20] + "-" + + compact[20:32], nil +} + +// LoadEtwMap loads the ETW provider name to GUID mapping from the embedded JSON file. It returns two maps, one for name to GUID and another for GUID to name. If there is an error in loading or parsing the file, it returns empty maps and the error. +func LoadEtwMap() (map[string]string, map[string]string, error) { + onceProvider.Do(func() { + b, err := etwFS.ReadFile(EtwMapFileName) + if err != nil { + return + } + + var cfg EtwInfo + if err := json.Unmarshal(b, &cfg); err != nil { + return + } + + n2g := make(map[string]string) + g2n := make(map[string]string) + + for _, p := range cfg.EtwMap { + name := strings.TrimSpace(p.ProviderName) + guid, err := NormalizeGuid(p.ProviderGuid) + if name == "" || err != nil { + // skip invalid entries + continue + } + + // Duplicate check + if _, ok := n2g[name]; ok { + // skip if already exists + continue + } + if _, ok := g2n[guid]; ok { + // skip if already exists + continue + } + + n2g[name] = guid + g2n[guid] = name + } + + nameToGUID = n2g + guidToName = g2n + + }) + + return nameToGUID, guidToName, nil +} + +// GetDefaultLogSources returns the default log sources from the embedded json file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error. +func GetDefaultLogSources() (LogSourcesInfo, error) { + onceLists.Do(func() { + + allList, err := listFS.ReadFile(DefaultLogSourcesFile) + if err != nil { + return + } + + if err := json.Unmarshal(allList, &defaultLogSources); err != nil { + return + } + }) + return defaultLogSources, nil +} + +// GetDefaultLogSourcesWithMappedGuid returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs. +func GetDefaultLogSourcesWithMappedGuid() (LogSourcesInfo, error) { + onceListMap.Do(func() { + _, err := GetDefaultLogSources() + if err != nil { + return + } + + var logConfig LogConfig + for _, src := range defaultLogSources.LogConfig.Sources { + var source Source + source.Type = src.Type + for _, provider := range src.Providers { + var etwProvider EtwProvider + etwProvider.Keywords = provider.Keywords + etwProvider.Level = provider.Level + etwProvider.ProviderName = provider.ProviderName + etwProvider.ProviderGuid = GetProviderGuidFromName(provider.ProviderName) + source.Providers = append(src.Providers, etwProvider) + } + + logConfig.Sources = append(logConfig.Sources, source) + } + + defaultLogSourcesWithMap.LogConfig = logConfig + }) + return defaultLogSourcesWithMap, nil +} + +// GetProviderGuidFromName returns the provider guid for a given provider name. If the provider name is not found in the map, it returns an empty string. +func GetProviderGuidFromName(providerName string) string { + LoadEtwMap() + return nameToGUID[providerName] +} + +// GetProviderNameFromGuid returns the provider name for a given provider guid. If the provider guid is not found in the map, it returns an empty string. +func GetProviderNameFromGuid(providerGuid string) string { + LoadEtwMap() + return guidToName[providerGuid] +} + +// Updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded json string. If there is an error in the process, it returns the original user provided log sources string. +func UpdateEncodedLogSources(base64EncodedJsonLogConfig string, useDefaultLogSources bool, includeGuids bool) string { + + var resultLogCfg LogSourcesInfo + if useDefaultLogSources { + if includeGuids { + resultLogCfg, _ = GetDefaultLogSourcesWithMappedGuid() + } else { + resultLogCfg, _ = GetDefaultLogSources() + } + } + + if base64EncodedJsonLogConfig != "" { + jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJsonLogConfig) + if err == nil { + var userLogConfig LogSourcesInfo + if err := json.Unmarshal(jsonBytes, &userLogConfig); err == nil { + + resultSrcMap := make(map[string]Source) + + // Add all defaults in map + for _, source := range resultLogCfg.LogConfig.Sources { + resultSrcMap[source.Type] = source + } + + for _, source := range userLogConfig.LogConfig.Sources { + if destSrc, ok := resultSrcMap[source.Type]; ok { + // then update the source's providers + for _, srcProvider := range source.Providers { + if includeGuids { + if srcProvider.ProviderGuid == "" { + srcProvider.ProviderGuid = GetProviderGuidFromName(srcProvider.ProviderName) + } + } else { + // If Include GUIDs is false, then + // We still include GUIDs if that is the only identity present. Only when both Name and GUID is provided for a ETW provider, we + // check if the provided GUID is valid and remove it if we can fetch the same from our well known list of guids by using the name + // This is because the sidecar-GCS prefers verification of log providers by name against the policy. + if srcProvider.ProviderName != "" && srcProvider.ProviderGuid != "" { + guid, _ := NormalizeGuid(srcProvider.ProviderGuid) + if strings.EqualFold(guid, GetProviderGuidFromName(srcProvider.ProviderName)) { + srcProvider.ProviderGuid = "" + } else { + srcProvider.ProviderGuid = guid + } + } + } + destSrc.Providers = append(destSrc.Providers, srcProvider) + + } + resultSrcMap[source.Type] = destSrc + + } else { + resultSrcMap[source.Type] = source + } + + } + + var logSources []Source + for _, src := range resultSrcMap { + logSources = append(logSources, src) + } + + resultLogCfg.LogConfig.Sources = logSources + } + } + } + + if len(resultLogCfg.LogConfig.Sources) == 0 { + return "" + } + + jsonBytes, err := json.Marshal(resultLogCfg) + if err != nil { + return base64EncodedJsonLogConfig + } + + encodedCfg := base64.StdEncoding.EncodeToString(jsonBytes) + return encodedCfg +} diff --git a/internal/uvm/log_wcow.go b/internal/uvm/log_wcow.go index 5a74bf34c9..4ab13d9153 100644 --- a/internal/uvm/log_wcow.go +++ b/internal/uvm/log_wcow.go @@ -9,6 +9,7 @@ import ( "github.com/Microsoft/hcsshim/internal/gcs/prot" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/protocol/guestrequest" + "github.com/Microsoft/hcsshim/internal/vm/vmutils/etw" ) func (uvm *UtilityVM) StartLogForwarding(ctx context.Context) error { @@ -62,9 +63,18 @@ func (uvm *UtilityVM) SetLogSources(ctx context.Context) error { wcaps := gcs.GetWCOWCapabilities(uvm.gc.Capabilities()) if wcaps != nil && wcaps.IsLogForwardingSupported() { // Make a call to the GCS to set the ETW providers + + var settings string + // Determines the log sources to be set based on the configuration. If default log sources are enabled, + // we only include them along with user specified log sources. + // For confidential WCOw, we skip the adding guids to the log sources as the sidecar-GCS will verify the + // allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped. + // For non-confidential WCOW, we include the GUIDs in the log sources as the hcsshim communicates directly with the inboxGCS. + settings = etw.UpdateEncodedLogSources(uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy()) + req := guestrequest.LogForwardServiceRPCRequest{ RPCType: guestrequest.RPCModifyServiceSettings, - Settings: uvm.logSources, + Settings: settings, } err := uvm.gc.ModifyServiceSettings(ctx, prot.LogForwardService, req) if err != nil { diff --git a/internal/uvm/types.go b/internal/uvm/types.go index 84d08c0f2b..5857dbcfc0 100644 --- a/internal/uvm/types.go +++ b/internal/uvm/types.go @@ -144,8 +144,9 @@ type UtilityVM struct { blockCIMMounts map[string]*UVMMountedBlockCIMs blockCIMMountLock sync.Mutex - forwardLogs bool // Indicates whether to forward logs from the UVM to the host - logSources string // ETW providers to enable for log forwarding + forwardLogs bool // Indicates whether to forward logs from the UVM to the host + disableDefaultLogSources bool // Specifies whether addition of default list of ETW providers should be disabled + logSources string // ETW providers to enable for log forwarding } func (uvm *UtilityVM) ScratchEncryptionEnabled() bool { diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index ef35d6c325..29be5f58c1 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -466,12 +466,15 @@ const ( // // Would be encoded as: // - // "io.microsoft.virtualmachine.wcow.logsources" = + // "io.microsoft.virtualmachine.forwardlogs.sources" = // "eyJsb2dDb25maWciOnsic291cmNlcyI6W3sidHlwZSI6IkVUVyIsInByb3ZpZGVycyI6W3sicHJvdmlkZXJHdWlkIjoiODBDRTUwREUtRDI2NC00NTgxLTk1MEQtQUJBREVFRTBEMzQwIiwicHJvdmlkZXJOYW1lIjoiTWljcm9zb2Z0LldpbmRvd3MuSHlwZXJWLkNvbXB1dGUiLCJsZXZlbCI6IkluZm9ybWF0aW9uIn1dfV19fQ==" - LogSources = "io.microsoft.virtualmachine.wcow.logsources" + LogSources = "io.microsoft.virtualmachine.forwardlogs.sources" - // ForwardLogs specifies whether to forward logs to the host or not. - ForwardLogs = "io.microsoft.virtualmachine.wcow.forwardlogs" + // Specifies whether to disable forwarding logs to the host or not. Defaults to false for (non-confidential) WCOW, meaning logs will be forwarded to the host if LogSources is set. And true for confidential containers, meaning logs will not be forwarded to the host by default. + DisableForwardLogs = "io.microsoft.virtualmachine.forwardlogs.disable" + + // Specifies whether to disable default providers or not. Defaults to true. + DisableDefaultLogSources = "io.microsoft.virtualmachine.forwardlogs.defaultsources.disable" ) // LCOW uVM annotations. From c65f0a305457dffdb8bb75014ae7d417e153b0ea Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Wed, 11 Mar 2026 12:29:10 +0530 Subject: [PATCH 2/7] Moving to VMUtils and static analysis fix Signed-off-by: Manish Ranjan Mahanta --- internal/uvm/etw/provider_map.go | 279 -------------- internal/uvm/log_wcow.go | 3 +- .../vmutils}/etw/default-logsources.json | 0 internal/{uvm => vm/vmutils}/etw/etw-map.json | 2 +- internal/vm/vmutils/etw/provider_map.go | 348 ++++++++++++++++++ 5 files changed, 350 insertions(+), 282 deletions(-) delete mode 100644 internal/uvm/etw/provider_map.go rename internal/{uvm => vm/vmutils}/etw/default-logsources.json (100%) rename internal/{uvm => vm/vmutils}/etw/etw-map.json (99%) create mode 100644 internal/vm/vmutils/etw/provider_map.go diff --git a/internal/uvm/etw/provider_map.go b/internal/uvm/etw/provider_map.go deleted file mode 100644 index a647ae1f72..0000000000 --- a/internal/uvm/etw/provider_map.go +++ /dev/null @@ -1,279 +0,0 @@ -package etw - -import ( - "embed" - "encoding/base64" - "encoding/json" - "fmt" - "strings" - "sync" -) - -//go:embed etw-map.json -//go:embed default-logsources.json - -var etwFS embed.FS -var listFS embed.FS - -const ( - EtwMapFileName = "etw-map.json" - DefaultLogSourcesFile = "default-logsources.json" -) - -var ( - onceLists sync.Once - onceListMap sync.Once - defaultLogSources LogSourcesInfo - defaultLogSourcesWithMap LogSourcesInfo -) - -var ( - onceProvider sync.Once - nameToGUID map[string]string // STATIC - guidToName map[string]string // STATIC -) - -// Log Sources JSON structure -type LogSourcesInfo struct { - LogConfig LogConfig `json:"LogConfig"` -} - -type LogConfig struct { - Sources []Source `json:"sources"` -} - -type Source struct { - Type string `json:"type"` - Providers []EtwProvider `json:"providers"` -} - -type EtwProvider struct { - ProviderName string `json:"providerName,omitempty"` - ProviderGuid string `json:"providerGuid,omitempty"` - Level string `json:"level,omitempty"` - Keywords string `json:"keywords,omitempty"` -} - -// ETW - Map JSON structure -type EtwInfo struct { - EtwMap []EtwProviderMap `json:"EtwProviderMap"` -} - -type EtwProviderMap struct { - ProviderName string `json:"providerName"` - ProviderGuid string `json:"providerGuid"` -} - -// NormalizeGuid takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID. -func NormalizeGuid(in string) (string, error) { - s := strings.TrimSpace(in) - s = strings.TrimPrefix(s, "{") - s = strings.TrimSuffix(s, "}") - s = strings.TrimSpace(s) - - compact := strings.ReplaceAll(s, "-", "") - if len(compact) != 32 { - return "", fmt.Errorf("GUID %q has invalid length after normalization (%d, want 32 hex chars)", in, len(compact)) - } - - for i := 0; i < len(compact); i++ { - c := compact[i] - isHex := (c >= '0' && c <= '9') || - (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F') - if !isHex { - return "", fmt.Errorf("GUID %q contains non-hex character %q", in, c) - } - } - - compact = strings.ToUpper(compact) - return compact[0:8] + "-" + - compact[8:12] + "-" + - compact[12:16] + "-" + - compact[16:20] + "-" + - compact[20:32], nil -} - -// LoadEtwMap loads the ETW provider name to GUID mapping from the embedded JSON file. It returns two maps, one for name to GUID and another for GUID to name. If there is an error in loading or parsing the file, it returns empty maps and the error. -func LoadEtwMap() (map[string]string, map[string]string, error) { - onceProvider.Do(func() { - b, err := etwFS.ReadFile(EtwMapFileName) - if err != nil { - return - } - - var cfg EtwInfo - if err := json.Unmarshal(b, &cfg); err != nil { - return - } - - n2g := make(map[string]string) - g2n := make(map[string]string) - - for _, p := range cfg.EtwMap { - name := strings.TrimSpace(p.ProviderName) - guid, err := NormalizeGuid(p.ProviderGuid) - if name == "" || err != nil { - // skip invalid entries - continue - } - - // Duplicate check - if _, ok := n2g[name]; ok { - // skip if already exists - continue - } - if _, ok := g2n[guid]; ok { - // skip if already exists - continue - } - - n2g[name] = guid - g2n[guid] = name - } - - nameToGUID = n2g - guidToName = g2n - - }) - - return nameToGUID, guidToName, nil -} - -// GetDefaultLogSources returns the default log sources from the embedded json file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error. -func GetDefaultLogSources() (LogSourcesInfo, error) { - onceLists.Do(func() { - - allList, err := listFS.ReadFile(DefaultLogSourcesFile) - if err != nil { - return - } - - if err := json.Unmarshal(allList, &defaultLogSources); err != nil { - return - } - }) - return defaultLogSources, nil -} - -// GetDefaultLogSourcesWithMappedGuid returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs. -func GetDefaultLogSourcesWithMappedGuid() (LogSourcesInfo, error) { - onceListMap.Do(func() { - _, err := GetDefaultLogSources() - if err != nil { - return - } - - var logConfig LogConfig - for _, src := range defaultLogSources.LogConfig.Sources { - var source Source - source.Type = src.Type - for _, provider := range src.Providers { - var etwProvider EtwProvider - etwProvider.Keywords = provider.Keywords - etwProvider.Level = provider.Level - etwProvider.ProviderName = provider.ProviderName - etwProvider.ProviderGuid = GetProviderGuidFromName(provider.ProviderName) - source.Providers = append(src.Providers, etwProvider) - } - - logConfig.Sources = append(logConfig.Sources, source) - } - - defaultLogSourcesWithMap.LogConfig = logConfig - }) - return defaultLogSourcesWithMap, nil -} - -// GetProviderGuidFromName returns the provider guid for a given provider name. If the provider name is not found in the map, it returns an empty string. -func GetProviderGuidFromName(providerName string) string { - LoadEtwMap() - return nameToGUID[providerName] -} - -// GetProviderNameFromGuid returns the provider name for a given provider guid. If the provider guid is not found in the map, it returns an empty string. -func GetProviderNameFromGuid(providerGuid string) string { - LoadEtwMap() - return guidToName[providerGuid] -} - -// Updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded json string. If there is an error in the process, it returns the original user provided log sources string. -func UpdateEncodedLogSources(base64EncodedJsonLogConfig string, useDefaultLogSources bool, includeGuids bool) string { - - var resultLogCfg LogSourcesInfo - if useDefaultLogSources { - if includeGuids { - resultLogCfg, _ = GetDefaultLogSourcesWithMappedGuid() - } else { - resultLogCfg, _ = GetDefaultLogSources() - } - } - - if base64EncodedJsonLogConfig != "" { - jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJsonLogConfig) - if err == nil { - var userLogConfig LogSourcesInfo - if err := json.Unmarshal(jsonBytes, &userLogConfig); err == nil { - - resultSrcMap := make(map[string]Source) - - // Add all defaults in map - for _, source := range resultLogCfg.LogConfig.Sources { - resultSrcMap[source.Type] = source - } - - for _, source := range userLogConfig.LogConfig.Sources { - if destSrc, ok := resultSrcMap[source.Type]; ok { - // then update the source's providers - for _, srcProvider := range source.Providers { - if includeGuids { - if srcProvider.ProviderGuid == "" { - srcProvider.ProviderGuid = GetProviderGuidFromName(srcProvider.ProviderName) - } - } else { - // If Include GUIDs is false, then - // We still include GUIDs if that is the only identity present. Only when both Name and GUID is provided for a ETW provider, we - // check if the provided GUID is valid and remove it if we can fetch the same from our well known list of guids by using the name - // This is because the sidecar-GCS prefers verification of log providers by name against the policy. - if srcProvider.ProviderName != "" && srcProvider.ProviderGuid != "" { - guid, _ := NormalizeGuid(srcProvider.ProviderGuid) - if strings.EqualFold(guid, GetProviderGuidFromName(srcProvider.ProviderName)) { - srcProvider.ProviderGuid = "" - } else { - srcProvider.ProviderGuid = guid - } - } - } - destSrc.Providers = append(destSrc.Providers, srcProvider) - - } - resultSrcMap[source.Type] = destSrc - - } else { - resultSrcMap[source.Type] = source - } - - } - - var logSources []Source - for _, src := range resultSrcMap { - logSources = append(logSources, src) - } - - resultLogCfg.LogConfig.Sources = logSources - } - } - } - - if len(resultLogCfg.LogConfig.Sources) == 0 { - return "" - } - - jsonBytes, err := json.Marshal(resultLogCfg) - if err != nil { - return base64EncodedJsonLogConfig - } - - encodedCfg := base64.StdEncoding.EncodeToString(jsonBytes) - return encodedCfg -} diff --git a/internal/uvm/log_wcow.go b/internal/uvm/log_wcow.go index 4ab13d9153..55ffb7cdd3 100644 --- a/internal/uvm/log_wcow.go +++ b/internal/uvm/log_wcow.go @@ -64,13 +64,12 @@ func (uvm *UtilityVM) SetLogSources(ctx context.Context) error { if wcaps != nil && wcaps.IsLogForwardingSupported() { // Make a call to the GCS to set the ETW providers - var settings string // Determines the log sources to be set based on the configuration. If default log sources are enabled, // we only include them along with user specified log sources. // For confidential WCOw, we skip the adding guids to the log sources as the sidecar-GCS will verify the // allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped. // For non-confidential WCOW, we include the GUIDs in the log sources as the hcsshim communicates directly with the inboxGCS. - settings = etw.UpdateEncodedLogSources(uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy()) + settings := etw.UpdateLogSources(ctx, uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy()) req := guestrequest.LogForwardServiceRPCRequest{ RPCType: guestrequest.RPCModifyServiceSettings, diff --git a/internal/uvm/etw/default-logsources.json b/internal/vm/vmutils/etw/default-logsources.json similarity index 100% rename from internal/uvm/etw/default-logsources.json rename to internal/vm/vmutils/etw/default-logsources.json diff --git a/internal/uvm/etw/etw-map.json b/internal/vm/vmutils/etw/etw-map.json similarity index 99% rename from internal/uvm/etw/etw-map.json rename to internal/vm/vmutils/etw/etw-map.json index 1640b705e7..6865f15911 100644 --- a/internal/uvm/etw/etw-map.json +++ b/internal/vm/vmutils/etw/etw-map.json @@ -34,7 +34,7 @@ }, { "providerName": "Microsoft.Windows.LogForwardService.Provider", - "providerGuid": "396A26FF-FB73-5465-0D17-DD493089623" + "providerGuid": "396a26ff-fb73-5465-0d17-dd4930896239" }, { "providerName": "Microsoft.Windows.Security.KeyGuard", diff --git a/internal/vm/vmutils/etw/provider_map.go b/internal/vm/vmutils/etw/provider_map.go new file mode 100644 index 0000000000..da7d95cbd7 --- /dev/null +++ b/internal/vm/vmutils/etw/provider_map.go @@ -0,0 +1,348 @@ +package etw + +import ( + "context" + "embed" + "encoding/base64" + "encoding/json" + "fmt" + "strings" + "sync" + + "github.com/Microsoft/hcsshim/internal/log" +) + +//go:embed etw-map.json default-logsources.json +var embeddedFiles embed.FS + +const ( + EtwMapFileName = "etw-map.json" + DefaultLogSourcesFile = "default-logsources.json" +) + +var ( + onceLists sync.Once + onceListMap sync.Once + defaultLogSources LogSourcesInfo + defaultLogSourcesWithMap LogSourcesInfo +) + +var ( + onceProvider sync.Once + nameToGUID map[string]string // STATIC + guidToName map[string]string // STATIC +) + +// Log Sources JSON structure +type LogSourcesInfo struct { + LogConfig LogConfig `json:"LogConfig"` +} + +type LogConfig struct { + Sources []Source `json:"sources"` +} + +type Source struct { + Type string `json:"type"` + Providers []EtwProvider `json:"providers"` +} + +type EtwProvider struct { + ProviderName string `json:"providerName,omitempty"` + ProviderGUID string `json:"providerGuid,omitempty"` + Level string `json:"level,omitempty"` + Keywords string `json:"keywords,omitempty"` +} + +// ETW - Map JSON structure +type EtwInfo struct { + EtwMap []EtwProviderMap `json:"EtwProviderMap"` +} + +type EtwProviderMap struct { + ProviderName string `json:"providerName"` + ProviderGUID string `json:"providerGuid"` +} + +// NormalizeGUID takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID. +func NormalizeGUID(in string) (string, error) { + s := strings.TrimSpace(in) + s = strings.TrimPrefix(s, "{") + s = strings.TrimSuffix(s, "}") + s = strings.TrimSpace(s) + + compact := strings.ReplaceAll(s, "-", "") + if len(compact) != 32 { + return "", fmt.Errorf("GUID %q has invalid length after normalization (%d, want 32 hex chars)", in, len(compact)) + } + + for i := 0; i < len(compact); i++ { + c := compact[i] + isHex := (c >= '0' && c <= '9') || + (c >= 'a' && c <= 'f') || + (c >= 'A' && c <= 'F') + if !isHex { + return "", fmt.Errorf("GUID %q contains non-hex character %q", in, c) + } + } + + compact = strings.ToUpper(compact) + return compact[0:8] + "-" + + compact[8:12] + "-" + + compact[12:16] + "-" + + compact[16:20] + "-" + + compact[20:32], nil +} + +// LoadEtwMap loads the ETW provider name to GUID mapping from the embedded JSON file. It returns two maps, one for name to GUID and another for GUID to name. If there is an error in loading or parsing the file, it returns empty maps and the error. +func LoadEtwMap(ctx context.Context) (map[string]string, map[string]string, error) { + onceProvider.Do(func() { + b, err := embeddedFiles.ReadFile(EtwMapFileName) + if err != nil { + log.G(ctx).Errorf("Error reading ETW map file: %v", err) + return + } + + var cfg EtwInfo + if err := json.Unmarshal(b, &cfg); err != nil { + log.G(ctx).Errorf("Error unmarshalling ETW map file: %v", err) + return + } + + n2g := make(map[string]string) + g2n := make(map[string]string) + + for _, p := range cfg.EtwMap { + name := strings.TrimSpace(p.ProviderName) + guid, err := NormalizeGUID(p.ProviderGUID) + if name == "" || err != nil { + // skip invalid entries + log.G(ctx).Warningf("Skipping invalid ETW map entry with name %q and GUID %q: %v", p.ProviderName, p.ProviderGUID, err) + continue + } + + // Duplicate check + if _, ok := n2g[name]; ok { + // skip if already exists + log.G(ctx).Warningf("Skipping duplicate ETW provider name %q in ETW map", name) + continue + } + if _, ok := g2n[guid]; ok { + // skip if already exists + log.G(ctx).Warningf("Skipping duplicate ETW provider GUID %q in ETW map", guid) + continue + } + + n2g[name] = guid + g2n[guid] = name + } + + nameToGUID = n2g + guidToName = g2n + + }) + + return nameToGUID, guidToName, nil +} + +// GetDefaultLogSources returns the default log sources from the embedded JSON file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error. +// The default log sources are defined in the "default-logsources.json" file and are loaded only once using sync.Once to ensure thread safety and performance. +// The providers in the default-logsources.json file should only have Provider Names and must not contain GUIDs as the handling of GUIDs is based on the configuration and is done in the UpdateEncodedLogSources function where we +// check if we need to include GUIDs for the log sources based on the configuration and if needed, we map the provider names to their corresponding GUIDs using the ETW map loaded from the "etw-map.json" file. +// The only exception to this is if the provider does not have any name and only has a GUID. +func GetDefaultLogSources(ctx context.Context) (LogSourcesInfo, error) { + onceLists.Do(func() { + + allList, err := embeddedFiles.ReadFile(DefaultLogSourcesFile) + if err != nil { + log.G(ctx).Errorf("Error reading default log sources file: %v", err) + return + } + + if err := json.Unmarshal(allList, &defaultLogSources); err != nil { + log.G(ctx).Errorf("Error unmarshalling default log sources file: %v", err) + return + } + + // Check if the default log sources have provider names. If they do, do not include GUIDs in the + // default log sources, because GUID handling is based on configuration and is done in the + // UpdateEncodedLogSources function. There we check if GUIDs are needed for the log sources and, + // if so, map provider names to their corresponding GUIDs using the ETW map from "etw-map.json". + // The only exception is when a provider has no name and only a GUID. + for i := range defaultLogSources.LogConfig.Sources { + for j := range defaultLogSources.LogConfig.Sources[i].Providers { + if defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderName != "" && + defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID != "" { + defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID = "" + } + } + } + }) + return defaultLogSources, nil +} + +// GetDefaultLogSourcesWithMappedGUID returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs. +func GetDefaultLogSourcesWithMappedGUID(ctx context.Context) (LogSourcesInfo, error) { + onceListMap.Do(func() { + _, err := GetDefaultLogSources(ctx) + if err != nil { + log.G(ctx).Errorf("Error getting default log sources: %v", err) + return + } + + var logConfig LogConfig + for _, src := range defaultLogSources.LogConfig.Sources { + var source Source + source.Type = src.Type + for _, provider := range src.Providers { + var etwProvider EtwProvider + etwProvider.Keywords = provider.Keywords + etwProvider.Level = provider.Level + etwProvider.ProviderName = provider.ProviderName + etwProvider.ProviderGUID = GetProviderGUIDFromName(ctx, provider.ProviderName) + source.Providers = append(source.Providers, etwProvider) + } + + logConfig.Sources = append(logConfig.Sources, source) + } + + defaultLogSourcesWithMap.LogConfig = logConfig + }) + return defaultLogSourcesWithMap, nil +} + +// GetProviderGUIDFromName returns the provider GUID for a given provider name. If the provider name is not found in the map, it returns an empty string. +func GetProviderGUIDFromName(ctx context.Context, providerName string) string { + if _, _, err := LoadEtwMap(ctx); err != nil { + log.G(ctx).Errorf("Error loading ETW map: %v", err) + return "" + } + return nameToGUID[providerName] +} + +// GetProviderNameFromGUID returns the provider name for a given provider GUID. If the provider GUID is not found in the map, it returns an empty string. +func GetProviderNameFromGUID(ctx context.Context, providerGUID string) string { + if _, _, err := LoadEtwMap(ctx); err != nil { + log.G(ctx).Errorf("Error loading ETW map: %v", err) + return "" + } + return guidToName[providerGUID] +} + +// UpdateLogSources updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded JSON string. +// If there is an error in the process, it returns the original user provided log sources string. +func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) string { + var resultLogCfg LogSourcesInfo + if useDefaultLogSources { + resultLogCfg, _ = GetDefaultLogSources(ctx) + } + + if base64EncodedJSONLogConfig != "" { + jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJSONLogConfig) + if err != nil { + log.G(ctx).Errorf("Error decoding base64 log config: %v", err) + } else { + var userLogSources LogSourcesInfo + if err := json.Unmarshal(jsonBytes, &userLogSources); err != nil { + log.G(ctx).Errorf("Error unmarshalling user log config: %v", err) + } else { + // Merge user log sources with default log sources based on the type. If the type matches, + // we merge the providers. If there is a conflict in providers, we append them. + // If the type does not match, we add the user log source as a new source. + for _, userSrc := range userLogSources.LogConfig.Sources { + found := false + for i, defSrc := range resultLogCfg.LogConfig.Sources { + if userSrc.Type == defSrc.Type { + found = true + // Merge providers + providerMap := make(map[string]EtwProvider) + for _, provider := range defSrc.Providers { + key := provider.ProviderName + if provider.ProviderGUID != "" { + if key != "" { + key = provider.ProviderName + "|" + provider.ProviderGUID + } else { + key = provider.ProviderGUID + } + } + providerMap[key] = provider + } + for _, provider := range userSrc.Providers { + key := provider.ProviderName + if provider.ProviderGUID != "" { + if key != "" { + key = provider.ProviderName + "|" + provider.ProviderGUID + } else { + key = provider.ProviderGUID + } + } + providerMap[key] = provider + } + etwProviders := make([]EtwProvider, 0, len(providerMap)) + for _, provider := range providerMap { + etwProviders = append(etwProviders, provider) + } + resultLogCfg.LogConfig.Sources[i].Providers = etwProviders + break + } + } + if !found { + resultLogCfg.LogConfig.Sources = append(resultLogCfg.LogConfig.Sources, userSrc) + } + } + } + } + } + + // Append GUIDs to the providers if includeGUIDs is true. We get the GUIDs from the ETW map based on the provider names. + // If a provider does not have a name and only has a GUID, we keep it as is. + if len(resultLogCfg.LogConfig.Sources) > 0 { + if includeGUIDs { + for i, src := range resultLogCfg.LogConfig.Sources { + for j, provider := range src.Providers { + if provider.ProviderGUID != "" { + guid, err := NormalizeGUID(provider.ProviderGUID) + if err != nil { + log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) + } + resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + } + if provider.ProviderName != "" && provider.ProviderGUID == "" { + resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = GetProviderGUIDFromName(ctx, provider.ProviderName) + } + } + } + } else { + // If includeGUIDs is false, we still want to include GUIDs if that is the only identity present for a provider. + // Only when both Name and GUID is provided for a ETW provider, we check if the provided GUID is valid and remove + // it if we can fetch the same from our well known list of guids by using the name. This is because the sidecar-GCS + // prefers verification of log providers by name against the policy. + for i, src := range resultLogCfg.LogConfig.Sources { + for j, provider := range src.Providers { + if provider.ProviderName != "" && provider.ProviderGUID != "" { + guid, err := NormalizeGUID(provider.ProviderGUID) + if err != nil { + log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) + continue + } + if strings.EqualFold(guid, GetProviderGUIDFromName(ctx, provider.ProviderName)) { + resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" + } else { + resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + } + } + } + } + } + + } + + jsonBytes, err := json.Marshal(resultLogCfg) + if err != nil { + log.G(ctx).Errorf("Error marshalling log config: %v", err) + return base64EncodedJSONLogConfig + } + + encodedCfg := base64.StdEncoding.EncodeToString(jsonBytes) + return encodedCfg +} From 2eac7bbc4d022af0feea9fbde00772a2255056a9 Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Wed, 11 Mar 2026 16:01:01 +0530 Subject: [PATCH 3/7] sidecar-GCS changes to forward modifyServiceSettings Signed-off-by: Manish Ranjan Mahanta --- internal/gcs-sidecar/bridge.go | 1 + internal/gcs-sidecar/handlers.go | 62 ++++++++++++++++++++++++++++++++ internal/gcs-sidecar/uvm.go | 31 ++++++++++++++++ 3 files changed, 94 insertions(+) diff --git a/internal/gcs-sidecar/bridge.go b/internal/gcs-sidecar/bridge.go index 87472cc4a2..1923ee3ded 100644 --- a/internal/gcs-sidecar/bridge.go +++ b/internal/gcs-sidecar/bridge.go @@ -172,6 +172,7 @@ func (b *Bridge) AssignHandlers() { b.HandleFunc(prot.RPCDeleteContainerState, b.deleteContainerState) b.HandleFunc(prot.RPCUpdateContainer, b.updateContainer) b.HandleFunc(prot.RPCLifecycleNotification, b.lifecycleNotification) + b.HandleFunc(prot.RPCModifyServiceSettings, b.modifyServiceSettings) } // readMessage reads the message from io.Reader diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go index 2eee764569..ce7920651c 100644 --- a/internal/gcs-sidecar/handlers.go +++ b/internal/gcs-sidecar/handlers.go @@ -23,6 +23,7 @@ import ( oci "github.com/Microsoft/hcsshim/internal/oci" "github.com/Microsoft/hcsshim/internal/protocol/guestrequest" "github.com/Microsoft/hcsshim/internal/protocol/guestresource" + "github.com/Microsoft/hcsshim/internal/vm/vmutils/etw" "github.com/Microsoft/hcsshim/internal/windevice" "github.com/Microsoft/hcsshim/pkg/annotations" "github.com/Microsoft/hcsshim/pkg/cimfs" @@ -491,6 +492,67 @@ func (b *Bridge) lifecycleNotification(req *request) (err error) { return nil } +func (b *Bridge) modifyServiceSettings(req *request) (err error) { + _, span := oc.StartSpan(req.ctx, "sidecar::modifyServiceSettings") + defer span.End() + defer func() { oc.SetSpanStatus(span, err) }() + + // Todo: Add policy enforcement for modifying service settings + modifyRequest, err := unmarshalModifyServiceSettings(req) + if err != nil { + return err + } + + switch modifyRequest.PropertyType { + case string(prot.LogForwardService): + if modifyRequest.Settings != nil { + log.G(req.ctx).Tracef("modifyServiceSettings for LogForwardService with RPCModifyServiceSettings, enforcing policy for log sources") + settings := modifyRequest.Settings.(*guestrequest.LogForwardServiceRPCRequest) + + switch settings.RPCType { + case guestrequest.RPCModifyServiceSettings, guestrequest.RPCStartLogForwarding, guestrequest.RPCStopLogForwarding: + log.G(req.ctx).Tracef("%v request received for LogForwardService, proceeding with policy enforcement for log sources", settings.RPCType) + // Enforce the policy for log sources in the request and update the settings with allowed log sources. + // For cwcow, the sidecar-GCS will verify the allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped. + // The Enforcer will have to unmarshal the log sources, enforce the policy and then marshal it back to a Base64 encoded JSON string which is what inbox GCS expects. + // It can query etw.GetDefaultLogSources to get the default log sources if the policy allows, and allow providers matching the default list during policy enforcement. + // This is because the log sources can be a combination of default and user specified log sources for which GUIDs need to be appended based on the policy enforcement. + if settings.Settings != "" { + // + // allowedLogSources, err := b.hostState.securityOptions.PolicyEnforcer.EnforceLogForwardServiceSettingsPolicy(req.ctx, settings.LogSources) + + // For now, we are skipping the policy enforcement and allowing all log sources as the policy enforcer implementation is in progress. We will add the enforcement back once it's implemented. + allowedLogSources := settings.Settings // This is Base64 encoded JSON string of log sources + log.G(req.ctx).Tracef("Allowed log sources after policy enforcement: %v", allowedLogSources) + + // Update the allowed log sources in the settings. This will be forwarded to inbox GCS which expects the log sources in a JSON string format with GUIDs for providers included. + allowedLogSources = etw.UpdateLogSources(req.ctx, allowedLogSources, false, true) + settings.Settings = allowedLogSources + } + default: + log.G(req.ctx).Tracef("modifyServiceSettings for LogForwardService with RPCType: %v, skipping policy enforcement", settings.RPCType) + } + modifyRequest.Settings = settings + buf, err := json.Marshal(modifyRequest) + if err != nil { + return fmt.Errorf("failed to marshal modifyServiceSettings request: %w", err) + } + var newRequest request + newRequest.ctx = req.ctx + newRequest.header = req.header + newRequest.header.Size = uint32(len(buf)) + prot.HdrSize + newRequest.message = buf + req = &newRequest + } else { + log.G(req.ctx).Tracef("modifyServiceSettings for LogForwardService with empty settings, skipping policy enforcement") + } + default: + log.G(req.ctx).Tracef("modifyServiceSettings with PropertyType: %v, skipping policy enforcement", modifyRequest.PropertyType) + } + b.forwardRequestToGcs(req) + return nil +} + func volumeGUIDFromLayerPath(path string) (string, bool) { if p, ok := strings.CutPrefix(path, `\\?\Volume{`); ok { if q, ok := strings.CutSuffix(p, `}\Files`); ok { diff --git a/internal/gcs-sidecar/uvm.go b/internal/gcs-sidecar/uvm.go index b3a7792fd4..af560d132b 100644 --- a/internal/gcs-sidecar/uvm.go +++ b/internal/gcs-sidecar/uvm.go @@ -17,6 +17,37 @@ import ( "github.com/Microsoft/hcsshim/internal/protocol/guestresource" ) +func unmarshalModifyServiceSettings(req *request) (_ *prot.ServiceModificationRequest, err error) { + ctx, span := oc.StartSpan(req.ctx, "sidecar::unmarshalModifyServiceSettings") + defer span.End() + defer func() { oc.SetSpanStatus(span, err) }() + + var serviceModifyRequest prot.ServiceModificationRequest + var requestRawSettings json.RawMessage + serviceModifyRequest.Settings = &requestRawSettings + if err := commonutils.UnmarshalJSONWithHresult(req.message, &serviceModifyRequest); err != nil { + return nil, fmt.Errorf("failed to unmarshal rpcModifySettings: %w", err) + } + + if serviceModifyRequest.PropertyType != "" { + switch serviceModifyRequest.PropertyType { + case string(prot.LogForwardService): + log.G(ctx).Info("Unmarshalling log forward service modify settings") + settings := &guestrequest.LogForwardServiceRPCRequest{} + if err := commonutils.UnmarshalJSONWithHresult(requestRawSettings, settings); err != nil { + return nil, fmt.Errorf("invalid LogForwardService modify settings request: %w", err) + } + serviceModifyRequest.Settings = settings + default: + // Invalid request + log.G(ctx).Errorf("Invalid ServiceModificationRequest: %v", serviceModifyRequest.PropertyType) + return nil, fmt.Errorf("invalid ServiceModificationRequest") + } + } + + return &serviceModifyRequest, nil +} + func unmarshalContainerModifySettings(req *request) (_ *prot.ContainerModifySettings, err error) { ctx, span := oc.StartSpan(req.ctx, "sidecar::unmarshalContainerModifySettings") defer span.End() From c3c8e64acd64130c6387312ee4abc4fa49f18ee4 Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Fri, 13 Mar 2026 19:07:04 +0530 Subject: [PATCH 4/7] Making the default sources and map in native go, remvoing unreferenced methods and addressing review comments Signed-off-by: Manish Ranjan Mahanta --- internal/gcs-sidecar/handlers.go | 6 +- .../vm/vmutils/etw/default-logsources.json | 63 - internal/vm/vmutils/etw/default-sources.go | 66 + .../vm/vmutils/etw/default-sources_test.go | 75 + internal/vm/vmutils/etw/etw-map.json | 4780 ----------------- internal/vm/vmutils/etw/etw_map.go | 1199 +++++ internal/vm/vmutils/etw/etw_map_test.go | 65 + internal/vm/vmutils/etw/provider_map.go | 183 +- internal/vm/vmutils/etw/provider_map_test.go | 282 + 9 files changed, 1704 insertions(+), 5015 deletions(-) delete mode 100644 internal/vm/vmutils/etw/default-logsources.json create mode 100644 internal/vm/vmutils/etw/default-sources.go create mode 100644 internal/vm/vmutils/etw/default-sources_test.go delete mode 100644 internal/vm/vmutils/etw/etw-map.json create mode 100644 internal/vm/vmutils/etw/etw_map.go create mode 100644 internal/vm/vmutils/etw/etw_map_test.go create mode 100644 internal/vm/vmutils/etw/provider_map_test.go diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go index ce7920651c..9b35cd1a2b 100644 --- a/internal/gcs-sidecar/handlers.go +++ b/internal/gcs-sidecar/handlers.go @@ -530,7 +530,7 @@ func (b *Bridge) modifyServiceSettings(req *request) (err error) { settings.Settings = allowedLogSources } default: - log.G(req.ctx).Tracef("modifyServiceSettings for LogForwardService with RPCType: %v, skipping policy enforcement", settings.RPCType) + log.G(req.ctx).Warningf("modifyServiceSettings for LogForwardService with RPCType: %v, skipping policy enforcement", settings.RPCType) } modifyRequest.Settings = settings buf, err := json.Marshal(modifyRequest) @@ -544,10 +544,10 @@ func (b *Bridge) modifyServiceSettings(req *request) (err error) { newRequest.message = buf req = &newRequest } else { - log.G(req.ctx).Tracef("modifyServiceSettings for LogForwardService with empty settings, skipping policy enforcement") + log.G(req.ctx).Warningf("modifyServiceSettings for LogForwardService with empty settings, skipping policy enforcement") } default: - log.G(req.ctx).Tracef("modifyServiceSettings with PropertyType: %v, skipping policy enforcement", modifyRequest.PropertyType) + log.G(req.ctx).Warningf("modifyServiceSettings with PropertyType: %v, skipping policy enforcement", modifyRequest.PropertyType) } b.forwardRequestToGcs(req) return nil diff --git a/internal/vm/vmutils/etw/default-logsources.json b/internal/vm/vmutils/etw/default-logsources.json deleted file mode 100644 index 0694f2716d..0000000000 --- a/internal/vm/vmutils/etw/default-logsources.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "LogConfig": { - "sources": [ - { - "type": "ETW", - "providers": [ - { - "providerName": "Microsoft.Windows.HyperV.Compute", - "level": "Information" - }, - { - "providerName": "Microsoft-Windows-Guest-Network-Service", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.FileSystem.CimFS", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.FileSystem.UnionFs", - "level": "Information" - }, - { - "providerName": "Microsoft-Windows-BitLocker-Driver", - "level": "Information" - }, - { - "providerName": "Microsoft-windows-bitlocker-api", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Security.KeyGuard", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Security.KeyGuard.Attestation.Verify", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Containers.Setup", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Containers.Storage", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Containers.Library", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.Containers.DynamicImage", - "level": "Information" - }, - { - "providerName": "Microsoft.Windows.LogForwardService.Provider", - "level": "Information" - } - ] - } - ] - } -} diff --git a/internal/vm/vmutils/etw/default-sources.go b/internal/vm/vmutils/etw/default-sources.go new file mode 100644 index 0000000000..1ee51b301a --- /dev/null +++ b/internal/vm/vmutils/etw/default-sources.go @@ -0,0 +1,66 @@ +package etw + +// defaultLogSourcesInfo is the native Go representation of the default-logsources.json file. +var defaultLogSourcesInfo = LogSourcesInfo{ + LogConfig: LogConfig{ + Sources: []Source{ + { + Type: "ETW", + Providers: []EtwProvider{ + { + ProviderName: "microsoft.windows.hyperv.compute", + Level: "Information", + }, + { + ProviderName: "microsoft-windows-guest-network-service", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.filesystem.cimfs", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.filesystem.unionfs", + Level: "Information", + }, + { + ProviderName: "microsoft-windows-bitlocker-driver", + Level: "Information", + }, + { + ProviderName: "microsoft-windows-bitlocker-api", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.security.keyguard", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.security.keyguard.attestation.verify", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.containers.setup", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.containers.storage", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.containers.library", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.containers.dynamicimage", + Level: "Information", + }, + { + ProviderName: "microsoft.windows.logforwardservice.provider", + Level: "Information", + }, + }, + }, + }, + }, +} diff --git a/internal/vm/vmutils/etw/default-sources_test.go b/internal/vm/vmutils/etw/default-sources_test.go new file mode 100644 index 0000000000..a273f1de39 --- /dev/null +++ b/internal/vm/vmutils/etw/default-sources_test.go @@ -0,0 +1,75 @@ +package etw + +import ( + "strings" + "testing" +) + +func TestDefaultSources_ETWProvidersExistInETWMap(t *testing.T) { + if len(etwNameToGuidMap) == 0 { + t.Fatal("etwNameToGuidMap is empty") + } + + for si, src := range defaultLogSourcesInfo.LogConfig.Sources { + // Only ETW sources should be validated against etwNameToGuidMap. + if !strings.EqualFold(src.Type, "ETW") { + continue + } + + for pi, p := range src.Providers { + if p.ProviderName == "" { + t.Fatalf("empty ProviderName at source index %d provider index %d", si, pi) + } + + key := strings.ToLower(p.ProviderName) + if _, ok := etwNameToGuidMap[key]; !ok { + t.Fatalf( + "provider not found in etwNameToGuidMap: source index=%d provider index=%d provider=%q lookup key=%q", + si, pi, p.ProviderName, key, + ) + } + } + } +} +func TestDefaultSources_NoDuplicateProviders(t *testing.T) { + providerSet := make(map[string]struct{}) + + for si, src := range defaultLogSourcesInfo.LogConfig.Sources { + if !strings.EqualFold(src.Type, "ETW") { + continue + } + for pi, p := range src.Providers { + key := strings.ToLower(p.ProviderName) + if _, exists := providerSet[key]; exists { + t.Fatalf("duplicate provider found: source index=%d provider index=%d provider=%q", si, pi, p.ProviderName) + } + providerSet[key] = struct{}{} + } + } +} + +func TestDefaultSources_NoProviderGUIDProvided(t *testing.T) { + for si, src := range defaultLogSourcesInfo.LogConfig.Sources { + if !strings.EqualFold(src.Type, "ETW") { + continue + } + for pi, p := range src.Providers { + if p.ProviderGUID != "" { + t.Fatalf("ProviderGUID should not be provided: source index=%d provider index=%d provider=%q guid=%q", si, pi, p.ProviderName, p.ProviderGUID) + } + } + } +} + +func TestDefaultSources_AtLeastOneETWSource(t *testing.T) { + found := false + for _, src := range defaultLogSourcesInfo.LogConfig.Sources { + if strings.EqualFold(src.Type, "ETW") { + found = true + break + } + } + if !found { + t.Fatal("no ETW source found in defaultLogSourcesInfo") + } +} diff --git a/internal/vm/vmutils/etw/etw-map.json b/internal/vm/vmutils/etw/etw-map.json deleted file mode 100644 index 6865f15911..0000000000 --- a/internal/vm/vmutils/etw/etw-map.json +++ /dev/null @@ -1,4780 +0,0 @@ -{ - "EtwProviderMap": [ - { - "providerName": "Microsoft.Windows.Containers.Setup", - "providerGuid": "22267B1C-B979-5C81-9E24-0DB386A62DD1" - }, - { - "providerName": "Microsoft.Windows.Containers.Storage", - "providerGuid": "2551390d-5927-5c84-6f0a-027a7e78d38d" - }, - { - "providerName": "Microsoft.Windows.Containers.Library", - "providerGuid": "67eb0417-9297-42ae-a1d9-98bfeb359059" - }, - { - "providerName": "Microsoft.Windows.Containers.DynamicImage", - "providerGuid": "8CE2286C-3705-4A2A-8E36-134EAE9CA147" - }, - { - "providerName": "Microsoft.Windows.FileSystem.CimFS", - "providerGuid": "772ff917-30cf-50bd-d471-55a093ea8cf8" - }, - { - "providerName": "Microsoft.Windows.FileSystem.UnionFs", - "providerGuid": "68d6ffd0-365a-579d-6d26-76b2a0af1ddc" - }, - { - "providerName": "Microsoft-Windows-Guest-Network-Service", - "providerGuid": "0bacf1d2-fb51-549a-6119-04daa7180dc8" - }, - { - "providerName": "Microsoft.Windows.HyperV.Compute", - "providerGuid": "80CE50DE-D264-4581-950D-ABADEEE0D340" - }, - { - "providerName": "Microsoft.Windows.LogForwardService.Provider", - "providerGuid": "396a26ff-fb73-5465-0d17-dd4930896239" - }, - { - "providerName": "Microsoft.Windows.Security.KeyGuard", - "providerGuid": "37e53459-522d-5f7d-9a19-ecfd819075c2" - }, - { - "providerName": "Microsoft.Windows.Security.KeyGuard.Attestation.Verify", - "providerGuid": "268833e4-8305-5640-ecee-0f30f10668be" - }, - { - "providerName": ".NET Common Language Runtime", - "providerGuid": "E13C0D23-CCBC-4E12-931B-D9CC2EEE27E4" - }, - { - "providerName": "ACPI Driver Trace Provider", - "providerGuid": "DAB01D4D-2D48-477D-B1C3-DAAD0CE6F06B" - }, - { - "providerName": "Active Directory Domain Services: SAM", - "providerGuid": "8E598056-8993-11D2-819E-0000F875A064" - }, - { - "providerName": "Active Directory: Kerberos Client", - "providerGuid": "BBA3ADD2-C229-4CDB-AE2B-57EB6966B0C4" - }, - { - "providerName": "Active Directory: NetLogon", - "providerGuid": "F33959B4-DBEC-11D2-895B-00C04F79AB69" - }, - { - "providerName": "ADODB.1", - "providerGuid": "04C8A86F-3369-12F8-4769-24E484A9E725" - }, - { - "providerName": "ADOMD.1", - "providerGuid": "7EA56435-3F2F-3F63-A829-F0B35B5CAD41" - }, - { - "providerName": "AppAgentRuntime", - "providerGuid": "D38B3095-6ABD-419F-A8D5-3D01B8B6A4E7" - }, - { - "providerName": "Application Error", - "providerGuid": "A0E9B465-B939-57D7-B27D-95D8E925FF57" - }, - { - "providerName": "Application Hang", - "providerGuid": "C631C3DC-C676-59E4-2DB3-5C0AF00F9675" - }, - { - "providerName": "Application Popup", - "providerGuid": "47BFA2B7-BD54-4FAC-B70B-29021084CA8F" - }, - { - "providerName": "Application-Addon-Event-Provider", - "providerGuid": "A83FA99F-C356-4DED-9FD6-5A5EB8546D68" - }, - { - "providerName": "ASP.NET Events", - "providerGuid": "AFF081FE-0247-4275-9C4E-021F3DC1DA35" - }, - { - "providerName": "ATA Port Driver Tracing Provider", - "providerGuid": "D08BD885-501E-489A-BAC6-B7D24BFE6BBF" - }, - { - "providerName": "AuthFw NetShell Plugin", - "providerGuid": "935F4AE6-845D-41C6-97FA-380DAD429B72" - }, - { - "providerName": "BCP.1", - "providerGuid": "24722B88-DF97-4FF6-E395-DB533AC42A1E" - }, - { - "providerName": "BFE Trace Provider", - "providerGuid": "106B464A-8043-46B1-8CB8-E92A0CD7A560" - }, - { - "providerName": "BITS Service Trace", - "providerGuid": "4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A" - }, - { - "providerName": "Bootstrapper", - "providerGuid": "498A78F0-D57B-488D-9666-B0E7F5473CD9" - }, - { - "providerName": "Certificate Services Client CredentialRoaming Trace", - "providerGuid": "EF4109DC-68FC-45AF-B329-CA2825437209" - }, - { - "providerName": "Certificate Services Client Trace", - "providerGuid": "F01B7774-7ED7-401E-8088-B576793D7841" - }, - { - "providerName": "Circular Kernel Session Provider", - "providerGuid": "54DEA73A-ED1F-42A4-AF71-3E63D056F174" - }, - { - "providerName": "Classpnp Driver Tracing Provider", - "providerGuid": "FA8DE7C4-ACDE-4443-9994-C4E2359A9EDB" - }, - { - "providerName": "Critical Section Trace Provider", - "providerGuid": "3AC66736-CC59-4CFF-8115-8DF50E39816B" - }, - { - "providerName": "DBNETLIB.1", - "providerGuid": "BD568F20-FCCD-B948-054E-DB3421115D61" - }, - { - "providerName": "Deduplication Tracing Provider", - "providerGuid": "5EBB59D1-4739-4E45-872D-B8703956D84B" - }, - { - "providerName": "Disk Class Driver Tracing Provider", - "providerGuid": "945186BF-3DD6-4F3F-9C8E-9EDD3FC9D558" - }, - { - "providerName": "Downlevel IPsec API", - "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A041" - }, - { - "providerName": "Downlevel IPsec NetShell Plugin", - "providerGuid": "E4FF10D8-8A88-4FC6-82C8-8C23E9462FE5" - }, - { - "providerName": "Downlevel IPsec Policy Store", - "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A070" - }, - { - "providerName": "Downlevel IPsec Service", - "providerGuid": "94335EB3-79EA-44D5-8EA9-306F49B3A040" - }, - { - "providerName": "EA IME API", - "providerGuid": "E2A24A32-00DC-4025-9689-C108C01991C5" - }, - { - "providerName": "Error Instrument", - "providerGuid": "CD7CF0D0-02CC-4872-9B65-0DBA0A90EFE8" - }, - { - "providerName": "FD Core Trace", - "providerGuid": "480217A9-F824-4BD4-BBE8-F371CAAF9A0D" - }, - { - "providerName": "FD Publication Trace", - "providerGuid": "649E3596-2620-4D58-A01F-17AEFE8185DB" - }, - { - "providerName": "FD SSDP Trace", - "providerGuid": "DB1D0418-105A-4C77-9A25-8F96A19716A4" - }, - { - "providerName": "FD WNet Trace", - "providerGuid": "8B20D3E4-581F-4A27-8109-DF01643A7A93" - }, - { - "providerName": "FD WSDAPI Trace", - "providerGuid": "7E2DBFC7-41E8-4987-BCA7-76CADFAD765F" - }, - { - "providerName": "FDPHost Service Trace", - "providerGuid": "F1C521CA-DA82-4D79-9EE4-D7A375723B68" - }, - { - "providerName": "File Kernel Trace; Operation Set 1", - "providerGuid": "D75D8303-6C21-4BDE-9C98-ECC6320F9291" - }, - { - "providerName": "File Kernel Trace; Operation Set 2", - "providerGuid": "058DD951-7604-414D-A5D6-A56D35367A46" - }, - { - "providerName": "File Kernel Trace; Optional Data", - "providerGuid": "7DA1385C-F8F5-414D-B9D0-02FCA090F1EC" - }, - { - "providerName": "File Kernel Trace; Volume To Log", - "providerGuid": "127D46AF-4AD3-489F-9165-F00BA64D5467" - }, - { - "providerName": "FWPKCLNT Trace Provider", - "providerGuid": "AD33FA19-F2D2-46D1-8F4C-E3C3087E45AD" - }, - { - "providerName": "FWPUCLNT Trace Provider", - "providerGuid": "5A1600D2-68E5-4DE7-BCF4-1C2D215FE0FE" - }, - { - "providerName": "Heap Trace Provider", - "providerGuid": "222962AB-6180-4B88-A825-346B75F2A24A" - }, - { - "providerName": "IISConfigurator", - "providerGuid": "753DC014-8B03-40D0-9EA9-1AF6B3084E0A" - }, - { - "providerName": "IISHost", - "providerGuid": "7F3D17A3-0A3D-43F1-BBF2-80E3BB04D54D" - }, - { - "providerName": "IKEEXT Trace Provider", - "providerGuid": "106B464D-8043-46B1-8CB8-E92A0CD7A560" - }, - { - "providerName": "IMAPI1 Shim", - "providerGuid": "1FF10429-99AE-45BB-8A67-C9E945B9FB6C" - }, - { - "providerName": "IMAPI2 Concatenate Stream", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9D" - }, - { - "providerName": "IMAPI2 Disc Master", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E91" - }, - { - "providerName": "IMAPI2 Disc Recorder", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E93" - }, - { - "providerName": "IMAPI2 Disc Recorder Enumerator", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E92" - }, - { - "providerName": "IMAPI2 dll", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E90" - }, - { - "providerName": "IMAPI2 Interleave Stream", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9E" - }, - { - "providerName": "IMAPI2 Media Eraser", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E97" - }, - { - "providerName": "IMAPI2 MSF", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9F" - }, - { - "providerName": "IMAPI2 Multisession Sequential", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7EA0" - }, - { - "providerName": "IMAPI2 Pseudo-Random Stream", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9C" - }, - { - "providerName": "IMAPI2 Raw CD Writer", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9A" - }, - { - "providerName": "IMAPI2 Raw Image Writer", - "providerGuid": "07E397EC-C240-4ED7-8A2A-B9FF0FE5D581" - }, - { - "providerName": "IMAPI2 Standard Data Writer", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E98" - }, - { - "providerName": "IMAPI2 Track-at-Once CD Writer", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E99" - }, - { - "providerName": "IMAPI2 Utilities", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E94" - }, - { - "providerName": "IMAPI2 Write Engine", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E96" - }, - { - "providerName": "IMAPI2 Zero Stream", - "providerGuid": "0E85A5A5-4D5C-44B7-8BDA-5B7AB54F7E9B" - }, - { - "providerName": "IMAPI2FS Tracing", - "providerGuid": "F8036571-42D9-480A-BABB-DE7833CB059C" - }, - { - "providerName": "Intel-iaLPSS-GPIO", - "providerGuid": "D386CC7A-620A-41C1-ABF5-55018C6C699A" - }, - { - "providerName": "Intel-iaLPSS-I2C", - "providerGuid": "D4AEAC44-AD44-456E-9C90-33F8CDCED6AF" - }, - { - "providerName": "Intel-iaLPSS2-GPIO2", - "providerGuid": "63848CFF-3EC7-4DDF-8072-5F95E8C8EB98" - }, - { - "providerName": "Intel-iaLPSS2-I2C", - "providerGuid": "C2F86198-03CA-4771-8D4C-CE6E15CBCA56" - }, - { - "providerName": "IPMI Driver Trace", - "providerGuid": "D5C6A3E9-FA9C-434E-9653-165B4FC869E4" - }, - { - "providerName": "IPMI Provider Trace", - "providerGuid": "651D672B-E11F-41B7-ADD3-C2F6A4023672" - }, - { - "providerName": "KMDFv1 Trace Provider", - "providerGuid": "544D4C9D-942C-46D5-BF50-DF5CD9524A50" - }, - { - "providerName": "Local Security Authority (LSA)", - "providerGuid": "CC85922F-DB41-11D2-9244-006008269001" - }, - { - "providerName": "LsaSrv", - "providerGuid": "199FE037-2B82-40A9-82AC-E1D46C792B99" - }, - { - "providerName": "Microsoft-Antimalware-AMFilter", - "providerGuid": "CFEB0608-330E-4410-B00D-56D8DA9986E6" - }, - { - "providerName": "Microsoft-Antimalware-Engine", - "providerGuid": "0A002690-3839-4E3A-B3B6-96D8DF868D99" - }, - { - "providerName": "Microsoft-Antimalware-Engine-Instrumentation", - "providerGuid": "68621C25-DF8D-4A6B-AABC-19A22E296A7C" - }, - { - "providerName": "Microsoft-Antimalware-NIS", - "providerGuid": "102AAB0A-9D9C-4887-A860-55DE33B96595" - }, - { - "providerName": "Microsoft-Antimalware-Protection", - "providerGuid": "E4B70372-261F-4C54-8FA6-A5A7914D73DA" - }, - { - "providerName": "Microsoft-Antimalware-RTP", - "providerGuid": "8E92DEEF-5E17-413B-B927-59B2F06A3CFC" - }, - { - "providerName": "Microsoft-Antimalware-Scan-Interface", - "providerGuid": "2A576B87-09A7-520E-C21A-4942F0271D67" - }, - { - "providerName": "Microsoft-Antimalware-Service", - "providerGuid": "751EF305-6C6E-4FED-B847-02EF79D26AEF" - }, - { - "providerName": "Microsoft-Antimalware-UacScan", - "providerGuid": "D37E7910-79C8-57C4-DA77-52BB646364CD" - }, - { - "providerName": "Microsoft-AppV-Client", - "providerGuid": "E4F68870-5AE8-4E5B-9CE7-CA9ED75B0245" - }, - { - "providerName": "Microsoft-AppV-Client-StreamingUX", - "providerGuid": "28CB46C7-4003-4E50-8BD9-442086762D12" - }, - { - "providerName": "Microsoft-AppV-ServiceLog", - "providerGuid": "9CC69D1C-7917-4ACD-8066-6BF8B63E551B" - }, - { - "providerName": "Microsoft-AppV-SharedPerformance", - "providerGuid": "FB4A19EE-EB5A-47A4-BC52-E71AAC6D0859" - }, - { - "providerName": "Microsoft-Autopilot-BootstrapperAgent", - "providerGuid": "CB1FF6D6-3248-4484-B96E-0973F64838C4" - }, - { - "providerName": "Microsoft-Client-License-Flexible-Platform", - "providerGuid": "6E0DF32C-7F11-54F7-E8EE-5AD4032727CE" - }, - { - "providerName": "Microsoft-Client-Licensing-Platform", - "providerGuid": "B6CC0D55-9ECC-49A8-B929-2B9022426F2A" - }, - { - "providerName": "Microsoft-ConfigMgr", - "providerGuid": "FD6007DE-16D4-4D5B-A6D7-19AAD3211528" - }, - { - "providerName": "Microsoft-Epm-Events", - "providerGuid": "56B809B5-D9E6-4F21-A807-2A1E3ED4159E" - }, - { - "providerName": "Microsoft-Gaming-Services", - "providerGuid": "BC1BDB57-71A2-581A-147B-E0B49474A2D4" - }, - { - "providerName": "Microsoft-IE", - "providerGuid": "9E3B3947-CA5D-4614-91A2-7B624E0E7244" - }, - { - "providerName": "Microsoft-IE-JSDumpHeap", - "providerGuid": "7F8E35CA-68E8-41B9-86FE-D6ADC5B327E7" - }, - { - "providerName": "Microsoft-IEFRAME", - "providerGuid": "5C8BB950-959E-4309-8908-67961A1205D5" - }, - { - "providerName": "Microsoft-Intune-ControlConfig-Client-Telemetry", - "providerGuid": "9D7ADB63-2E58-4503-B3CE-9017D7C88537" - }, - { - "providerName": "Microsoft-Intune-Epm-Client-Telemetry", - "providerGuid": "8AD61205-8E7E-4BE4-8D30-E2480500B39A" - }, - { - "providerName": "Microsoft-Intune-Sidecar-Client-Telemetry", - "providerGuid": "E20927AF-32D7-4D5D-9F73-82F077A1C891" - }, - { - "providerName": "Microsoft-Inventory-Events", - "providerGuid": "5E6AC3D4-6A7E-4FDC-98F8-7017E4F177BF" - }, - { - "providerName": "Microsoft-JScript", - "providerGuid": "57277741-3638-4A4B-BDBA-0AC6E45DA56C" - }, - { - "providerName": "Microsoft-Office-Events", - "providerGuid": "8736922D-E8B2-47EB-8564-23E77E728CF3" - }, - { - "providerName": "Microsoft-Office-Word", - "providerGuid": "DAF0B914-9C1C-450A-81B2-FEA7244F6FFA" - }, - { - "providerName": "Microsoft-Office-Word2", - "providerGuid": "BB00E856-A12F-4AB7-B2C8-4E80CAEA5B07" - }, - { - "providerName": "Microsoft-Office-Word3", - "providerGuid": "A1B69D49-2195-4F59-9D33-BDF30C0FE473" - }, - { - "providerName": "Microsoft-OneCore-OnlineSetup", - "providerGuid": "41862974-DA3B-4F0B-97D5-BB29FBB9B71E" - }, - { - "providerName": "Microsoft-PerfTrack-IEFRAME", - "providerGuid": "B2A40F1F-A05A-4DFD-886A-4C4F18C4334C" - }, - { - "providerName": "Microsoft-PerfTrack-MSHTML", - "providerGuid": "FFDB9886-80F3-4540-AA8B-B85192217DDF" - }, - { - "providerName": "Microsoft-Quic", - "providerGuid": "FF15E657-4F26-570E-88AB-0796B258D11C" - }, - { - "providerName": "Microsoft-ServiceBus-Client", - "providerGuid": "A307C7A2-A4CD-4D22-8093-94DB72934152" - }, - { - "providerName": "Microsoft-System-Diagnostics-DiagnosticInvoker", - "providerGuid": "9068A924-F97E-5506-C3A3-5C020C00E8E0" - }, - { - "providerName": "Microsoft-User Experience Virtualization-Admin", - "providerGuid": "61BC445E-7A8D-420E-AB36-9C7143881B98" - }, - { - "providerName": "Microsoft-User Experience Virtualization-Agent Driver", - "providerGuid": "DE29CF61-5EE6-43FF-9AAC-959C4E13CC6C" - }, - { - "providerName": "Microsoft-User Experience Virtualization-App Agent", - "providerGuid": "1ED6976A-4171-4764-B415-7EA08BC46C51" - }, - { - "providerName": "Microsoft-User Experience Virtualization-IPC", - "providerGuid": "21D79DB0-8E03-41CD-9589-F3EF7001A92A" - }, - { - "providerName": "Microsoft-User Experience Virtualization-SQM Uploader", - "providerGuid": "57003E21-269B-4BDC-8434-B3BF8D57D2D5" - }, - { - "providerName": "Microsoft-Windows Networking VPN Plugin Platform", - "providerGuid": "E5FC4A0F-7198-492F-9B0F-88FDCBFDED48" - }, - { - "providerName": "Microsoft-Windows-AAD", - "providerGuid": "4DE9BC9C-B27A-43C9-8994-0915F1A5E24F" - }, - { - "providerName": "Microsoft-Windows-AADRT", - "providerGuid": "2DCA52AC-167D-4D59-A491-C237BB978D83" - }, - { - "providerName": "Microsoft-Windows-AccelLib-AccelCx", - "providerGuid": "9C4CF201-DD11-5E35-9DE5-2C2146832011" - }, - { - "providerName": "Microsoft-Windows-ACL-UI", - "providerGuid": "EA4CC8B8-A150-47A3-AFB9-C8D194B19452" - }, - { - "providerName": "Microsoft-Windows-ActionQueue", - "providerGuid": "0DD4D48E-2BBF-452F-A7EC-BA3DBA8407AE" - }, - { - "providerName": "Microsoft-Windows-ADSI", - "providerGuid": "7288C9F8-D63C-4932-A345-89D6B060174D" - }, - { - "providerName": "Microsoft-Windows-AIT", - "providerGuid": "6ADDABF4-8C54-4EAB-BF4F-FBEF61B62EB0" - }, - { - "providerName": "Microsoft-Windows-All-User-Install-Agent", - "providerGuid": "D2E990DA-8504-4702-A5E5-367FC2F823BF" - }, - { - "providerName": "Microsoft-Windows-AppHost", - "providerGuid": "98E0765D-8C42-44A3-A57B-760D7F93225A" - }, - { - "providerName": "Microsoft-Windows-AppID", - "providerGuid": "3CB2A168-FE19-4A4E-BDAD-DCF422F13473" - }, - { - "providerName": "Microsoft-Windows-AppIDServiceTrigger", - "providerGuid": "D02A9C27-79B8-40D6-9B97-CF3F8B7B5D60" - }, - { - "providerName": "Microsoft-Windows-ApplicabilityEngine", - "providerGuid": "10A208DD-A372-421C-9D99-4FAD6DB68B62" - }, - { - "providerName": "Microsoft-Windows-Application Server-Applications", - "providerGuid": "C651F5F6-1C0D-492E-8AE1-B4EFD7C9D503" - }, - { - "providerName": "Microsoft-Windows-Application-Experience", - "providerGuid": "EEF54E71-0661-422D-9A98-82FD4940B820" - }, - { - "providerName": "Microsoft-Windows-ApplicationExperience-Cache", - "providerGuid": "6D8A3A60-40AF-445A-98CA-99359E500146" - }, - { - "providerName": "Microsoft-Windows-ApplicationExperience-LookupServiceTrigger", - "providerGuid": "18F4A5FD-FD3B-40A5-8FC2-E5D261C5D02E" - }, - { - "providerName": "Microsoft-Windows-ApplicationExperience-SwitchBack", - "providerGuid": "17D6E590-F5FE-11DC-95FF-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-ApplicationExperienceInfrastructure", - "providerGuid": "5EC13D8E-4B3F-422E-A7E7-3121A1D90C7A" - }, - { - "providerName": "Microsoft-Windows-AppLocker", - "providerGuid": "CBDA4DBF-8D5D-4F69-9578-BE14AA540D22" - }, - { - "providerName": "Microsoft-Windows-AppModel-Exec", - "providerGuid": "EB65A492-86C0-406A-BACE-9912D595BD69" - }, - { - "providerName": "Microsoft-Windows-AppModel-MessagingDataModel", - "providerGuid": "1E2462BE-B025-48DA-8C1F-7B60B8CCAE53" - }, - { - "providerName": "Microsoft-Windows-AppModel-Runtime", - "providerGuid": "F1EF270A-0D32-4352-BA52-DBAB41E1D859" - }, - { - "providerName": "Microsoft-Windows-AppModel-State", - "providerGuid": "BFF15E13-81BF-45EE-8B16-7CFEAD00DA86" - }, - { - "providerName": "Microsoft-Windows-AppReadiness", - "providerGuid": "F0BE35F8-237B-4814-86B5-ADE51192E503" - }, - { - "providerName": "Microsoft-Windows-AppSruProv", - "providerGuid": "0CC157B3-CF07-4FC2-91EE-31AC92E05FE1" - }, - { - "providerName": "Microsoft-Windows-AppXDeployment", - "providerGuid": "8127F6D4-59F9-4ABF-8952-3E3A02073D5F" - }, - { - "providerName": "Microsoft-Windows-AppXDeployment-Server", - "providerGuid": "3F471139-ACB7-4A01-B7A7-FF5DA4BA2D43" - }, - { - "providerName": "Microsoft-Windows-AppXDeployment-Server-UndockedDeh", - "providerGuid": "43833E12-078D-4D7D-8AAF-AE8C8520F18C" - }, - { - "providerName": "Microsoft-Windows-AppxPackagingOM", - "providerGuid": "BA723D81-0D0C-4F1E-80C8-54740F508DDF" - }, - { - "providerName": "Microsoft-Windows-ASN1", - "providerGuid": "D92EF8AC-99DD-4AB8-B91D-C6EBA85F3755" - }, - { - "providerName": "Microsoft-Windows-AssignedAccess", - "providerGuid": "8530DB6E-51C0-43D6-9D02-A8C2088526CD" - }, - { - "providerName": "Microsoft-Windows-AssignedAccessBroker", - "providerGuid": "F2311B48-32BE-4902-A22A-7240371DBB2C" - }, - { - "providerName": "Microsoft-Windows-AsynchronousCausality", - "providerGuid": "19A4C69A-28EB-4D4B-8D94-5F19055A1B5C" - }, - { - "providerName": "Microsoft-Windows-ATAPort", - "providerGuid": "CB587AD1-CC35-4EF1-AD93-36CC82A2D319" - }, - { - "providerName": "Microsoft-Windows-Audio", - "providerGuid": "AE4BD3BE-F36F-45B6-8D21-BDD6FB832853" - }, - { - "providerName": "Microsoft-Windows-Audit", - "providerGuid": "75EBC33E-0936-4A55-9D26-5F298F3180BF" - }, - { - "providerName": "Microsoft-Windows-Audit-CVE", - "providerGuid": "85A62A0D-7E17-485F-9D4F-749A287193A6" - }, - { - "providerName": "Microsoft-Windows-AuthenticationProvider", - "providerGuid": "DDDC1D91-51A1-4A8D-95B5-350C4EE3D809" - }, - { - "providerName": "Microsoft-Windows-AxInstallService", - "providerGuid": "DAB3B18C-3C0F-43E8-80B1-E44BC0DAD901" - }, - { - "providerName": "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher", - "providerGuid": "648A0644-7D62-4FD3-8841-440064762F95" - }, - { - "providerName": "Microsoft-Windows-Base-Filtering-Engine-Connections", - "providerGuid": "121D3DA8-BAF1-4DCB-929F-2D4C9A47F7AB" - }, - { - "providerName": "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows", - "providerGuid": "92765247-03A9-4AE3-A575-B42264616E78" - }, - { - "providerName": "Microsoft-Windows-Battery", - "providerGuid": "59819D0A-ADAF-46B2-8D7C-990BC39C7C15" - }, - { - "providerName": "Microsoft-Windows-BfeTriggerProvider", - "providerGuid": "54732EE5-61CA-4727-9DA1-10BE5A4F773D" - }, - { - "providerName": "Microsoft-Windows-Biometrics", - "providerGuid": "A0E3D8EA-C34F-4419-A1DB-90435B8B21D0" - }, - { - "providerName": "Microsoft-Windows-BitLocker-API", - "providerGuid": "5D674230-CA9F-11DA-A94D-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-BitLocker-DrivePreparationTool", - "providerGuid": "632F767E-0EC3-47B9-BA1C-A0E62A74728A" - }, - { - "providerName": "Microsoft-Windows-BitLocker-Driver", - "providerGuid": "651DF93B-5053-4D1E-94C5-F6E6D25908D0" - }, - { - "providerName": "Microsoft-Windows-BitLocker-Driver-Performance", - "providerGuid": "1DE130E1-C026-4CBF-BA0F-AB608E40AEEA" - }, - { - "providerName": "Microsoft-Windows-Bits-Client", - "providerGuid": "EF1CC15B-46C1-414E-BB95-E76B077BD51E" - }, - { - "providerName": "Microsoft-Windows-Bluetooth-BthLEPrepairing", - "providerGuid": "4AF188AC-E9C4-4C11-B07B-1FABC07DFEB2" - }, - { - "providerName": "Microsoft-Windows-Bluetooth-Bthmini", - "providerGuid": "DB25B328-A6F6-444F-9D97-A50E20217D16" - }, - { - "providerName": "Microsoft-Windows-Bluetooth-MTPEnum", - "providerGuid": "04268430-D489-424D-B914-0CFF741D6684" - }, - { - "providerName": "Microsoft-Windows-Bluetooth-Policy", - "providerGuid": "0602ECEF-6381-4BC0-AEDA-EB9BB919B276" - }, - { - "providerName": "Microsoft-Windows-BootUX", - "providerGuid": "67D781BD-CBD2-4BD2-AD1F-6152FB891246" - }, - { - "providerName": "Microsoft-Windows-BranchCache", - "providerGuid": "7EAFCF79-06A7-460B-8A55-BD0A0C9248AA" - }, - { - "providerName": "Microsoft-Windows-BranchCacheClientEventProvider", - "providerGuid": "E837619C-A2A8-4689-833F-47B48EBD2442" - }, - { - "providerName": "Microsoft-Windows-BranchCacheEventProvider", - "providerGuid": "DD85457F-4E2D-44A5-A7A7-6253362E34DC" - }, - { - "providerName": "Microsoft-Windows-BranchCacheMonitoring", - "providerGuid": "A2F55524-8EBC-45FD-88E4-A1B39F169E08" - }, - { - "providerName": "Microsoft-Windows-BranchCacheSMB", - "providerGuid": "4A933674-FB3D-4E8D-B01D-17EE14E91A3E" - }, - { - "providerName": "Microsoft-Windows-BrokerInfrastructure", - "providerGuid": "E6835967-E0D2-41FB-BCEC-58387404E25A" - }, - { - "providerName": "Microsoft-Windows-BTH-BTHPORT", - "providerGuid": "8A1F9517-3A8C-4A9E-A018-4F17A200F277" - }, - { - "providerName": "Microsoft-Windows-BTH-BTHUSB", - "providerGuid": "33693E1D-246A-471B-83BE-3E75F47A832D" - }, - { - "providerName": "Microsoft-Windows-Build-RegDll", - "providerGuid": "D39B6336-CFCB-483B-8C76-7C3E7D02BCB8" - }, - { - "providerName": "Microsoft-Windows-CAPI2", - "providerGuid": "5BBCA4A8-B209-48DC-A8C7-B23D3E5216FB" - }, - { - "providerName": "Microsoft-Windows-CDROM", - "providerGuid": "9B6123DC-9AF6-4430-80D7-7D36F054FB9F" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient", - "providerGuid": "73370BD6-85E5-430B-B60A-FEA1285808A7" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient-AutoEnrollment", - "providerGuid": "F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient-CertEnroll", - "providerGuid": "54164045-7C50-4905-963F-E5BC1EEF0CCA" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient-CredentialRoaming", - "providerGuid": "89A2278B-C662-4AFF-A06C-46AD3F220BCA" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient-Lifecycle-System", - "providerGuid": "BC0669E1-A10D-4A78-834E-1CA3C806C93B" - }, - { - "providerName": "Microsoft-Windows-CertificateServicesClient-Lifecycle-User", - "providerGuid": "BEA18B89-126F-4155-9EE4-D36038B02680" - }, - { - "providerName": "Microsoft-Windows-CertificationAuthorityClient-CertCli", - "providerGuid": "98BF1CD3-583E-4926-95EE-A61BF3F46470" - }, - { - "providerName": "Microsoft-Windows-CertPolEng", - "providerGuid": "AF9CC194-E9A8-42BD-B0D1-834E9CFAB799" - }, - { - "providerName": "Microsoft-Windows-Cleanmgr", - "providerGuid": "9AE87B12-A014-5288-92DF-E3030981EBAB" - }, - { - "providerName": "Microsoft-Windows-ClearTypeTextTuner", - "providerGuid": "0A88862D-20A3-4C1F-B76F-162C55ADBF93" - }, - { - "providerName": "Microsoft-Windows-CloudFiles-Filter", - "providerGuid": "4580BB06-BAED-5B62-A4D5-92FA7156E7DB" - }, - { - "providerName": "Microsoft-Windows-CloudRestoreLauncher", - "providerGuid": "DC327E90-7748-58ED-F39C-8A8987CFAC58" - }, - { - "providerName": "Microsoft-Windows-CloudStore", - "providerGuid": "741BB90C-A7A3-49D6-BD82-1E6B858403F7" - }, - { - "providerName": "Microsoft-Windows-CmiSetup", - "providerGuid": "75EBC33E-0CC6-49DA-8CD9-8903A5222AA0" - }, - { - "providerName": "Microsoft-Windows-CodeIntegrity", - "providerGuid": "4EE76BD8-3CF4-44A0-A0AC-3937643E37A3" - }, - { - "providerName": "Microsoft-Windows-COM", - "providerGuid": "D4263C98-310C-4D97-BA39-B55354F08584" - }, - { - "providerName": "Microsoft-Windows-COM-Perf", - "providerGuid": "B8D6861B-D20F-4EEC-BBAE-87E0DD80602B" - }, - { - "providerName": "Microsoft-Windows-COM-RundownInstrumentation", - "providerGuid": "2957313D-FCAA-5D4A-2F69-32CE5F0AC44E" - }, - { - "providerName": "Microsoft-Windows-ComDlg32", - "providerGuid": "7F912B92-21AD-496E-B97A-88622A72BC42" - }, - { - "providerName": "Microsoft-Windows-Compat-Appraiser", - "providerGuid": "442C11C5-304B-45A4-AE73-DC2194C4E876" - }, - { - "providerName": "Microsoft-Windows-Complus", - "providerGuid": "0F177893-4A9C-4709-B921-F432D67F43D5" - }, - { - "providerName": "Microsoft-Windows-COMRuntime", - "providerGuid": "BF406804-6AFA-46E7-8A48-6C357E1D6D61" - }, - { - "providerName": "Microsoft-Windows-Configuration-Change-Monitor", - "providerGuid": "A148CF02-BE6D-5F08-94E3-B68DE60D8422" - }, - { - "providerName": "Microsoft-Windows-Containers-BindFlt", - "providerGuid": "FC4E8F51-7A04-4BAB-8B91-6321416F72AB" - }, - { - "providerName": "Microsoft-Windows-Containers-Wcifs", - "providerGuid": "AEC5C129-7C10-407D-BE97-91A042C61AAA" - }, - { - "providerName": "Microsoft-Windows-CoreSystem-InitMachineConfig", - "providerGuid": "0B886108-1899-4D3A-9C0D-42D8FC4B9108" - }, - { - "providerName": "Microsoft-Windows-CoreSystem-NetProvision-JoinProviderOnline", - "providerGuid": "3629DD4D-D6F1-4302-A623-0768B51501C7" - }, - { - "providerName": "Microsoft-Windows-CoreSystem-SmsRouter", - "providerGuid": "A9C11050-9E93-4FA4-8FE0-7C4750A345B2" - }, - { - "providerName": "Microsoft-Windows-CoreWindow", - "providerGuid": "A3D95055-34CC-4E4A-B99F-EC88F5370495" - }, - { - "providerName": "Microsoft-Windows-CorruptedFileRecovery-Client", - "providerGuid": "BA093605-3909-4345-990B-26B746ADEE0A" - }, - { - "providerName": "Microsoft-Windows-CorruptedFileRecovery-Server", - "providerGuid": "D6F68875-CDF5-43A5-A3E3-53FFD683311C" - }, - { - "providerName": "Microsoft-Windows-Crashdump", - "providerGuid": "ECDAACFA-6FE9-477C-B5F0-85B76F8F50AA" - }, - { - "providerName": "Microsoft-Windows-CredUI", - "providerGuid": "5A24FCDB-1CF3-477B-B422-EF4909D51223" - }, - { - "providerName": "Microsoft-Windows-Crypto-BCrypt", - "providerGuid": "C7E089AC-BA2A-11E0-9AF7-68384824019B" - }, - { - "providerName": "Microsoft-Windows-Crypto-CNG", - "providerGuid": "E3E0E2F0-C9C5-11E0-8AB9-9EBC4824019B" - }, - { - "providerName": "Microsoft-Windows-Crypto-DPAPI", - "providerGuid": "89FE8F40-CDCE-464E-8217-15EF97D4C7C3" - }, - { - "providerName": "Microsoft-Windows-Crypto-DSSEnh", - "providerGuid": "43DAD447-735F-4829-A6FF-9829A87419FF" - }, - { - "providerName": "Microsoft-Windows-Crypto-NCrypt", - "providerGuid": "E8ED09DC-100C-45E2-9FC8-B53399EC1F70" - }, - { - "providerName": "Microsoft-Windows-Crypto-RNG", - "providerGuid": "54D5AC20-E14F-4FDA-92DA-EBF7556FF176" - }, - { - "providerName": "Microsoft-Windows-Crypto-RSAEnh", - "providerGuid": "152FDB2B-6E9D-4B60-B317-815D5F174C4A" - }, - { - "providerName": "Microsoft-Windows-D3D10Level9", - "providerGuid": "7E7D3382-023C-43CB-95D2-6F0CA6D70381" - }, - { - "providerName": "Microsoft-Windows-D3D9", - "providerGuid": "783ACA0A-790E-4D7F-8451-AA850511C6B9" - }, - { - "providerName": "Microsoft-Windows-DAL-Provider", - "providerGuid": "7E87506F-BACE-4BF1-BC09-3A1F37045C71" - }, - { - "providerName": "Microsoft-Windows-Data-Pdf", - "providerGuid": "B97561FE-B27A-4C48-AA3E-7D3ADDC105B1" - }, - { - "providerName": "Microsoft-Windows-DataIntegrityScan", - "providerGuid": "13BC4371-4E21-4E46-A84F-8C0FFB548CED" - }, - { - "providerName": "Microsoft-Windows-DateTimeControlPanel", - "providerGuid": "741FC222-44ED-4BA7-98E3-F405B2D2C4B4" - }, - { - "providerName": "Microsoft-Windows-DCLocator", - "providerGuid": "CFAA5446-C6C4-4F5C-866F-31C9B55B962D" - }, - { - "providerName": "Microsoft-Windows-DDisplay", - "providerGuid": "75051C9D-2833-4A29-8923-046DB7A432CA" - }, - { - "providerName": "Microsoft-Windows-Deduplication", - "providerGuid": "F9FE3908-44B8-48D9-9A32-5A763FF5ED79" - }, - { - "providerName": "Microsoft-Windows-Deduplication-Change", - "providerGuid": "1D5E499D-739C-45A6-A3E1-8CBE0A352BEB" - }, - { - "providerName": "Microsoft-Windows-Defrag-Core", - "providerGuid": "E3257C8C-C7CB-444F-9DA0-5D92A2625289" - }, - { - "providerName": "Microsoft-Windows-DeliveryOptimization", - "providerGuid": "F8AD09BA-419C-5134-1750-270F4D0FB889" - }, - { - "providerName": "Microsoft-Windows-Deplorch", - "providerGuid": "B9DA9FE6-AE5F-4F3E-B2FA-8E623C11DC75" - }, - { - "providerName": "Microsoft-Windows-DesktopActivityModerator", - "providerGuid": "32DD13DF-9C0B-4C3B-B854-EE76C050F5F4" - }, - { - "providerName": "Microsoft-Windows-DeviceAssociationService", - "providerGuid": "56C71C31-CFBD-4CDD-8559-505E042BBBE1" - }, - { - "providerName": "Microsoft-Windows-DeviceConfidence", - "providerGuid": "1D5990C1-EC62-49F0-9E37-1F4DB12DB41E" - }, - { - "providerName": "Microsoft-Windows-DeviceGuard", - "providerGuid": "F717D024-F5B4-4F03-9AB9-331B2DC38FFB" - }, - { - "providerName": "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider", - "providerGuid": "3DA494E4-0FE2-415C-B895-FB5265C5C83B" - }, - { - "providerName": "Microsoft-Windows-DeviceManagement-Pushrouter", - "providerGuid": "F1201B5A-E170-42B6-8D20-B57AC57E6416" - }, - { - "providerName": "Microsoft-Windows-Devices-AccessBroker", - "providerGuid": "64FB8D23-F0B6-5D2D-B1F6-488303C1761F" - }, - { - "providerName": "Microsoft-Windows-Devices-Background", - "providerGuid": "64EF2B1C-4AE1-4E64-8599-1636E441EC88" - }, - { - "providerName": "Microsoft-Windows-Devices-Query", - "providerGuid": "DF63D0DC-97C2-5E48-C1CC-7B46BFD4DF88" - }, - { - "providerName": "Microsoft-Windows-DeviceSetupManager", - "providerGuid": "FCBB06BB-6A2A-46E3-ABAA-246CB4E508B2" - }, - { - "providerName": "Microsoft-Windows-DeviceSync", - "providerGuid": "09EC9687-D7AD-40CA-9C5E-78A04A5AE993" - }, - { - "providerName": "Microsoft-Windows-DeviceUpdateAgent", - "providerGuid": "E8F9AF91-AFBE-5A03-DFEC-5D591686326C" - }, - { - "providerName": "Microsoft-Windows-DeviceUx", - "providerGuid": "DED165CF-485D-4770-A3E7-9C5F0320E80C" - }, - { - "providerName": "Microsoft-Windows-DevMgmt-UefiCsp", - "providerGuid": "739D66D8-76C4-4004-873F-169AE5C6EACA" - }, - { - "providerName": "Microsoft-Windows-DfsSvc", - "providerGuid": "7DA4FE0E-FD42-4708-9AA5-89B77A224885" - }, - { - "providerName": "Microsoft-Windows-Dhcp-Client", - "providerGuid": "15A7A4F8-0072-4EAB-ABAD-F98A4D666AED" - }, - { - "providerName": "Microsoft-Windows-DHCPv6-Client", - "providerGuid": "6A1F2B00-6A90-4C38-95A5-5CAB3B056778" - }, - { - "providerName": "Microsoft-Windows-DiagCpl", - "providerGuid": "1A396961-5F3C-4C71-8310-44C653C0BF8A" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-AdvancedTaskManager", - "providerGuid": "178DADAF-7AC4-4593-AB3E-A45FDA6D0D55" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-DPS", - "providerGuid": "6BBA3851-2C7E-4DEA-8F54-31E5AFD029E3" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-MSDE", - "providerGuid": "A50B09F8-93EB-4396-84C9-DC921259F952" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-PCW", - "providerGuid": "AABF8B86-7936-4FA2-ACB0-63127F879DBF" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-PLA", - "providerGuid": "E4D53F84-7DE3-11D8-9435-505054503030" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-Scheduled", - "providerGuid": "40AB57C2-1C53-4DF9-9324-FF7CF898A02C" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-Scripted", - "providerGuid": "E1DD7E52-621D-44E3-A1AD-0370C2B25946" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider", - "providerGuid": "9363CCD9-D429-4452-9ADB-2501E704B810" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-WDC", - "providerGuid": "05921578-2261-42C7-A0D3-26DDBCE6C50D" - }, - { - "providerName": "Microsoft-Windows-Diagnosis-WDI", - "providerGuid": "E01B1A7C-C5C9-4E67-99A9-5E85ACFB2E10" - }, - { - "providerName": "Microsoft-Windows-Diagnostics-LoggingChannel", - "providerGuid": "4BD2826E-54A1-4BA9-BF63-92B73EA1AC4A" - }, - { - "providerName": "Microsoft-Windows-Diagnostics-Networking", - "providerGuid": "36C23E18-0E66-11D9-BBEB-505054503030" - }, - { - "providerName": "Microsoft-Windows-Diagnostics-Performance", - "providerGuid": "CFC18EC0-96B1-4EBA-961B-622CAEE05B0A" - }, - { - "providerName": "Microsoft-Windows-Diagnostics-PerfTrack", - "providerGuid": "030F2F57-ABD0-4427-BCF1-3A3587D7DC7D" - }, - { - "providerName": "Microsoft-Windows-Direct3D10", - "providerGuid": "9B7E4C0F-342C-4106-A19F-4F2704F689F0" - }, - { - "providerName": "Microsoft-Windows-Direct3D10_1", - "providerGuid": "9B7E4C8F-342C-4106-A19F-4F2704F689F0" - }, - { - "providerName": "Microsoft-Windows-Direct3D11", - "providerGuid": "DB6F6DDB-AC77-4E88-8253-819DF9BBF140" - }, - { - "providerName": "Microsoft-Windows-Direct3D12", - "providerGuid": "5D8087DD-3A9B-4F56-90DF-49196CDC4F11" - }, - { - "providerName": "Microsoft-Windows-Direct3DShaderCache", - "providerGuid": "2D4EBCA6-EA64-453F-A292-AE2EA0EE513B" - }, - { - "providerName": "Microsoft-Windows-DirectComposition", - "providerGuid": "C44219D0-F344-11DF-A5E2-B307DFD72085" - }, - { - "providerName": "Microsoft-Windows-DirectManipulation", - "providerGuid": "5786E035-EF2D-4178-84F2-5A6BBEDBB947" - }, - { - "providerName": "Microsoft-Windows-Directory-Services-SAM", - "providerGuid": "0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE" - }, - { - "providerName": "Microsoft-Windows-Directory-Services-SAM-Utility", - "providerGuid": "BD8FEA17-5549-4B49-AA03-1981D16396A9" - }, - { - "providerName": "Microsoft-Windows-DirectShow-Core", - "providerGuid": "968F313B-097F-4E09-9CDD-BC62692D138B" - }, - { - "providerName": "Microsoft-Windows-DirectShow-KernelSupport", - "providerGuid": "3CC2D4AF-DA5E-4ED4-BCBE-3CF995940483" - }, - { - "providerName": "Microsoft-Windows-DirectSound", - "providerGuid": "8A93B54B-C75A-49B5-A5BE-9060715B1A33" - }, - { - "providerName": "Microsoft-Windows-Disk", - "providerGuid": "6B4DB0BC-9A3D-467D-81B9-A84C6F2F3D40" - }, - { - "providerName": "Microsoft-Windows-DiskDiagnostic", - "providerGuid": "E670A5A2-CE74-4AB4-9347-61B815319F4C" - }, - { - "providerName": "Microsoft-Windows-DiskDiagnosticDataCollector", - "providerGuid": "E104FB41-6B04-4F3A-B47D-F0DF2F02B954" - }, - { - "providerName": "Microsoft-Windows-DiskDiagnosticResolver", - "providerGuid": "6B1FFE48-5B1E-4793-9F7F-AE926454499D" - }, - { - "providerName": "Microsoft-Windows-Dism-Api", - "providerGuid": "75B0DA21-8B50-42EB-9448-EC48B1729B57" - }, - { - "providerName": "Microsoft-Windows-Dism-Cli", - "providerGuid": "2F959466-24D4-4972-8729-0D5E3539EBC3" - }, - { - "providerName": "Microsoft-Windows-Display", - "providerGuid": "6ECE3302-FEE1-4EA9-8B88-086D459ED976" - }, - { - "providerName": "Microsoft-Windows-DisplayColorCalibration", - "providerGuid": "3239EB6F-C7FC-4953-AA15-646829A4CA4C" - }, - { - "providerName": "Microsoft-Windows-DisplaySwitch", - "providerGuid": "192EDE41-9175-4C86-AC02-9D003C9D43AB" - }, - { - "providerName": "Microsoft-Windows-DistributedCOM", - "providerGuid": "1B562E86-B7AA-4131-BADC-B6F3A001407E" - }, - { - "providerName": "Microsoft-Windows-DLNA-Namespace", - "providerGuid": "D38FB874-33E4-4DCF-911E-1B53BB106D53" - }, - { - "providerName": "Microsoft-Windows-DNS-Client", - "providerGuid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D" - }, - { - "providerName": "Microsoft-Windows-Documents", - "providerGuid": "C89B991E-3B48-49B2-80D3-AC000DFC9749" - }, - { - "providerName": "Microsoft-Windows-DomainJoinManagerTriggerProvider", - "providerGuid": "5B004607-1087-4F16-B10E-979685A8D131" - }, - { - "providerName": "Microsoft-Windows-DotNETRuntime", - "providerGuid": "E13C0D23-CCBC-4E12-931B-D9CC2EEE27E4" - }, - { - "providerName": "Microsoft-Windows-DotNETRuntimeRundown", - "providerGuid": "A669021C-C450-4609-A035-5AF59AF4DF18" - }, - { - "providerName": "Microsoft-Windows-DriverFrameworks-KernelMode-Performance", - "providerGuid": "486A5C7C-11CC-46C5-9DE7-43DFE0BB57C1" - }, - { - "providerName": "Microsoft-Windows-DriverFrameworks-UserMode", - "providerGuid": "2E35AAEB-857F-4BEB-A418-2E6C0E54D988" - }, - { - "providerName": "Microsoft-Windows-DriverFrameworks-UserMode-Performance", - "providerGuid": "9FA5DD5D-999E-466A-8CA9-7B3A66F8882F" - }, - { - "providerName": "Microsoft-Windows-DriverProxy", - "providerGuid": "45C0E4CB-5120-5F84-0418-8A18ED702E9A" - }, - { - "providerName": "Microsoft-Windows-DSC", - "providerGuid": "50DF9E12-A8C4-4939-B281-47E1325BA63E" - }, - { - "providerName": "Microsoft-Windows-DUI", - "providerGuid": "8360BD0F-A7DC-4391-91A7-A457C5C381E4" - }, - { - "providerName": "Microsoft-Windows-DUSER", - "providerGuid": "8429E243-345B-47C1-8A91-2C94CAF0DAAB" - }, - { - "providerName": "Microsoft-Windows-DVD", - "providerGuid": "E18D0FCA-9515-4232-98E4-89E456D8551B" - }, - { - "providerName": "Microsoft-Windows-Dwm-Api", - "providerGuid": "292A52C4-FA27-4461-B526-54A46430BD54" - }, - { - "providerName": "Microsoft-Windows-Dwm-Compositor", - "providerGuid": "044A9015-D96C-5DD1-0199-72D258325298" - }, - { - "providerName": "Microsoft-Windows-Dwm-Core", - "providerGuid": "9E9BBA3C-2E38-40CB-99F4-9E8281425164" - }, - { - "providerName": "Microsoft-Windows-Dwm-Dwm", - "providerGuid": "D29D56EA-4867-4221-B02E-CFD998834075" - }, - { - "providerName": "Microsoft-Windows-Dwm-Redir", - "providerGuid": "7D99F6A4-1BEC-4C09-9703-3AAA8148347F" - }, - { - "providerName": "Microsoft-Windows-Dwm-Udwm", - "providerGuid": "A2D1C713-093B-43A7-B445-D09370EC9F47" - }, - { - "providerName": "Microsoft-Windows-DXGI", - "providerGuid": "CA11C036-0102-4A2D-A6AD-F03CFED5D3C9" - }, - { - "providerName": "Microsoft-Windows-DXGIDebug", - "providerGuid": "F1FF64EF-FAF3-5699-8E51-F6EC2FBD97D1" - }, - { - "providerName": "Microsoft-Windows-DxgKrnl", - "providerGuid": "802EC45A-1E99-4B83-9920-87C98277BA9D" - }, - { - "providerName": "Microsoft-Windows-DxgKrnl-SysMm", - "providerGuid": "9DE90B19-62C4-511D-A1C5-9E990812D18B" - }, - { - "providerName": "Microsoft-Windows-DXP", - "providerGuid": "728B8C72-0F0F-4071-9BCC-27CB3B6DACBE" - }, - { - "providerName": "Microsoft-Windows-DxpTaskSyncProvider", - "providerGuid": "271C5228-C3FE-4E47-831F-48C3652CE5AC" - }, - { - "providerName": "Microsoft-Windows-EapHost", - "providerGuid": "6EB8DB94-FE96-443F-A366-5FE0CEE7FB1C" - }, - { - "providerName": "Microsoft-Windows-EapMethods-RasChap", - "providerGuid": "58980F4B-BD39-4A3E-B344-492ED2254A4E" - }, - { - "providerName": "Microsoft-Windows-EapMethods-RasTls", - "providerGuid": "9CC0413E-5717-4AF5-82EB-6103D8707B45" - }, - { - "providerName": "Microsoft-Windows-EapMethods-Sim", - "providerGuid": "3D42A67D-9CE8-4284-B755-2550672B0CE0" - }, - { - "providerName": "Microsoft-Windows-EapMethods-Ttls", - "providerGuid": "D710D46C-235D-4798-AC20-9F83E1DCD557" - }, - { - "providerName": "Microsoft-Windows-EaseOfAccess", - "providerGuid": "74B4A4B1-2302-4768-AC5B-9773DD456B08" - }, - { - "providerName": "Microsoft-Windows-EDP-AppLearning", - "providerGuid": "9803DAA0-81BA-483A-986C-F0E395B9F8D1" - }, - { - "providerName": "Microsoft-Windows-EDP-Audit-Regular", - "providerGuid": "50F99B2D-96D2-421F-BE4C-222C4140DA9F" - }, - { - "providerName": "Microsoft-Windows-EDP-Audit-TCB", - "providerGuid": "287D59B6-79BA-4741-A08B-2FEDEEDE6435" - }, - { - "providerName": "Microsoft-Windows-EFS", - "providerGuid": "3663A992-84BE-40EA-BBA9-90C7ED544222" - }, - { - "providerName": "Microsoft-Windows-ELS-Hyphenation", - "providerGuid": "51AEDB05-890B-4ADE-8BA1-0BA14B8E8973" - }, - { - "providerName": "Microsoft-Windows-EndpointTriggerProvider", - "providerGuid": "92AAB24D-D9A9-4A60-9F94-201FED3E3E88" - }, - { - "providerName": "Microsoft-Windows-Energy-Estimation-Engine", - "providerGuid": "DDCC3826-A68A-4E0D-BCFD-9C06C27C6948" - }, - { - "providerName": "Microsoft-Windows-EnergyEfficiencyWizard", - "providerGuid": "1A772F65-BE1E-4FC6-96BB-248E03FA60F5" - }, - { - "providerName": "Microsoft-Windows-EnhancedPhishingProtection-Events", - "providerGuid": "E8ABC5FB-BF87-5462-278D-1B5E18775A8F" - }, - { - "providerName": "Microsoft-Windows-EnhancedStorage-ClassDriver", - "providerGuid": "F6CF91BE-E7D7-57D6-2A3D-278CA406D190" - }, - { - "providerName": "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv", - "providerGuid": "AA3AA23B-BB6D-425A-B58C-1D7E37F5D02A" - }, - { - "providerName": "Microsoft-Windows-EQoS", - "providerGuid": "54CB22FF-26B4-4393-A8C2-6B0715912C5F" - }, - { - "providerName": "Microsoft-Windows-ErrorReportingConsole", - "providerGuid": "017247F2-7E96-11DC-8314-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-ESE", - "providerGuid": "478EA8A8-00BE-4BA6-8E75-8B9DC7DB9F78" - }, - { - "providerName": "Microsoft-Windows-EventCollector", - "providerGuid": "B977CF02-76F6-DF84-CC1A-6A4B232322B6" - }, - { - "providerName": "Microsoft-Windows-Eventlog", - "providerGuid": "FC65DDD8-D6EF-4962-83D5-6E5CFE9CE148" - }, - { - "providerName": "Microsoft-Windows-EventLog-WMIProvider", - "providerGuid": "35AC6CE8-6104-411D-976C-877F183D2D32" - }, - { - "providerName": "Microsoft-Windows-EventSystem", - "providerGuid": "899DAACE-4868-4295-AFCD-9EB8FB497561" - }, - { - "providerName": "Microsoft-Windows-exFAT-SQM", - "providerGuid": "494E7A3D-8DB9-4EC4-B43E-2844AF6E38D6" - }, - { - "providerName": "Microsoft-Windows-FailoverClustering-Client", - "providerGuid": "A82FDA5D-745F-409C-B0FE-18AE0678A0E0" - }, - { - "providerName": "Microsoft-Windows-Fat-SQM", - "providerGuid": "3E59A529-B0B3-4A11-8129-9FFE6BB46EB9" - }, - { - "providerName": "Microsoft-Windows-Fault-Tolerant-Heap", - "providerGuid": "6B93BF66-A922-4C11-A617-CF60D95C133D" - }, - { - "providerName": "Microsoft-Windows-FeatureConfiguration", - "providerGuid": "C2F36562-A1E4-4BC3-A6F6-01A7ADB643E8" - }, - { - "providerName": "Microsoft-Windows-Feedback-Service-TriggerProvider", - "providerGuid": "E46EEAD8-0C54-4489-9898-8FA79D059E0E" - }, - { - "providerName": "Microsoft-Windows-FileHistory-Catalog", - "providerGuid": "B447B4DC-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-ConfigManager", - "providerGuid": "B447B4DD-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-Core", - "providerGuid": "B447B4DB-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-Engine", - "providerGuid": "B447B4DE-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-EventListener", - "providerGuid": "B447B4DF-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-Service", - "providerGuid": "B447B4E0-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileHistory-UI", - "providerGuid": "B447B4E1-7780-11E0-ADA3-18A90531A85A" - }, - { - "providerName": "Microsoft-Windows-FileInfoMinifilter", - "providerGuid": "A319D300-015C-48BE-ACDB-47746E154751" - }, - { - "providerName": "Microsoft-Windows-FilterManager", - "providerGuid": "F3C5E28E-63F6-49C7-A204-E48A1BC4B09D" - }, - { - "providerName": "Microsoft-Windows-Firewall", - "providerGuid": "E595F735-B42A-494B-AFCD-B68666945CD3" - }, - { - "providerName": "Microsoft-Windows-Firewall-CPL", - "providerGuid": "546549BE-9D63-46AA-9154-4F6EB9526378" - }, - { - "providerName": "Microsoft-Windows-FirstUX-PerfInstrumentation", - "providerGuid": "FBEF8096-2CA3-4082-ACDE-DCFB47E96B72" - }, - { - "providerName": "Microsoft-Windows-FltMgrTrace_307b3ab035ae31a8462e37b4da258d1a", - "providerGuid": "307B3AB0-35AE-31A8-462E-37B4DA258D1A" - }, - { - "providerName": "Microsoft-Windows-FMS", - "providerGuid": "DEA07764-0790-44DE-B9C4-49677B17174F" - }, - { - "providerName": "Microsoft-Windows-Folder Redirection", - "providerGuid": "7D7B0C39-93F6-4100-BD96-4DDA859652C5" - }, - { - "providerName": "Microsoft-Windows-Forwarding", - "providerGuid": "699E309C-E782-4400-98C8-E21D162D7B7B" - }, - { - "providerName": "Microsoft-Windows-FunctionDiscovery", - "providerGuid": "9DB0FDB5-3B21-440E-A94B-63738A4BE5DE" - }, - { - "providerName": "Microsoft-Windows-FunctionDiscoveryHost", - "providerGuid": "538CBBAD-4877-4EB2-B26E-7CAEE8F0F8CB" - }, - { - "providerName": "Microsoft-Windows-GenericRoaming", - "providerGuid": "4EACB4D0-263B-4B93-8CD6-778A278E5642" - }, - { - "providerName": "Microsoft-Windows-GPIO-ClassExtension", - "providerGuid": "55AB77F6-FA04-43EF-AF45-688FBF500482" - }, - { - "providerName": "Microsoft-Windows-GPIOButtons", - "providerGuid": "E13FF11E-E989-4838-A9FA-38A4D13914CF" - }, - { - "providerName": "Microsoft-Windows-Graphics-Capture-Server", - "providerGuid": "7D0CBD25-390E-524D-8C1E-2A8E846055C0" - }, - { - "providerName": "Microsoft-Windows-Graphics-Printing", - "providerGuid": "E7AA32FB-77D0-477F-987D-7E83DF1B7ED0" - }, - { - "providerName": "Microsoft-Windows-Graphics-Printing3D", - "providerGuid": "BE967569-E3C8-425B-AD0E-4F2C790B1848" - }, - { - "providerName": "Microsoft-Windows-GraphicsCapture-API", - "providerGuid": "347D2CDF-F126-56D7-12B1-69E27C655D7E" - }, - { - "providerName": "Microsoft-Windows-GroupPolicy", - "providerGuid": "AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9" - }, - { - "providerName": "Microsoft-Windows-GroupPolicyTriggerProvider", - "providerGuid": "BD2F4252-5E1E-49FC-9A30-F3978AD89EE2" - }, - { - "providerName": "Microsoft-Windows-HAL", - "providerGuid": "63D1E632-95CC-4443-9312-AF927761D52A" - }, - { - "providerName": "Microsoft-Windows-HealthCenter", - "providerGuid": "588C5C5A-FFC5-44A2-9A7F-D5E8DBE6EFD7" - }, - { - "providerName": "Microsoft-Windows-HealthCenterCPL", - "providerGuid": "959F1FAC-7CA8-4ED1-89DC-CDFA7E093CB0" - }, - { - "providerName": "Microsoft-Windows-Heap-Snapshot", - "providerGuid": "901D2AFA-4FF6-46D7-8D0E-53645E1A47F5" - }, - { - "providerName": "Microsoft-Windows-HelloForBusiness", - "providerGuid": "906B8A99-63CE-58D7-86AB-10989BBD5567" - }, - { - "providerName": "Microsoft-Windows-Help", - "providerGuid": "DE513A55-C345-438B-9A74-E18CAC5C5CC5" - }, - { - "providerName": "Microsoft-Windows-hidcfu", - "providerGuid": "7628E972-6D6F-4974-B58F-6428622EC09A" - }, - { - "providerName": "Microsoft-Windows-HomeGroup-ControlPanel", - "providerGuid": "134EA407-755D-4A93-B8A6-F290CD155023" - }, - { - "providerName": "Microsoft-Windows-Host-Network-Management", - "providerGuid": "93F693DC-9163-4DEE-AF64-D855218AF242" - }, - { - "providerName": "Microsoft-Windows-Host-Network-Service", - "providerGuid": "0C885E0D-6EB6-476C-A048-2457EED3A5C1" - }, - { - "providerName": "Microsoft-Windows-HostGuardianClient-Service", - "providerGuid": "5D487FAD-104B-5CA6-CA4E-14C206850501" - }, - { - "providerName": "Microsoft-Windows-HostGuardianService-CA", - "providerGuid": "9FB3388C-A54C-4E98-BDD1-445A82ED4BF7" - }, - { - "providerName": "Microsoft-Windows-HostGuardianService-Client", - "providerGuid": "7DEE1FDC-FFA8-4087-912A-95189D6A2D7F" - }, - { - "providerName": "Microsoft-Windows-Hotpatch-Monitor", - "providerGuid": "57EAF242-3772-533C-9FD2-29ED95606D14" - }, - { - "providerName": "Microsoft-Windows-HotspotAuth", - "providerGuid": "DE095DBE-8667-4168-94C2-48CA61665ACA" - }, - { - "providerName": "Microsoft-Windows-Http-SQM-Provider", - "providerGuid": "F5344219-87A4-4399-B14A-E59CD118ABB8" - }, - { - "providerName": "Microsoft-Windows-HttpEvent", - "providerGuid": "7B6BC78C-898B-4170-BBF8-1A469EA43FC5" - }, - { - "providerName": "Microsoft-Windows-HttpLog", - "providerGuid": "C42A2738-2333-40A5-A32F-6ACC36449DCC" - }, - { - "providerName": "Microsoft-Windows-HttpService", - "providerGuid": "DD5EF90A-6398-47A4-AD34-4DCECDEF795F" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Chipset", - "providerGuid": "DE9BA731-7F33-4F44-98C9-6CAC856B9F83" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Compute", - "providerGuid": "17103E3F-3C6E-4677-BB17-3B267EB5BE57" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-ComputeLib", - "providerGuid": "AF7FD3A7-B248-460C-A9F5-FEC39EF8468C" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Config", - "providerGuid": "02F3A5E3-E742-4720-85A5-F64C4184E511" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-CrashDump", - "providerGuid": "C7C9E4F7-C41D-5C68-F104-D72A920016C7" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Debug", - "providerGuid": "EDED5085-79D0-4E31-9B4E-4299B78CBEEB" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-DynMem", - "providerGuid": "B1D080A6-F3A5-42F6-B6F1-B9FD86C088DA" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-EmulatedDevices", - "providerGuid": "DA5A028B-B248-4A75-B60A-024FE6457484" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-EmulatedNic", - "providerGuid": "09242393-1349-4F4D-9FD7-59CC79F553CE" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-EmulatedStor", - "providerGuid": "86E15E01-EDF1-4AC7-89CF-B19563FD6894" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Dynamic-Memory", - "providerGuid": "BA2FFB5C-E20A-4FB9-91B4-45F61B4B66A0" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Storage-Filter", - "providerGuid": "0B9FDCCC-451C-449C-9BD8-6756FCC6091A" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Guest-Drivers-Vmbus", - "providerGuid": "F2E2CE31-0E8A-4E46-A03B-2E0FE97E93C2" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Hierarchical-NIC-Switch", - "providerGuid": "31732CA5-D67C-59FD-DD5C-60A136EE4953" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Hypervisor", - "providerGuid": "52FC89F8-995E-434C-A91E-199986449890" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Integration", - "providerGuid": "2B74A015-3873-4C56-9928-EA80C58B2787" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Integration-RDV", - "providerGuid": "FDFF33EC-70AA-46D3-BA65-7210009FA2A7" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-KMCL", - "providerGuid": "FA3F78FF-BA6D-4EDE-96B2-9C5BB803E3BA" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-KMCL-Child", - "providerGuid": "16D90D71-CACA-5CD9-A618-8210D93015F3" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Netvsc", - "providerGuid": "152FBE4B-C7AD-4F68-BADA-A4FCC1464F6C" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Serial", - "providerGuid": "8F9DF503-1D12-49EC-BB28-F6EC42D361D4" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-StorageVSP", - "providerGuid": "10B3D268-9782-49A4-AACC-A93C5482CB6F" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-SynthFcVdev", - "providerGuid": "5B621A17-3B58-4D03-94F0-314F4E9C79AE" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-SynthNic", - "providerGuid": "C29C4FB7-B60E-4FFF-9AF9-CF21F9B09A34" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-SynthStor", - "providerGuid": "EDACD782-2564-4497-ADE6-7199377850F2" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Tpm", - "providerGuid": "13EAE551-76CA-4DDC-B974-D3A0F8D44A03" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-UiDevices", - "providerGuid": "339AAD0A-4124-4968-8147-4CBBB1F8B3D5" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VfpExt", - "providerGuid": "9F2660EA-CFE7-428F-9850-AECA612619B0" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VfpExt-Ifr", - "providerGuid": "DBA692D9-D755-51B8-84EE-FE38FD18F4F0" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VID", - "providerGuid": "5931D877-4860-4EE7-A95C-610A5F0D1407" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Virtual-PMEM", - "providerGuid": "AE3F5BF8-AB9F-56D6-29C8-8C312E2FAEC2" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VmbusVdev", - "providerGuid": "177D1599-9764-4E3A-BF9A-C86887AADDCE" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VMMS", - "providerGuid": "6066F867-7CA1-4418-85FD-36E3F9C0600C" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VMSP", - "providerGuid": "1CEB22B1-97FF-4703-BEB2-333EB89B522A" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VmSwitch", - "providerGuid": "67DC0D66-3695-47C0-9642-33F76F7BD7AD" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-VSmb", - "providerGuid": "7B0EA079-E3BC-424A-B2F0-E3D8478D204B" - }, - { - "providerName": "Microsoft-Windows-Hyper-V-Worker", - "providerGuid": "51DDFA29-D5C8-4803-BE4B-2ECB715570FE" - }, - { - "providerName": "Microsoft-Windows-IdCtrls", - "providerGuid": "6D7662A9-034E-4B1F-A167-67819C401632" - }, - { - "providerName": "Microsoft-Windows-IdleTriggerProvider", - "providerGuid": "9E03F75A-BCBE-428A-8F3C-D46F2A444935" - }, - { - "providerName": "Microsoft-Windows-IE-F12-Provider", - "providerGuid": "D17FFF2F-392D-478C-A41D-737A216EB2A4" - }, - { - "providerName": "Microsoft-Windows-IE-SmartScreen", - "providerGuid": "52F82079-1974-4C67-81DA-807B892778BB" - }, - { - "providerName": "Microsoft-Windows-IME-Broker", - "providerGuid": "E2C15FD7-8924-4C8C-8CFE-DA0BE539CE27" - }, - { - "providerName": "Microsoft-Windows-IME-CandidateUI", - "providerGuid": "7C4117B1-ED82-4F47-B2CA-29E4E25719C7" - }, - { - "providerName": "Microsoft-Windows-IME-CustomerFeedbackManager", - "providerGuid": "E2242B38-9453-42FD-B446-00746E76EB82" - }, - { - "providerName": "Microsoft-Windows-IME-CustomerFeedbackManagerUI", - "providerGuid": "1B734B40-A458-4B81-954F-AD7C9461BED8" - }, - { - "providerName": "Microsoft-Windows-IME-JPAPI", - "providerGuid": "31BCAC7F-4AB8-47A1-B73A-A161EE68D585" - }, - { - "providerName": "Microsoft-Windows-IME-JPLMP", - "providerGuid": "DBC388BC-89C2-4FE0-B71F-6E4881FB575C" - }, - { - "providerName": "Microsoft-Windows-IME-JPPRED", - "providerGuid": "3AD571F3-BDAE-4942-8733-4D1B85870A1E" - }, - { - "providerName": "Microsoft-Windows-IME-JPSetting", - "providerGuid": "14371053-1813-471A-9510-1CF1D0A055A8" - }, - { - "providerName": "Microsoft-Windows-IME-JPTIP", - "providerGuid": "8C8A69AD-CC89-481F-BBAD-FD95B5006256" - }, - { - "providerName": "Microsoft-Windows-IME-KRAPI", - "providerGuid": "7562948E-2671-4DDA-8F8F-BF945EF984A1" - }, - { - "providerName": "Microsoft-Windows-IME-KRTIP", - "providerGuid": "E013E74B-97F4-4E1C-A120-596E5629ECFE" - }, - { - "providerName": "Microsoft-Windows-IME-OEDCompiler", - "providerGuid": "FD44A6E7-580F-4A9C-83D9-D820B7D3A033" - }, - { - "providerName": "Microsoft-Windows-IME-TCCORE", - "providerGuid": "F67B2345-47FA-4721-A6FB-FE08110EECF7" - }, - { - "providerName": "Microsoft-Windows-IME-TCTIP", - "providerGuid": "D5268C02-6F51-436F-983B-74F2EFBFAF3A" - }, - { - "providerName": "Microsoft-Windows-IME-TIP", - "providerGuid": "BDD4B92E-19EF-4497-9C4A-E10E7FD2E227" - }, - { - "providerName": "Microsoft-Windows-Immersive-Shell", - "providerGuid": "315A8872-923E-4EA2-9889-33CD4754BF64" - }, - { - "providerName": "Microsoft-Windows-Immersive-Shell-API", - "providerGuid": "5F0E257F-C224-43E5-9555-2ADCB8540A58" - }, - { - "providerName": "Microsoft-Windows-IndirectDisplays-ClassExtension-Events", - "providerGuid": "966CD1C0-3F69-42AD-9877-517DCE8462B4" - }, - { - "providerName": "Microsoft-Windows-Input-HIDCLASS", - "providerGuid": "6465DA78-E7A0-4F39-B084-8F53C7C30DC6" - }, - { - "providerName": "Microsoft-Windows-InputSwitch", - "providerGuid": "BB8E7234-BBF4-48A7-8741-339206ED1DFB" - }, - { - "providerName": "Microsoft-Windows-Install-Agent", - "providerGuid": "E0C6F6DE-258A-50E0-AC1A-103482D118BC" - }, - { - "providerName": "Microsoft-Windows-International-RegionalOptionsControlPanel", - "providerGuid": "C6BF6832-F7BD-4151-AC21-753CE4707453" - }, - { - "providerName": "Microsoft-Windows-Iphlpsvc", - "providerGuid": "66A5C15C-4F8E-4044-BF6E-71D896038977" - }, - { - "providerName": "Microsoft-Windows-Iphlpsvc-Trace", - "providerGuid": "6600E712-C3B6-44A2-8A48-935C511F28C8" - }, - { - "providerName": "Microsoft-Windows-IPMIProvider", - "providerGuid": "2A45D52E-BBF3-4843-8E18-B356ED5F6A65" - }, - { - "providerName": "Microsoft-Windows-IPNAT", - "providerGuid": "A67075C2-3E39-4109-B6CD-6D750058A732" - }, - { - "providerName": "Microsoft-Windows-IPSEC-SRV", - "providerGuid": "C91EF675-842F-4FCF-A5C9-6EA93F2E4F8B" - }, - { - "providerName": "Microsoft-Windows-IPxlatCfg", - "providerGuid": "3E5AC668-AF52-4C15-B99B-A3E7A6616EBD" - }, - { - "providerName": "Microsoft-Windows-IsolatedUserMode", - "providerGuid": "73A33AB2-1966-4999-8ADD-868C41415269" - }, - { - "providerName": "Microsoft-Windows-KdsSvc", - "providerGuid": "89203471-D554-47D4-BDE4-7552EC219999" - }, - { - "providerName": "Microsoft-Windows-Kerberos-Local-Key-Distribution-Center", - "providerGuid": "57C834D7-0368-5D1B-8F01-1E2F89F0000D" - }, - { - "providerName": "Microsoft-Windows-Kernel-Acpi", - "providerGuid": "C514638F-7723-485B-BCFC-96565D735D4A" - }, - { - "providerName": "Microsoft-Windows-Kernel-AppCompat", - "providerGuid": "16A1ADC1-9B7F-4CD9-94B3-D8296AB1B130" - }, - { - "providerName": "Microsoft-Windows-Kernel-Audit-API-Calls", - "providerGuid": "E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23" - }, - { - "providerName": "Microsoft-Windows-Kernel-Boot", - "providerGuid": "15CA44FF-4D7A-4BAA-BBA5-0998955E531E" - }, - { - "providerName": "Microsoft-Windows-Kernel-BootDiagnostics", - "providerGuid": "96AC7637-5950-4A30-B8F7-E07E8E5734C1" - }, - { - "providerName": "Microsoft-Windows-Kernel-Cache", - "providerGuid": "A2D34BF1-70AB-5B21-C819-5A0DD42748FD" - }, - { - "providerName": "Microsoft-Windows-Kernel-CPU-Partition", - "providerGuid": "3A493674-937F-5A23-F598-D56B9BD10D28" - }, - { - "providerName": "Microsoft-Windows-Kernel-CPU-Starvation", - "providerGuid": "7F54CA8A-6C72-5CBC-B96F-D0EF905B8BCE" - }, - { - "providerName": "Microsoft-Windows-Kernel-Disk", - "providerGuid": "C7BDE69A-E1E0-4177-B6EF-283AD1525271" - }, - { - "providerName": "Microsoft-Windows-Kernel-Dump", - "providerGuid": "17D2A329-4539-5F4D-3435-F510634CE3B9" - }, - { - "providerName": "Microsoft-Windows-Kernel-EventTracing", - "providerGuid": "B675EC37-BDB6-4648-BC92-F3FDC74D3CA2" - }, - { - "providerName": "Microsoft-Windows-Kernel-File", - "providerGuid": "EDD08927-9CC4-4E65-B970-C2560FB5C289" - }, - { - "providerName": "Microsoft-Windows-Kernel-General", - "providerGuid": "A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D" - }, - { - "providerName": "Microsoft-Windows-Kernel-Interrupt-Steering", - "providerGuid": "951B41EA-C830-44DC-A671-E2C9958809B8" - }, - { - "providerName": "Microsoft-Windows-Kernel-IO", - "providerGuid": "ABF1F586-2E50-4BA8-928D-49044E6F0DB7" - }, - { - "providerName": "Microsoft-Windows-Kernel-IoTrace", - "providerGuid": "A103CABD-8242-4A93-8DF5-1CDF3B3F26A6" - }, - { - "providerName": "Microsoft-Windows-Kernel-Licensing-StartServiceTrigger", - "providerGuid": "F5528ADA-BE5F-4F14-8AEF-A95DE7281161" - }, - { - "providerName": "Microsoft-Windows-Kernel-LicensingSqm", - "providerGuid": "A0AF438F-4431-41CB-A675-A265050EE947" - }, - { - "providerName": "Microsoft-Windows-Kernel-LiveDump", - "providerGuid": "BEF2AA8E-81CD-11E2-A7BB-5EAC6188709B" - }, - { - "providerName": "Microsoft-Windows-Kernel-Memory", - "providerGuid": "D1D93EF7-E1F2-4F45-9943-03D245FE6C00" - }, - { - "providerName": "Microsoft-Windows-Kernel-Network", - "providerGuid": "7DD42A49-5329-4832-8DFD-43D979153A88" - }, - { - "providerName": "Microsoft-Windows-Kernel-Pep", - "providerGuid": "5412704E-B2E1-4624-8FFD-55777B8F7373" - }, - { - "providerName": "Microsoft-Windows-Kernel-PnP", - "providerGuid": "9C205A39-1250-487D-ABD7-E831C6290539" - }, - { - "providerName": "Microsoft-Windows-Kernel-PnP-Rundown", - "providerGuid": "B3A0C2C8-83BB-4DDF-9F8D-4B22D3C38AD7" - }, - { - "providerName": "Microsoft-Windows-Kernel-Power", - "providerGuid": "331C3B3A-2005-44C2-AC5E-77220C37D6B4" - }, - { - "providerName": "Microsoft-Windows-Kernel-PowerTrigger", - "providerGuid": "AA1F73E8-15FD-45D2-ABFD-E7F64F78EB11" - }, - { - "providerName": "Microsoft-Windows-Kernel-Prefetch", - "providerGuid": "5322D61A-9EFA-4BC3-A3F9-14BE95C144F8" - }, - { - "providerName": "Microsoft-Windows-Kernel-Prm", - "providerGuid": "B931ED29-66F4-576E-0579-0B8818A5DC6B" - }, - { - "providerName": "Microsoft-Windows-Kernel-Process", - "providerGuid": "22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716" - }, - { - "providerName": "Microsoft-Windows-Kernel-Processor-Power", - "providerGuid": "0F67E49F-FE51-4E9F-B490-6F2948CC6027" - }, - { - "providerName": "Microsoft-Windows-Kernel-Registry", - "providerGuid": "70EB4F03-C1DE-4F73-A051-33D13D5413BD" - }, - { - "providerName": "Microsoft-Windows-Kernel-ShimEngine", - "providerGuid": "0BF2FB94-7B60-4B4D-9766-E82F658DF540" - }, - { - "providerName": "Microsoft-Windows-Kernel-StoreMgr", - "providerGuid": "A6AD76E3-867A-4635-91B3-4904BA6374D7" - }, - { - "providerName": "Microsoft-Windows-Kernel-Tm", - "providerGuid": "4CEC9C95-A65F-4591-B5C4-30100E51D870" - }, - { - "providerName": "Microsoft-Windows-Kernel-Tm-Trigger", - "providerGuid": "CE20D1C3-A247-4C41-BCB8-3C7F52C8B805" - }, - { - "providerName": "Microsoft-Windows-Kernel-WDI", - "providerGuid": "2FF3E6B7-CB90-4700-9621-443F389734ED" - }, - { - "providerName": "Microsoft-Windows-Kernel-WHEA", - "providerGuid": "7B563579-53C8-44E7-8236-0F87B9FE6594" - }, - { - "providerName": "Microsoft-Windows-Kernel-WSService-StartServiceTrigger", - "providerGuid": "3635D4B6-77E3-4375-8124-D545B7149337" - }, - { - "providerName": "Microsoft-Windows-Kernel-XDV", - "providerGuid": "F029AC39-38F0-4A40-B7DE-404D244004CB" - }, - { - "providerName": "Microsoft-Windows-KernelStreaming", - "providerGuid": "548C4417-CE45-41FF-99DD-528F01CE0FE1" - }, - { - "providerName": "Microsoft-Windows-KeyboardFilter", - "providerGuid": "84DE80EB-86E8-4FF6-85A6-9319ABD578A4" - }, - { - "providerName": "Microsoft-Windows-KnownFolders", - "providerGuid": "8939299F-2315-4C5C-9B91-ABB86AA0627D" - }, - { - "providerName": "Microsoft-Windows-L2NACP", - "providerGuid": "85FE7609-FF4A-48E9-9D50-12918E43E1DA" - }, - { - "providerName": "Microsoft-Windows-LanGPA", - "providerGuid": "CB070027-1534-4CF3-98EA-B9751F508376" - }, - { - "providerName": "Microsoft-Windows-LanguagePackSetup", - "providerGuid": "7237FFF9-A08A-4804-9C79-4A8704B70B87" - }, - { - "providerName": "Microsoft-Windows-LAPS", - "providerGuid": "4FCC72A9-D7CA-5DD2-8D34-6F41A0CDB7E0" - }, - { - "providerName": "Microsoft-Windows-LDAP-Client", - "providerGuid": "099614A5-5DD7-4788-8BC9-E29F43DB28FC" - }, - { - "providerName": "Microsoft-Windows-LimitsManagement", - "providerGuid": "73AA0094-FACB-4AEB-BD1D-A7B98DD5C799" - }, - { - "providerName": "Microsoft-Windows-LinkLayerDiscoveryProtocol", - "providerGuid": "DCBFB8F0-CD19-4F1C-A27D-23AC706DED72" - }, - { - "providerName": "Microsoft-Windows-LiveId", - "providerGuid": "05F02597-FE85-4E67-8542-69567AB8FD4F" - }, - { - "providerName": "Microsoft-Windows-LLTD-Mapper", - "providerGuid": "CCC64809-6B5F-4C1B-AB39-336904DA9B3B" - }, - { - "providerName": "Microsoft-Windows-LLTD-MapperIO", - "providerGuid": "0741C7BE-DAAC-4A5B-B00A-4BD9A2D89D0E" - }, - { - "providerName": "Microsoft-Windows-LLTD-Responder", - "providerGuid": "E159FC63-02FE-42F3-A234-028B9B8561CB" - }, - { - "providerName": "Microsoft-Windows-LocationServiceProvider", - "providerGuid": "8E889F0C-7D54-52B3-E4AE-2C8B27A482C2" - }, - { - "providerName": "Microsoft-Windows-LUA", - "providerGuid": "93C05D69-51A3-485E-877F-1806A8731346" - }, - { - "providerName": "Microsoft-Windows-Magnification", - "providerGuid": "C882FF1D-7585-4B33-B135-95C577179137" - }, - { - "providerName": "Microsoft-Windows-Management-SecureAssessment", - "providerGuid": "A329CF81-57EC-46ED-AB7C-261A52B0754A" - }, - { - "providerName": "Microsoft-Windows-MapControls", - "providerGuid": "ACD88D21-E1D4-4483-B974-0C1DA66CC529" - }, - { - "providerName": "Microsoft-Windows-MCCS-AccountAccessor", - "providerGuid": "4025D192-273D-42EC-BDF8-940EC34EEDCA" - }, - { - "providerName": "Microsoft-Windows-MCCS-AccountsHost", - "providerGuid": "04ECCF8E-8490-4AD1-8ED5-0AE7750E69E6" - }, - { - "providerName": "Microsoft-Windows-MCCS-AccountsRT", - "providerGuid": "DD2743C6-1722-4674-9F6F-C80044C4232E" - }, - { - "providerName": "Microsoft-Windows-MCCS-ActiveSyncCsp", - "providerGuid": "602A0873-9BDE-48B3-B6B7-277035293458" - }, - { - "providerName": "Microsoft-Windows-MCCS-ActiveSyncProvider", - "providerGuid": "4A155F10-25AD-47E6-ABA8-2C4F5EEE7846" - }, - { - "providerName": "Microsoft-Windows-MCCS-DavSyncProvider", - "providerGuid": "5D86C4E2-8FCD-48D7-A713-9A04609C0189" - }, - { - "providerName": "Microsoft-Windows-MCCS-EngineShared", - "providerGuid": "BF460FC6-45C5-4119-ADD3-E361A6E7D5AC" - }, - { - "providerName": "Microsoft-Windows-MCCS-InternetMail", - "providerGuid": "618473BC-8EEF-4868-ADFF-A1B640B06411" - }, - { - "providerName": "Microsoft-Windows-MCCS-InternetMailCsp", - "providerGuid": "BEC5E7A4-0527-42E8-8174-FABDE799AD7F" - }, - { - "providerName": "Microsoft-Windows-MCCS-NetworkHelper", - "providerGuid": "25B99A4C-2F80-4FCD-982D-69CD1F77BADF" - }, - { - "providerName": "Microsoft-Windows-MCCS-SyncController", - "providerGuid": "7FCB9791-F481-46D1-846E-2EB6F003C4D3" - }, - { - "providerName": "Microsoft-Windows-MCCS-SyncUtil", - "providerGuid": "DCA074CE-547C-4595-AE90-56229B8E3BD9" - }, - { - "providerName": "Microsoft-Windows-Media-Protection-PlayReady-Performance", - "providerGuid": "D2402FDE-7526-5A7B-501A-25DC7C9C282E" - }, - { - "providerName": "Microsoft-Windows-Media-Streaming", - "providerGuid": "982824E5-E446-46AE-BC74-836401FFB7B6" - }, - { - "providerName": "Microsoft-Windows-MediaEngine", - "providerGuid": "8F2048E0-F260-4F57-A8D1-932376291682" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-MFCaptureEngine", - "providerGuid": "B8197C10-845F-40CA-82AB-9341E98CFC2B" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-MFReadWrite", - "providerGuid": "4B7EAC67-FC53-448C-A49D-7CC6DB524DA7" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-MSVProc", - "providerGuid": "A4112D1A-6DFA-476E-BB75-E350D24934E1" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-Performance", - "providerGuid": "F404B94E-27E0-4384-BFE8-1D8D390B0AA3" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-Performance-Core", - "providerGuid": "B20E65AC-C905-4014-8F78-1B6A508142EB" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-Platform", - "providerGuid": "BC97B970-D001-482F-8745-B8D7D5759F99" - }, - { - "providerName": "Microsoft-Windows-MediaFoundation-PlayAPI", - "providerGuid": "B65471E1-019D-436F-BC38-E15FA8E87F53" - }, - { - "providerName": "Microsoft-Windows-Memory-Diagnostic-Task-Handler", - "providerGuid": "BABDA89A-4D5E-48EB-AF3D-E0E8410207C0" - }, - { - "providerName": "Microsoft-Windows-MemoryDiagnostics-Results", - "providerGuid": "5F92BC59-248F-4111-86A9-E393E12C6139" - }, - { - "providerName": "Microsoft-Windows-MemoryDiagnostics-Schedule", - "providerGuid": "73E9C9DE-A148-41F7-B1DB-4DA051FDC327" - }, - { - "providerName": "Microsoft-Windows-MF", - "providerGuid": "A7364E1A-894F-4B3D-A930-2ED9C8C4C811" - }, - { - "providerName": "Microsoft-Windows-MF-FrameServer", - "providerGuid": "9E22A3ED-7B32-4B99-B6C2-21DD6ACE01E1" - }, - { - "providerName": "Microsoft-Windows-MF-MFDshowReverseBridge", - "providerGuid": "AA1105FA-5AF2-5FD6-89B5-002421C5E2CA" - }, - { - "providerName": "Microsoft-Windows-MFH264Enc", - "providerGuid": "2A49DE31-8A5B-4D3A-A904-7FC7409AE90D" - }, - { - "providerName": "Microsoft-Windows-Minstore", - "providerGuid": "55B24B1D-DD9C-44C0-BA77-4F749F1B6976" - }, - { - "providerName": "Microsoft-Windows-MMCSS", - "providerGuid": "36008301-E154-466C-ACEC-5F4CBD6B4694" - }, - { - "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-Api", - "providerGuid": "2E2BBB16-0C36-4B9B-A567-40924A199FD5" - }, - { - "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal", - "providerGuid": "2AABD03B-F48B-419A-B4CE-7A14403F4A46" - }, - { - "providerName": "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi", - "providerGuid": "0FF1C24B-7F05-45C0-ABDC-3C8521BE4F62" - }, - { - "providerName": "Microsoft-Windows-MobilityCenter", - "providerGuid": "91F42016-0B4E-4A4B-9BBB-825D06CBED35" - }, - { - "providerName": "Microsoft-Windows-mobsync", - "providerGuid": "B44AEC44-38F4-4B59-8DF3-10306ABF19B2" - }, - { - "providerName": "Microsoft-Windows-ModernDeployment-Diagnostics-Provider", - "providerGuid": "BAB3AD92-FB96-5902-450B-B8421BDEC7BD" - }, - { - "providerName": "Microsoft-Windows-MosHost", - "providerGuid": "D116F0F2-A6D6-4F1F-BDDA-0C88C8D1F2E9" - }, - { - "providerName": "Microsoft-Windows-MountMgr", - "providerGuid": "E3BAC9F8-27BE-4823-8D7F-1CC320C05FA7" - }, - { - "providerName": "Microsoft-Windows-MP4SDECD", - "providerGuid": "7F2BD991-AE93-454A-B219-0BC23F02262A" - }, - { - "providerName": "Microsoft-Windows-MPEG2_DLNA-Encoder", - "providerGuid": "86EFFF39-2BDD-4EFD-BD0B-853D71B2A9DC" - }, - { - "providerName": "Microsoft-Windows-Mprddm", - "providerGuid": "3A5BEF13-D0F7-4E7F-9EC8-5E707DF711D0" - }, - { - "providerName": "Microsoft-Windows-MPRMSG", - "providerGuid": "F2C628AE-D26C-4352-9C45-74754E1E2F9F" - }, - { - "providerName": "Microsoft-Windows-MPS-CLNT", - "providerGuid": "37945DC2-899B-44D1-B79C-DD4A9E57FF98" - }, - { - "providerName": "Microsoft-Windows-MPS-DRV", - "providerGuid": "50BD1BFD-936B-4DB3-86BE-E25B96C25898" - }, - { - "providerName": "Microsoft-Windows-MPS-SRV", - "providerGuid": "5444519F-2484-45A2-991E-953E4B54C8E0" - }, - { - "providerName": "Microsoft-Windows-MPTF", - "providerGuid": "EA6C5BEA-F5CC-56A4-E146-671BF483D53B" - }, - { - "providerName": "Microsoft-Windows-MSDTC", - "providerGuid": "719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D" - }, - { - "providerName": "Microsoft-Windows-MSDTC 2", - "providerGuid": "5D9E0020-3761-4F36-90C8-38CE6511BD12" - }, - { - "providerName": "Microsoft-Windows-MSDTC Client", - "providerGuid": "7A67066E-193F-4D3A-82D3-322FEE5259DE" - }, - { - "providerName": "Microsoft-Windows-MSDTC Client 2", - "providerGuid": "155CB334-3D7F-4FF1-B107-DF8AFC3C0363" - }, - { - "providerName": "Microsoft-Windows-MSFTEDIT", - "providerGuid": "9640427C-7D03-4331-B8EE-FB77625BF381" - }, - { - "providerName": "Microsoft-Windows-MsiServer", - "providerGuid": "17E92E2A-3D08-413E-BAEB-A79A262BF486" - }, - { - "providerName": "Microsoft-Windows-MSMPEG2ADEC", - "providerGuid": "51311DE3-D55E-454A-9C58-43DC7B4C01D2" - }, - { - "providerName": "Microsoft-Windows-MSMPEG2VDEC", - "providerGuid": "AE5CF422-786A-476A-AC96-753B05877C99" - }, - { - "providerName": "Microsoft-Windows-msmpeg2venc", - "providerGuid": "D17B213A-C505-49C9-98CC-734253EF65D4" - }, - { - "providerName": "Microsoft-Windows-MUI", - "providerGuid": "A8A1F2F6-A13A-45E9-B1FE-3419569E5EF2" - }, - { - "providerName": "Microsoft-Windows-Narrator", - "providerGuid": "835B79E2-E76A-44C4-9885-26AD122D3B4D" - }, - { - "providerName": "Microsoft-Windows-Ncasvc", - "providerGuid": "126DED58-A28D-4113-8E7A-59D7444B2AF1" - }, - { - "providerName": "Microsoft-Windows-NcdAutoSetup", - "providerGuid": "EC23F986-AE2D-4269-B52F-4E20765C1A94" - }, - { - "providerName": "Microsoft-Windows-NCSI", - "providerGuid": "314DE49F-CE63-4779-BA2B-D616F6963A88" - }, - { - "providerName": "Microsoft-Windows-NDF-HelperClassDiscovery", - "providerGuid": "FC3BC8A7-2F61-449C-A8B4-22AC22058F92" - }, - { - "providerName": "Microsoft-Windows-NDIS", - "providerGuid": "CDEAD503-17F5-4A3E-B7AE-DF8CC2902EB9" - }, - { - "providerName": "Microsoft-Windows-NDIS-PacketCapture", - "providerGuid": "2ED6006E-4729-4609-B423-3EE7BCD678EF" - }, - { - "providerName": "Microsoft-Windows-NdisImPlatformEventProvider", - "providerGuid": "11C5D8AD-756A-42C2-8087-EB1B4A72A846" - }, - { - "providerName": "Microsoft-Windows-NdisImPlatformSysEvtProvider", - "providerGuid": "62DE9E48-90C6-4755-8813-6A7D655B0802" - }, - { - "providerName": "Microsoft-Windows-Ndu", - "providerGuid": "DF271536-4298-45E1-B0F2-E88F78619C5D" - }, - { - "providerName": "Microsoft-Windows-NetAdapterCim-Diag", - "providerGuid": "6CC2405D-817F-4886-886F-D5D1643210F0" - }, - { - "providerName": "Microsoft-Windows-Netshell", - "providerGuid": "AF2E340C-0743-4F5A-B2D3-2F7225D215DE" - }, - { - "providerName": "Microsoft-Windows-Network-and-Sharing-Center", - "providerGuid": "6A502821-AB44-40C8-B32F-37315D9D52E0" - }, - { - "providerName": "Microsoft-Windows-Network-Connection-Broker", - "providerGuid": "3EB875EB-8F4A-4800-A00B-E484C97D7551" - }, - { - "providerName": "Microsoft-Windows-Network-ExecutionContext", - "providerGuid": "0075E1AB-E1D1-5D1F-35F5-DA36FB4F41B1" - }, - { - "providerName": "Microsoft-Windows-Network-Setup", - "providerGuid": "A111F1C2-5923-47C0-9A68-D0BAFB577901" - }, - { - "providerName": "Microsoft-Windows-NetworkBridge", - "providerGuid": "A67075C2-3E39-4109-B6CD-6D750058A731" - }, - { - "providerName": "Microsoft-Windows-NetworkConnectivityStatus", - "providerGuid": "014DE49F-CE63-4779-BA2B-D616F6963A87" - }, - { - "providerName": "Microsoft-Windows-NetworkGCW", - "providerGuid": "BE932B00-0F8E-4386-AB89-873F7D0274AA" - }, - { - "providerName": "Microsoft-Windows-Networking-Correlation", - "providerGuid": "83ED54F0-4D48-4E45-B16E-726FFD1FA4AF" - }, - { - "providerName": "Microsoft-Windows-Networking-RealTimeCommunication", - "providerGuid": "1E39B4CE-D1E6-46CE-B65B-5AB05D6CC266" - }, - { - "providerName": "Microsoft-Windows-NetworkManagerTriggerProvider", - "providerGuid": "9B307223-4E4D-4BF5-9BE8-995CD8E7420B" - }, - { - "providerName": "Microsoft-Windows-NetworkProfile", - "providerGuid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E" - }, - { - "providerName": "Microsoft-Windows-NetworkProfileTriggerProvider", - "providerGuid": "FBCFAC3F-8460-419F-8E48-1F0B49CDB85E" - }, - { - "providerName": "Microsoft-Windows-NetworkProvider", - "providerGuid": "1E9A4978-78C2-441E-8858-75B5D1326BC5" - }, - { - "providerName": "Microsoft-Windows-NetworkProvisioning", - "providerGuid": "93A19AB3-FB2C-46EB-91EF-56B0A318B983" - }, - { - "providerName": "Microsoft-Windows-NetworkSecurity", - "providerGuid": "7B702970-90BC-4584-8B20-C0799086EE5A" - }, - { - "providerName": "Microsoft-Windows-NlaSvc", - "providerGuid": "63B530F8-29C9-4880-A5B4-B8179096E7B8" - }, - { - "providerName": "Microsoft-Windows-Ntfs", - "providerGuid": "3FF37A1C-A68D-4D6E-8C9B-F79E8B16C482" - }, - { - "providerName": "Microsoft-Windows-Ntfs-UBPM", - "providerGuid": "8E6A5303-A4CE-498F-AFDB-E03A8A82B077" - }, - { - "providerName": "Microsoft-Windows-NtfsLog_38cd4a5ae98f33938fa5234e6817e23d", - "providerGuid": "38CD4A5A-E98F-3393-8FA5-234E6817E23D" - }, - { - "providerName": "Microsoft-Windows-NTLM", - "providerGuid": "AC43300D-5FCC-4800-8E99-1BD3F85F0320" - }, - { - "providerName": "Microsoft-Windows-ntshrui", - "providerGuid": "676F167F-F72C-446E-A498-EDA43319A5E3" - }, - { - "providerName": "Microsoft-Windows-NvmeDisk", - "providerGuid": "9799276C-FB04-47E8-845E-36946045C218" - }, - { - "providerName": "Microsoft-Windows-NWiFi", - "providerGuid": "0BD3506A-9030-4F76-9B88-3E8FE1F7CFB6" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles", - "providerGuid": "95353826-4FBE-41D4-9C42-F521C6E86360" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscApi", - "providerGuid": "19EE4CF9-5322-4843-B0D8-BAB81BE4E81E" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscDclUser", - "providerGuid": "D5418619-C167-44D9-BC36-765BEB5D55F3" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscFastSync", - "providerGuid": "791CD79C-65B5-48A3-804C-786048994F47" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscNetApi", - "providerGuid": "361F227C-AA14-4D19-9007-0C8D1A8A541B" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscService", - "providerGuid": "89D89015-C0DF-414C-BC48-F50E114832BC" - }, - { - "providerName": "Microsoft-Windows-OfflineFiles-CscUM", - "providerGuid": "5E23B838-5B71-47E6-B123-6FE02EF573EF" - }, - { - "providerName": "Microsoft-Windows-OLE-Perf", - "providerGuid": "84958368-7DA7-49A0-B33D-07FABB879626" - }, - { - "providerName": "Microsoft-Windows-OLEACC", - "providerGuid": "19D2C934-EE9B-49E5-AAEB-9CCE721D2C65" - }, - { - "providerName": "Microsoft-Windows-OneBackup", - "providerGuid": "72561CF0-C85C-4F78-9E8D-CBA9093DF62D" - }, - { - "providerName": "Microsoft-Windows-OneX", - "providerGuid": "AB0D8EF9-866D-4D39-B83F-453F3B8F6325" - }, - { - "providerName": "Microsoft-Windows-OOBE-FirstLogonAnim", - "providerGuid": "2D4C0C5E-6704-493A-A44B-F5ADD4FC9283" - }, - { - "providerName": "Microsoft-Windows-OOBE-Machine-Core", - "providerGuid": "EC276CDE-2A17-473C-A010-2FF78D5426D2" - }, - { - "providerName": "Microsoft-Windows-OOBE-Machine-DUI", - "providerGuid": "F5DBAA02-15D6-4644-A784-7032D508BF64" - }, - { - "providerName": "Microsoft-Windows-OobeLdr", - "providerGuid": "75EBC33E-8670-4EB6-B535-3B9D6BB222FD" - }, - { - "providerName": "Microsoft-Windows-osk", - "providerGuid": "4F768BE8-9C69-4BBC-87FC-95291D3F9D0C" - }, - { - "providerName": "Microsoft-Windows-OtpCredentialProviderEvt", - "providerGuid": "5CAD485A-210F-4C16-80C5-F892DE74E28D" - }, - { - "providerName": "Microsoft-Windows-OverlayFilter", - "providerGuid": "46C78E5C-A213-46A8-8A6B-622F6916201D" - }, - { - "providerName": "Microsoft-Windows-ParentalControls", - "providerGuid": "01090065-B467-4503-9B28-533766761087" - }, - { - "providerName": "Microsoft-Windows-Partition", - "providerGuid": "412BDFF2-A8C4-470D-8F33-63FE0D8C20E2" - }, - { - "providerName": "Microsoft-Windows-PCI", - "providerGuid": "1A9443D4-B099-44D6-8EB1-829B9C2FE290" - }, - { - "providerName": "Microsoft-Windows-PCRPF", - "providerGuid": "5909C524-5E57-5275-803F-DDB7B74C52F2" - }, - { - "providerName": "Microsoft-Windows-PDC", - "providerGuid": "A6BF0DEB-3659-40AD-9F81-E25AF62CE3C7" - }, - { - "providerName": "Microsoft-Windows-PDFReader", - "providerGuid": "DFA86FAA-2C55-4140-BFF9-5CC586217A7B" - }, - { - "providerName": "Microsoft-Windows-PDH", - "providerGuid": "04D66358-C4A1-419B-8023-23B73902DE2C" - }, - { - "providerName": "Microsoft-Windows-PerceptionRuntime", - "providerGuid": "ADD0DE40-32B0-4B58-9D5E-938B2F5C1D1F" - }, - { - "providerName": "Microsoft-Windows-PerceptionSensorDataService", - "providerGuid": "85BE49EA-38F1-4547-A604-80060202FB27" - }, - { - "providerName": "Microsoft-Windows-PerfDisk", - "providerGuid": "7F9D83DE-8ABB-457F-98E8-4AD161449ECC" - }, - { - "providerName": "Microsoft-Windows-Perflib", - "providerGuid": "13B197BD-7CEE-4B4E-8DD0-59314CE374CE" - }, - { - "providerName": "Microsoft-Windows-PerfNet", - "providerGuid": "CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B" - }, - { - "providerName": "Microsoft-Windows-Performance-Recorder-Control", - "providerGuid": "36B6F488-AAD7-48C2-AFE3-D4EC2C8B46FA" - }, - { - "providerName": "Microsoft-Windows-PerfOS", - "providerGuid": "F82FB576-E941-4956-A2C7-A0CF83F6450A" - }, - { - "providerName": "Microsoft-Windows-PerfProc", - "providerGuid": "72D211E1-4C54-4A93-9520-4901681B2271" - }, - { - "providerName": "Microsoft-Windows-PersistentMemory-Nvdimm", - "providerGuid": "A7F2235F-BE51-51ED-DECF-F4498812A9A2" - }, - { - "providerName": "Microsoft-Windows-PersistentMemory-PmemDisk", - "providerGuid": "0FA2EE03-1FEB-5057-3BB3-EB25521B8482" - }, - { - "providerName": "Microsoft-Windows-PersistentMemory-ScmBus", - "providerGuid": "C03715CE-EA6F-5B67-4449-DA1D1E1AFEB8" - }, - { - "providerName": "Microsoft-Windows-Photo-Image-Codec", - "providerGuid": "BE3A31EA-AA6C-4196-9DCC-9CA13A49E09F" - }, - { - "providerName": "Microsoft-Windows-PhotoAcq", - "providerGuid": "76CFA528-B26E-B773-62D0-9588270442A6" - }, - { - "providerName": "Microsoft-Windows-PktMon", - "providerGuid": "4D4F80D9-C8BD-4D73-BB5B-19C90402C5AC" - }, - { - "providerName": "Microsoft-Windows-PlayToManager", - "providerGuid": "BB311100-2D9F-4CD3-B2D6-F4EA3839C548" - }, - { - "providerName": "Microsoft-Windows-PortableDeviceStatusProvider", - "providerGuid": "8C63B5A5-B484-4381-892D-EDD424582DF7" - }, - { - "providerName": "Microsoft-Windows-PortableDeviceSyncProvider", - "providerGuid": "A3E1697B-A12C-46B9-84D1-7FFE73C4B678" - }, - { - "providerName": "Microsoft-Windows-Power-CAD", - "providerGuid": "DABA4D32-CC40-4266-BB95-C30344DBC680" - }, - { - "providerName": "Microsoft-Windows-Power-Meter-Polling", - "providerGuid": "306C4E0B-E148-543D-315B-C618EB93157C" - }, - { - "providerName": "Microsoft-Windows-Power-Troubleshooter", - "providerGuid": "CDC05E28-C449-49C6-B9D2-88CF761644DF" - }, - { - "providerName": "Microsoft-Windows-PowerCfg", - "providerGuid": "9F0C4EA8-EC01-4200-A00D-B9701CBEA5D8" - }, - { - "providerName": "Microsoft-Windows-PowerCpl", - "providerGuid": "B1F90B27-4551-49D6-B2BD-DFC6453762A6" - }, - { - "providerName": "Microsoft-Windows-PowerShell", - "providerGuid": "A0C1853B-5C40-4B15-8766-3CF1C58F985A" - }, - { - "providerName": "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager", - "providerGuid": "AAF67066-0BF8-469F-AB76-275590C434EE" - }, - { - "providerName": "Microsoft-Windows-PrintBRM", - "providerGuid": "CF3F502E-B40D-4071-996F-00981EDF938E" - }, - { - "providerName": "Microsoft-Windows-PrintService", - "providerGuid": "747EF6FD-E535-4D16-B510-42C90F6873A1" - }, - { - "providerName": "Microsoft-Windows-PrintService-USBMon", - "providerGuid": "7F812073-B28D-4AFC-9CED-B8010F914EF6" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing", - "providerGuid": "D67FBB76-D18A-5AE3-24A3-8C1DB52D6C62" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-Activity-History-Privacy-Settings", - "providerGuid": "63DD5DFB-2488-5E1F-7895-D49FF5BC7125" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-CPSS", - "providerGuid": "15F4CD44-CA53-5422-DB17-4E76821B5A69" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-DiagnosticData", - "providerGuid": "D3610DCA-4501-5A5D-21A7-30CA91130711" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-OneSettingsClient", - "providerGuid": "23F0F2C7-C77C-51EE-0AC1-5AC7796A85DF" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-PermissiveLearningMode", - "providerGuid": "811A1DDB-2E69-5F25-ADC0-4B186170E760" - }, - { - "providerName": "Microsoft-Windows-Privacy-Auditing-TailoredExperiences", - "providerGuid": "1BD672B8-445E-53FC-35EF-09F53672C385" - }, - { - "providerName": "Microsoft-Windows-ProcessExitMonitor", - "providerGuid": "FD771D53-8492-4057-8E35-8C02813AF49B" - }, - { - "providerName": "Microsoft-Windows-Processor-Aggregator", - "providerGuid": "CBA16CF2-2FAB-49F8-89AE-894E718649E7" - }, - { - "providerName": "Microsoft-Windows-ProcessStateManager", - "providerGuid": "D49918CF-9489-4BF1-9D7B-014D864CF71F" - }, - { - "providerName": "Microsoft-Windows-Program-Compatibility-Assistant", - "providerGuid": "4CB314DF-C11F-47D7-9C04-65FB0051561B" - }, - { - "providerName": "Microsoft-Windows-ProjFS-Filter", - "providerGuid": "B6D7DC51-78CF-4E85-8BAC-488A9F47A0BB" - }, - { - "providerName": "Microsoft-Windows-Provisioning-Diagnostics-Provider", - "providerGuid": "ED8B9BD3-F66E-4FF2-B86B-75C7925F72A9" - }, - { - "providerName": "Microsoft-Windows-Proximity-Common", - "providerGuid": "28058203-D394-4AFC-B2A6-2F9155A3BB95" - }, - { - "providerName": "Microsoft-Windows-Push-To-Install-Service", - "providerGuid": "3A718A68-6974-4075-ABD3-E8243CAEF398" - }, - { - "providerName": "Microsoft-Windows-PushNotifications-Developer", - "providerGuid": "5CAD3597-5FEC-4C62-9CE1-9D7ABC723D3A" - }, - { - "providerName": "Microsoft-Windows-PushNotifications-InProc", - "providerGuid": "815A1F4A-3F8D-4B37-9B31-5142F9D724A5" - }, - { - "providerName": "Microsoft-Windows-PushNotifications-Platform", - "providerGuid": "88CD9180-4491-4640-B571-E3BEE2527943" - }, - { - "providerName": "Microsoft-Windows-QoS-Pacer", - "providerGuid": "914ED502-B70D-4ADD-B758-95692854F8A3" - }, - { - "providerName": "Microsoft-Windows-QoS-qWAVE", - "providerGuid": "6BA132C4-DA49-415B-A7F4-31870DC9FE25" - }, - { - "providerName": "Microsoft-Windows-QoS-WMI-Diag", - "providerGuid": "725BA9B3-C1F3-4518-AF1B-C8D669191E15" - }, - { - "providerName": "Microsoft-Windows-RadioManager", - "providerGuid": "92061E3D-21CD-45BC-A3DF-0E8AE5E8580A" - }, - { - "providerName": "Microsoft-Windows-Ras-AgileVpn", - "providerGuid": "B5325CD6-438E-4EC1-AA46-14F46F2570E4" - }, - { - "providerName": "Microsoft-Windows-Ras-NdisWanPacketCapture", - "providerGuid": "D84521F7-2235-4237-A7C0-14E3A9676286" - }, - { - "providerName": "Microsoft-Windows-RasServer", - "providerGuid": "29D13147-1C2E-48EC-9994-E29DFE496EB3" - }, - { - "providerName": "Microsoft-Windows-RasSstp", - "providerGuid": "6C260F2C-049A-43D8-BF4D-D350A4E6611A" - }, - { - "providerName": "Microsoft-Windows-Rdp-Graphics-RdpAvenc", - "providerGuid": "EC7B8A8B-1432-58B3-6025-BE73D4EA28ED" - }, - { - "providerName": "Microsoft-Windows-Rdp-Graphics-RdpLite", - "providerGuid": "54DE4FB6-64D0-5710-3C14-13E4456119CE" - }, - { - "providerName": "Microsoft-Windows-ReadyBoost", - "providerGuid": "E6307A09-292C-497E-AAD6-498F68E2B619" - }, - { - "providerName": "Microsoft-Windows-ReadyBoostDriver", - "providerGuid": "2A274310-42D5-4019-B816-E4B8C7ABE95C" - }, - { - "providerName": "Microsoft-Windows-ReFS", - "providerGuid": "CD9C6198-BF73-4106-803B-C17D26559018" - }, - { - "providerName": "Microsoft-Windows-ReFS-v1", - "providerGuid": "059F0F37-910E-4FF0-A7EE-AE8D49DD319B" - }, - { - "providerName": "Microsoft-Windows-ReFsDedupSvc", - "providerGuid": "596CB176-FB71-587A-8FFB-F5CF15EE1E36" - }, - { - "providerName": "Microsoft-Windows-Remote-FileSystem-Log", - "providerGuid": "20C46239-D059-4214-A11E-7D6769CBE020" - }, - { - "providerName": "Microsoft-Windows-Remote-FileSystem-Monitor", - "providerGuid": "51734B23-5B7E-4892-BA8E-45BC110B735C" - }, - { - "providerName": "Microsoft-Windows-RemoteApp and Desktop Connections", - "providerGuid": "1B8B402D-78DC-46FB-BF71-46E64AEDF165" - }, - { - "providerName": "Microsoft-Windows-RemoteAssistance", - "providerGuid": "5B0A651A-8807-45CC-9656-7579815B6AF0" - }, - { - "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpClipCdv", - "providerGuid": "B1E2EE25-B5BC-5129-0582-81A0A146B59B" - }, - { - "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpCoreCDV", - "providerGuid": "C8E6DC53-660C-44EE-8D00-E47F189DB87F" - }, - { - "providerName": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS", - "providerGuid": "1139C61B-B549-4251-8ED3-27250A1EDEC8" - }, - { - "providerName": "Microsoft-Windows-RemoteDesktopServices-SessionServices", - "providerGuid": "F1394DE0-32C7-4A76-A6DE-B245E48F4615" - }, - { - "providerName": "Microsoft-Windows-Remotefs-Rdbss", - "providerGuid": "1A870028-F191-4699-8473-6FCD299EAB77" - }, - { - "providerName": "Microsoft-Windows-RemoteHelp", - "providerGuid": "8B7587BF-3253-5620-FB1F-625BCA71D28D" - }, - { - "providerName": "Microsoft-Windows-ResetEng", - "providerGuid": "A4445C76-ED85-C8A3-02C1-532A38614A9E" - }, - { - "providerName": "Microsoft-Windows-ResetEng-Trace", - "providerGuid": "7FA514B5-A023-4B62-A6AB-2946A483E065" - }, - { - "providerName": "Microsoft-Windows-Resource-Exhaustion-Detector", - "providerGuid": "9988748E-C2E8-4054-85F6-0C3E1CAD2470" - }, - { - "providerName": "Microsoft-Windows-Resource-Exhaustion-Resolver", - "providerGuid": "91F5FB12-FDEA-4095-85D5-614B495CD9DE" - }, - { - "providerName": "Microsoft-Windows-ResourcePublication", - "providerGuid": "74C2135F-CC76-45C3-879A-EF3BB1EEAF86" - }, - { - "providerName": "Microsoft-Windows-RestartManager", - "providerGuid": "0888E5EF-9B98-4695-979D-E92CE4247224" - }, - { - "providerName": "Microsoft-Windows-RetailDemo", - "providerGuid": "D3F29EDA-805D-428A-9902-B259B937F84B" - }, - { - "providerName": "Microsoft-Windows-RPC", - "providerGuid": "6AD52B32-D609-4BE9-AE07-CE8DAE937E39" - }, - { - "providerName": "Microsoft-Windows-RPC-Audit", - "providerGuid": "3C578D57-F85A-5FC9-DEA0-8C663CCFF942" - }, - { - "providerName": "Microsoft-Windows-RPC-Events", - "providerGuid": "F4AED7C7-A898-4627-B053-44A7CAA12FCD" - }, - { - "providerName": "Microsoft-Windows-RPC-FirewallManager", - "providerGuid": "F997CD11-0FC9-4AB4-ACBA-BC742A4C0DD3" - }, - { - "providerName": "Microsoft-Windows-RPC-Proxy-LBS", - "providerGuid": "272A979B-34B5-48EC-94F5-7225A59C85A0" - }, - { - "providerName": "Microsoft-Windows-RPCSS", - "providerGuid": "D8975F88-7DDB-4ED0-91BF-3ADF48C48E0C" - }, - { - "providerName": "Microsoft-Windows-RRAS", - "providerGuid": "24989972-0967-4E21-A926-93854033638E" - }, - { - "providerName": "Microsoft-Windows-RTWorkQueue-Extended", - "providerGuid": "83FAAA86-63C8-4DD8-A2DA-FBADDDFC0655" - }, - { - "providerName": "Microsoft-Windows-RTWorkQueue-Threading", - "providerGuid": "E18D0FC9-9515-4232-98E4-89E456D8551B" - }, - { - "providerName": "Microsoft-Windows-Runtime-Graphics", - "providerGuid": "FA5CF675-72EB-49E2-B447-DE5552FAFF1C" - }, - { - "providerName": "Microsoft-Windows-Runtime-Media", - "providerGuid": "8F0DB3A8-299B-4D64-A4ED-907B409D4584" - }, - { - "providerName": "Microsoft-Windows-Runtime-Networking", - "providerGuid": "6EB875EB-8F4A-4800-A00B-E484C97D7561" - }, - { - "providerName": "Microsoft-Windows-Runtime-Networking-BackgroundTransfer", - "providerGuid": "B9D5B35D-BBB8-4625-9450-F71A5D414F4F" - }, - { - "providerName": "Microsoft-Windows-Runtime-Web-Http", - "providerGuid": "41877CB4-11FC-4188-B590-712C143C881D" - }, - { - "providerName": "Microsoft-Windows-Runtime-WebAPI", - "providerGuid": "6BD96334-DC49-441A-B9C4-41425BA628D8" - }, - { - "providerName": "Microsoft-Windows-Schannel-Events", - "providerGuid": "91CC1150-71AA-47E2-AE18-C96E61736B6F" - }, - { - "providerName": "Microsoft-Windows-SCPNP", - "providerGuid": "9F650C63-9409-453C-A652-83D7185A2E83" - }, - { - "providerName": "Microsoft-Windows-Sdbus", - "providerGuid": "FE28004E-B08F-4407-92B3-BAD3A2C51708" - }, - { - "providerName": "Microsoft-Windows-Sdstor", - "providerGuid": "AFE654EB-0A83-4EB4-948F-D4510EC39C30" - }, - { - "providerName": "Microsoft-Windows-Search", - "providerGuid": "CA4E628D-8567-4896-AB6B-835B221F373F" - }, - { - "providerName": "Microsoft-Windows-Search-Core", - "providerGuid": "49C2C27C-FE2D-40BF-8C4E-C3FB518037E7" - }, - { - "providerName": "Microsoft-Windows-Search-ProfileNotify", - "providerGuid": "FC6F77DD-769A-470E-BCF9-1B6555A118BE" - }, - { - "providerName": "Microsoft-Windows-Search-ProtocolHandlers", - "providerGuid": "DAB065A9-620F-45BA-B5D6-D6BB8EFEDEE9" - }, - { - "providerName": "Microsoft-Windows-SEC", - "providerGuid": "16C6501A-FF2D-46EA-868D-8F96CB0CB52D" - }, - { - "providerName": "Microsoft-Windows-SEC-WFP", - "providerGuid": "62834E12-795F-5AB2-B404-8D6D870DBBEB" - }, - { - "providerName": "Microsoft-Windows-Security-Audit-Configuration-Client", - "providerGuid": "08466062-AED4-4834-8B04-CDDB414504E5" - }, - { - "providerName": "Microsoft-Windows-Security-Auditing", - "providerGuid": "54849625-5478-4994-A5BA-3E3B0328C30D" - }, - { - "providerName": "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager", - "providerGuid": "2CD58181-0BB6-463E-828A-056FF837F966" - }, - { - "providerName": "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning", - "providerGuid": "9249D0D0-F034-402F-A29B-92FA8853D9F3" - }, - { - "providerName": "Microsoft-Windows-Security-IdentityStore", - "providerGuid": "00B7E1DF-B469-4C69-9C41-53A6576E3DAD" - }, - { - "providerName": "Microsoft-Windows-Security-Isolation-BrokeringFileSystem", - "providerGuid": "CD8B60A0-2A19-5EB9-564F-6154E2D987F4" - }, - { - "providerName": "Microsoft-Windows-Security-Kerberos", - "providerGuid": "98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1" - }, - { - "providerName": "Microsoft-Windows-Security-LessPrivilegedAppContainer", - "providerGuid": "45EEC9E5-4A1B-5446-7AD8-A4AB1313C437" - }, - { - "providerName": "Microsoft-Windows-Security-Mitigations", - "providerGuid": "FAE10392-F0AF-4AC0-B8FF-9F4D920C3CDF" - }, - { - "providerName": "Microsoft-Windows-Security-Netlogon", - "providerGuid": "E5BA83F6-07D0-46B1-8BC7-7E669A1D31DC" - }, - { - "providerName": "Microsoft-Windows-Security-SPP", - "providerGuid": "E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156" - }, - { - "providerName": "Microsoft-Windows-Security-SPP-UX", - "providerGuid": "6BDADC96-673E-468C-9F5B-F382F95B2832" - }, - { - "providerName": "Microsoft-Windows-Security-SPP-UX-GC", - "providerGuid": "BBBDD6A3-F35E-449B-A471-4D830C8EDA1F" - }, - { - "providerName": "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging", - "providerGuid": "FB829150-CD7D-44C3-AF5B-711A3C31CEDC" - }, - { - "providerName": "Microsoft-Windows-Security-SPP-UX-Notifications", - "providerGuid": "C4EFC9BB-2570-4821-8923-1BAD317D2D4B" - }, - { - "providerName": "Microsoft-Windows-Security-UserConsentVerifier", - "providerGuid": "40783728-8921-45D0-B231-919037B4B4FD" - }, - { - "providerName": "Microsoft-Windows-Security-Vault", - "providerGuid": "E6C92FB8-89D7-4D1F-BE46-D56E59804783" - }, - { - "providerName": "Microsoft-Windows-SecurityMitigationsBroker", - "providerGuid": "EA8CD8A5-78FF-4418-B292-AADC6A7181DF" - }, - { - "providerName": "Microsoft-Windows-SendTo", - "providerGuid": "35642CF5-DA5E-410B-9D9C-A45F3638042B" - }, - { - "providerName": "Microsoft-Windows-Sens", - "providerGuid": "BE69781C-B63B-41A1-8E24-A4FC7B3FC498" - }, - { - "providerName": "Microsoft-Windows-SENSE", - "providerGuid": "FAE96D09-ADE1-5223-0098-AF7B67348531" - }, - { - "providerName": "Microsoft-Windows-SenseIR", - "providerGuid": "B6D775EF-1436-4FE6-BAD3-9E436319E218" - }, - { - "providerName": "Microsoft-Windows-Sensors", - "providerGuid": "D8900E18-36CB-4548-966F-13F068D1F78E" - }, - { - "providerName": "Microsoft-Windows-Sensors-Core", - "providerGuid": "751C292B-23E6-58CF-1FD4-38F8512C66C2" - }, - { - "providerName": "Microsoft-Windows-Sensors-Core-Performance", - "providerGuid": "9E051EAA-7FEE-4F9F-8897-D86F3692E8AF" - }, - { - "providerName": "Microsoft-Windows-Serial-ClassExtension", - "providerGuid": "47BC9477-A8BA-452E-B951-4F2ED3593CF9" - }, - { - "providerName": "Microsoft-Windows-Serial-ClassExtension-V2", - "providerGuid": "EEE173EF-7ED2-45DE-9877-01C70A852FBD" - }, - { - "providerName": "Microsoft-Windows-ServiceReportingApi", - "providerGuid": "606A6A38-70EC-4309-B3A3-82FF86F73329" - }, - { - "providerName": "Microsoft-Windows-Services", - "providerGuid": "0063715B-EEDA-4007-9429-AD526F62696E" - }, - { - "providerName": "Microsoft-Windows-Services-Svchost", - "providerGuid": "06184C97-5201-480E-92AF-3A3626C5B140" - }, - { - "providerName": "Microsoft-Windows-ServiceTriggerPerfEventProvider", - "providerGuid": "6545939F-3398-411A-88B7-6A8914B8CEC7" - }, - { - "providerName": "Microsoft-Windows-Servicing", - "providerGuid": "BD12F3B8-FC40-4A61-A307-B7A013A069C1" - }, - { - "providerName": "Microsoft-Windows-Setup", - "providerGuid": "75EBC33E-997F-49CF-B49F-ECC50184B75D" - }, - { - "providerName": "Microsoft-Windows-SetupCl", - "providerGuid": "75EBC33E-D017-4D0F-93AB-0B4F86579164" - }, - { - "providerName": "Microsoft-Windows-SetupPlatform", - "providerGuid": "530FB9B9-C515-4472-9313-FB346F9255E3" - }, - { - "providerName": "Microsoft-Windows-SetupQueue", - "providerGuid": "A615ACB9-D5A4-4738-B561-1DF301D207F8" - }, - { - "providerName": "Microsoft-Windows-SetupUGC", - "providerGuid": "75EBC33E-0870-49E5-BDCE-9D7028279489" - }, - { - "providerName": "Microsoft-Windows-SharedAccess_NAT", - "providerGuid": "A6F32731-9A38-4159-A220-3D9B7FC5FE5D" - }, - { - "providerName": "Microsoft-Windows-ShareMedia-ControlPanel", - "providerGuid": "02012A8A-ADF5-4FAB-92CB-CCB7BB3E689A" - }, - { - "providerName": "Microsoft-Windows-Shell-AppWizCpl", - "providerGuid": "08D945EB-C8BD-44AA-994F-86079D8DCE35" - }, - { - "providerName": "Microsoft-Windows-Shell-AuthUI", - "providerGuid": "63D2BB1D-E39A-41B8-9A3D-52DD06677588" - }, - { - "providerName": "Microsoft-Windows-Shell-ConnectedAccountState", - "providerGuid": "6DF57621-E7E4-410F-A7E9-E43EEB61B11F" - }, - { - "providerName": "Microsoft-Windows-Shell-Core", - "providerGuid": "30336ED4-E327-447C-9DE0-51B652C86108" - }, - { - "providerName": "Microsoft-Windows-Shell-DefaultPrograms", - "providerGuid": "65D99466-7A8E-489C-B8E1-962BC945031E" - }, - { - "providerName": "Microsoft-Windows-Shell-LockScreenContent", - "providerGuid": "A3C0D58A-9FE5-4F24-A2CE-E16DE8BAA0D2" - }, - { - "providerName": "Microsoft-Windows-Shell-OpenWith", - "providerGuid": "11BD2A68-77FF-4991-9658-F451F2EB6CE1" - }, - { - "providerName": "Microsoft-Windows-Shell-Shwebsvc", - "providerGuid": "F61CEFC0-AA2E-11DA-A746-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-Shell-ZipFolder", - "providerGuid": "1F84007D-19CE-4B15-9E81-8A3DD8EB9ECB" - }, - { - "providerName": "Microsoft-Windows-ShellCommon-StartLayoutPopulation", - "providerGuid": "97CA8142-10B1-4BAA-9FBB-70A7D11231C3" - }, - { - "providerName": "Microsoft-Windows-Shsvcs", - "providerGuid": "059C3E04-5535-4929-85E1-93030E78F47B" - }, - { - "providerName": "Microsoft-Windows-SleepStudy", - "providerGuid": "D37687E7-8BF0-4D11-B589-A7ABE080756A" - }, - { - "providerName": "Microsoft-Windows-SmartCard-Audit", - "providerGuid": "09AC07B9-6AC9-43BC-A50F-58419A797C69" - }, - { - "providerName": "Microsoft-Windows-SmartCard-DeviceEnum", - "providerGuid": "AAEAC398-3028-487C-9586-44EACAD03637" - }, - { - "providerName": "Microsoft-Windows-Smartcard-Server", - "providerGuid": "4FCBF664-A33A-4652-B436-9D558983D955" - }, - { - "providerName": "Microsoft-Windows-SmartCard-TPM-VCard-Module", - "providerGuid": "125F2CF1-2768-4D33-976E-527137D080F8" - }, - { - "providerName": "Microsoft-Windows-Smartcard-Trigger", - "providerGuid": "AEDD909F-41C6-401A-9E41-DFC33006AF5D" - }, - { - "providerName": "Microsoft-Windows-SmartScreen", - "providerGuid": "3CB2A168-FE34-4A4E-BDAD-DCF422F34473" - }, - { - "providerName": "Microsoft-Windows-SMBClient", - "providerGuid": "988C59C5-0A1C-45B6-A555-0C62276E327D" - }, - { - "providerName": "Microsoft-Windows-SMBDirect", - "providerGuid": "DB66EA65-B7BB-4CA9-8748-334CB5C32400" - }, - { - "providerName": "Microsoft-Windows-SMBServer", - "providerGuid": "D48CE617-33A2-4BC3-A5C7-11AA4F29619E" - }, - { - "providerName": "Microsoft-Windows-SMBWitnessClient", - "providerGuid": "32254F6C-AA33-46F0-A5E3-1CBCC74BF683" - }, - { - "providerName": "Microsoft-Windows-SmbWmiProvider", - "providerGuid": "50B9E206-9D55-4092-92E8-F157A8235799" - }, - { - "providerName": "Microsoft-Windows-SoftwareRestrictionPolicies", - "providerGuid": "7D29D58A-931A-40AC-8743-48C733045548" - }, - { - "providerName": "Microsoft-Windows-SPB-ClassExtension", - "providerGuid": "72CD9FF7-4AF8-4B89-AEDE-5F26FDA13567" - }, - { - "providerName": "Microsoft-Windows-SPB-HIDI2C", - "providerGuid": "991F8FE6-249D-44D6-B93D-5A3060C1DEDB" - }, - { - "providerName": "Microsoft-Windows-SpecialAdministrationConsole", - "providerGuid": "8551491D-2545-5955-44BD-F5F1EFACFCDA" - }, - { - "providerName": "Microsoft-Windows-Speech-TTS", - "providerGuid": "74DCC47A-846E-4C98-9E2C-80043ED82B15" - }, - { - "providerName": "Microsoft-Windows-Speech-UserExperience", - "providerGuid": "13480A22-D79F-4334-9D32-AA239398AD3C" - }, - { - "providerName": "Microsoft-Windows-Spell-Checking", - "providerGuid": "D0E22EFC-AC66-4B25-A72D-382736B5E940" - }, - { - "providerName": "Microsoft-Windows-SpellChecker", - "providerGuid": "B2FCD41F-9A40-4150-8C92-B224B7D8C8AA" - }, - { - "providerName": "Microsoft-Windows-Spellchecking-Host", - "providerGuid": "1BDA2AB1-BBC1-4ACB-A849-C0EF2B249672" - }, - { - "providerName": "Microsoft-Windows-SruMon", - "providerGuid": "C8DBF506-E3D3-4822-930D-84C557EB6247" - }, - { - "providerName": "Microsoft-Windows-SrumTelemetry", - "providerGuid": "48D445A8-2F64-4D49-B093-A5774D8DC531" - }, - { - "providerName": "Microsoft-Windows-StartNameRes", - "providerGuid": "277C9237-51D8-5C1C-B089-F02C683E5BA7" - }, - { - "providerName": "Microsoft-Windows-StartupRepair", - "providerGuid": "C914F0DF-835A-4A22-8C70-732C9A80C634" - }, - { - "providerName": "Microsoft-Windows-StateRepository", - "providerGuid": "89592015-D996-4636-8F61-066B5D4DD739" - }, - { - "providerName": "Microsoft-Windows-stobject", - "providerGuid": "86133982-63D7-4741-928E-EF1349B80219" - }, - { - "providerName": "Microsoft-Windows-Storage-Tiering", - "providerGuid": "4A104570-EC6D-4560-A40F-858FA955E84F" - }, - { - "providerName": "Microsoft-Windows-Storage-Tiering-IoHeat", - "providerGuid": "990C55FC-2662-47F6-B7D7-EB3C027CB13F" - }, - { - "providerName": "Microsoft-Windows-StorageManagement", - "providerGuid": "7E58E69A-E361-4F06-B880-AD2F4B64C944" - }, - { - "providerName": "Microsoft-Windows-StorageManagement-PartUtil", - "providerGuid": "93DB76C2-63AB-5DE1-88B3-C068686675B8" - }, - { - "providerName": "Microsoft-Windows-StorageManagement-WSP-FS", - "providerGuid": "435F8E4B-8CC4-430E-9796-28CAE4976576" - }, - { - "providerName": "Microsoft-Windows-StorageManagement-WSP-Health", - "providerGuid": "B1F01D1A-AE3A-4940-81EE-DDCCBAD380EF" - }, - { - "providerName": "Microsoft-Windows-StorageManagement-WSP-Host", - "providerGuid": "595F33EA-D4AF-4F4D-B4DD-9DACDD17FC6E" - }, - { - "providerName": "Microsoft-Windows-StorageManagement-WSP-Spaces", - "providerGuid": "88C09888-118D-48FC-8863-E1C6D39CA4DF" - }, - { - "providerName": "Microsoft-Windows-StorageSettings", - "providerGuid": "E934E6DD-62BE-55D8-1CC8-416D0039498B" - }, - { - "providerName": "Microsoft-Windows-StorageSpaces-Api", - "providerGuid": "BCF0C6A7-6130-5208-F27D-FA77A91F12DF" - }, - { - "providerName": "Microsoft-Windows-StorageSpaces-Driver", - "providerGuid": "595F7F52-C90A-4026-A125-8EB5E083F15E" - }, - { - "providerName": "Microsoft-Windows-StorageSpaces-ManagementAgent", - "providerGuid": "AA4C798D-D91B-4B07-A013-787F5803D6FC" - }, - { - "providerName": "Microsoft-Windows-StorageSpaces-Parser", - "providerGuid": "5BCF2A5C-2E90-5A03-AA4E-2E459BAE21B4" - }, - { - "providerName": "Microsoft-Windows-StorageSpaces-SpaceManager", - "providerGuid": "69C8CA7E-1ADF-472B-BA4C-A0485986B9F6" - }, - { - "providerName": "Microsoft-Windows-StorageVolume", - "providerGuid": "C8127B86-E611-5638-63F4-AE37539084D2" - }, - { - "providerName": "Microsoft-Windows-StorDiag", - "providerGuid": "F5D05B38-80A6-4653-825D-C414E4AB3C68" - }, - { - "providerName": "Microsoft-Windows-Store", - "providerGuid": "9C2A37F3-E5FD-5CAE-BCD1-43DAFEEE1FF0" - }, - { - "providerName": "Microsoft-Windows-StorPort", - "providerGuid": "C4636A1E-7986-4646-BF10-7BC3B4A76E8E" - }, - { - "providerName": "Microsoft-Windows-Storsvc", - "providerGuid": "A963A23C-0058-521D-71EC-A1CCE6173F21" - }, - { - "providerName": "Microsoft-Windows-Subsys-Csr", - "providerGuid": "E8316A2D-0D94-4F52-85DD-1E15B66C5891" - }, - { - "providerName": "Microsoft-Windows-Subsys-SMSS", - "providerGuid": "43E63DA5-41D1-4FBF-ADED-1BBED98FDD1D" - }, - { - "providerName": "Microsoft-Windows-Sudo", - "providerGuid": "9D74DC62-B75F-54CD-BE9E-C28940B5FEED" - }, - { - "providerName": "Microsoft-Windows-Superfetch", - "providerGuid": "99806515-9F51-4C2F-B918-1EAE407AA8CB" - }, - { - "providerName": "Microsoft-Windows-Sysprep", - "providerGuid": "75EBC33E-77B8-4BA8-9474-4F4A9DB2F5C6" - }, - { - "providerName": "Microsoft-Windows-System-Profile-HardwareId", - "providerGuid": "3419DE6D-5D7F-4668-ACC8-F80566814D96" - }, - { - "providerName": "Microsoft-Windows-System-Restore", - "providerGuid": "126CDB97-D346-4894-8A34-658DA5EEA1B6" - }, - { - "providerName": "Microsoft-Windows-SystemEventsBroker", - "providerGuid": "B6BFCC79-A3AF-4089-8D4D-0EECB1B80779" - }, - { - "providerName": "Microsoft-Windows-SystemSettingsHandlers", - "providerGuid": "FBBD52E1-DF97-529D-4B67-53F67DA99A98" - }, - { - "providerName": "Microsoft-Windows-SystemSettingsThreshold", - "providerGuid": "8BCDF442-3070-4118-8C94-E8843BE363B3" - }, - { - "providerName": "Microsoft-Windows-TabletPC-InputPanel", - "providerGuid": "E978F84E-582D-4167-977E-32AF52706888" - }, - { - "providerName": "Microsoft-Windows-TabletPC-MathInput", - "providerGuid": "8443CCB7-FEB0-4B8D-8E28-8D4C7CB814E8" - }, - { - "providerName": "Microsoft-Windows-TabletPC-MathRecognizer", - "providerGuid": "BDB462FC-A297-49A2-BF2E-4F1809E12ABC" - }, - { - "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Core", - "providerGuid": "B5FD844A-01D4-4B10-A57F-58B13B561582" - }, - { - "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Ninput", - "providerGuid": "2C3E6D9F-8298-450F-8E5D-49B724F1216F" - }, - { - "providerName": "Microsoft-Windows-TabletPC-Platform-Input-Wisp", - "providerGuid": "E5AA2A53-30BE-40F5-8D84-AD3F40A404CD" - }, - { - "providerName": "Microsoft-Windows-TabletPC-Platform-Manipulations", - "providerGuid": "2FD7A9A5-B1A1-4FC7-B95C-C32FED818F30" - }, - { - "providerName": "Microsoft-Windows-TaskbarCPL", - "providerGuid": "05D7B0F0-2121-4EFF-BF6B-ED3F69B894D7" - }, - { - "providerName": "Microsoft-Windows-TaskScheduler", - "providerGuid": "DE7B24EA-73C8-4A09-985D-5BDADCFA9017" - }, - { - "providerName": "Microsoft-Windows-TCPIP", - "providerGuid": "2F07E2EE-15DB-40F1-90EF-9D7BA282188A" - }, - { - "providerName": "Microsoft-Windows-TenantRestrictions", - "providerGuid": "4053FADA-178B-5AA8-746B-7CF8538B5118" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-ClientActiveXCore", - "providerGuid": "28AA95BB-D444-4719-A36F-40462168127E" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-ClientUSBDevices", - "providerGuid": "6E400999-5B82-475F-B800-CEF6FE361539" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-LocalSessionManager", - "providerGuid": "5D896912-022D-40AA-A3A8-4FA5515C76D7" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-MediaRedirection", - "providerGuid": "3F7B2F99-B863-4045-AD05-F6AFB62E7AF1" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-PnPDevices", - "providerGuid": "27A8C1E2-EB19-463E-8424-B399DF27A216" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-Printers", - "providerGuid": "952773BF-C2B7-49BC-88F4-920744B82C43" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-RdpSoundDriver", - "providerGuid": "127E0DC5-E13B-4935-985E-78FD508B1D80" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-RemoteConnectionManager", - "providerGuid": "C76BAA63-AE81-421C-B425-340B4B24157F" - }, - { - "providerName": "Microsoft-Windows-TerminalServices-ServerUSBDevices", - "providerGuid": "DCBE5AAA-16E2-457C-9337-366950045F0A" - }, - { - "providerName": "Microsoft-Windows-Tethering-Manager", - "providerGuid": "CC311F1F-623C-4CA4-BA44-A458016555E8" - }, - { - "providerName": "Microsoft-Windows-Tethering-Station", - "providerGuid": "585CAB4F-9351-436E-9D99-DC4B41A20DE0" - }, - { - "providerName": "Microsoft-Windows-TextPredictionEngine", - "providerGuid": "39A63500-7D76-49CD-994F-FFD796EF5A53" - }, - { - "providerName": "Microsoft-Windows-ThemeCPL", - "providerGuid": "61F044AF-9104-4CA5-81EE-CB6C51BB01AB" - }, - { - "providerName": "Microsoft-Windows-ThemeUI", - "providerGuid": "869FB599-80AA-485D-BCA7-DB18D72B7219" - }, - { - "providerName": "Microsoft-Windows-Thermal-Polling", - "providerGuid": "E8A7C168-81EE-465C-8E8E-D39A2AC1CA41" - }, - { - "providerName": "Microsoft-Windows-Threat-Intelligence", - "providerGuid": "F4E1897C-BB5D-5668-F1D8-040F4D8DD344" - }, - { - "providerName": "Microsoft-Windows-Time-Service", - "providerGuid": "06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB" - }, - { - "providerName": "Microsoft-Windows-Time-Service-PTP-Provider", - "providerGuid": "CFFB980E-327C-5B87-19C6-62C4C3BE2290" - }, - { - "providerName": "Microsoft-Windows-TimeBroker", - "providerGuid": "0657ADC1-9AE8-4E18-932D-E6079CDA5AB3" - }, - { - "providerName": "Microsoft-Windows-TPM-WMI", - "providerGuid": "7D5387B0-CBE0-11DA-A94D-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-TriggerEmulatorProvider", - "providerGuid": "F230D19A-5D93-47D9-A83F-53829EDFB8DF" - }, - { - "providerName": "Microsoft-Windows-Troubleshooting-Recommended", - "providerGuid": "4969DE67-439C-516F-F805-A82A4F905730" - }, - { - "providerName": "Microsoft-Windows-TSF-msctf", - "providerGuid": "4FBA1227-F606-4E5F-B9E8-FAB9AB5740F3" - }, - { - "providerName": "Microsoft-Windows-TSF-msutb", - "providerGuid": "74B655A2-8958-410E-80E2-3457051B8DFF" - }, - { - "providerName": "Microsoft-Windows-TSF-UIManager", - "providerGuid": "4DD778B8-379C-4D8C-B659-517A43D6DF7D" - }, - { - "providerName": "Microsoft-Windows-TunnelDriver", - "providerGuid": "4EDBE902-9ED3-4CF0-93E8-B8B5FA920299" - }, - { - "providerName": "Microsoft-Windows-TunnelDriver-SQM-Provider", - "providerGuid": "4214DCD2-7C33-4F74-9898-719CCCEEC20F" - }, - { - "providerName": "Microsoft-Windows-TZSync", - "providerGuid": "3527CB55-1298-49D4-AB94-1243DB0FCAFF" - }, - { - "providerName": "Microsoft-Windows-TZUtil", - "providerGuid": "2D318B91-E6E7-4C46-BD04-BFE6DB412CF9" - }, - { - "providerName": "Microsoft-Windows-UAC", - "providerGuid": "E7558269-3FA5-46ED-9F4D-3C6E282DDE55" - }, - { - "providerName": "Microsoft-Windows-UAC-FileVirtualization", - "providerGuid": "C02AFC2B-E24E-4449-AD76-BCC2C2575EAD" - }, - { - "providerName": "Microsoft-Windows-UI-Input-Inking", - "providerGuid": "BF1DB390-3E67-4D4D-A287-8958044A3DB4" - }, - { - "providerName": "Microsoft-Windows-UI-Search", - "providerGuid": "D8965FCF-7397-4E0E-B750-21A4580BD880" - }, - { - "providerName": "Microsoft-Windows-UIAnimation", - "providerGuid": "E0A40B26-30C4-4656-BC9A-74A5C3A0B2EC" - }, - { - "providerName": "Microsoft-Windows-UIAutomationCore", - "providerGuid": "820A42D8-38C4-465D-B64E-D7D56EA1D612" - }, - { - "providerName": "Microsoft-Windows-UIRibbon", - "providerGuid": "87D476FE-1A0F-4370-B785-60B028019693" - }, - { - "providerName": "Microsoft-Windows-UniversalTelemetryClient", - "providerGuid": "6489B27F-7C43-5886-1D00-0A61BB2A375B" - }, - { - "providerName": "Microsoft-Windows-URLMon", - "providerGuid": "245F975D-909D-49ED-B8F9-9A75691D6B6B" - }, - { - "providerName": "Microsoft-Windows-USB-CCID", - "providerGuid": "F708C483-4880-11E6-9121-5CF37068B67B" - }, - { - "providerName": "Microsoft-Windows-USB-MAUSBHOST", - "providerGuid": "7725B5F9-1F2E-4E21-BAEB-B2AF4690BC87" - }, - { - "providerName": "Microsoft-Windows-USB-UCMUCSICX", - "providerGuid": "569D11AA-5068-5EE5-DA22-CE541C0B1481" - }, - { - "providerName": "Microsoft-Windows-USB-UCX", - "providerGuid": "36DA592D-E43A-4E28-AF6F-4BC57C5A11E8" - }, - { - "providerName": "Microsoft-Windows-USB-USB4DeviceRouter-EventLogs", - "providerGuid": "D07E8C3F-78FB-4C22-B77C-2203D00BFDF3" - }, - { - "providerName": "Microsoft-Windows-USB-USBHUB", - "providerGuid": "7426A56B-E2D5-4B30-BDEF-B31815C1A74A" - }, - { - "providerName": "Microsoft-Windows-USB-USBHUB3", - "providerGuid": "AC52AD17-CC01-4F85-8DF5-4DCE4333C99B" - }, - { - "providerName": "Microsoft-Windows-USB-USBPORT", - "providerGuid": "C88A4EF5-D048-4013-9408-E04B7DB2814A" - }, - { - "providerName": "Microsoft-Windows-USB-USBXHCI", - "providerGuid": "30E1D284-5D88-459C-83FD-6345B39B19EC" - }, - { - "providerName": "Microsoft-Windows-User Device Registration", - "providerGuid": "23B8D46B-67DD-40A3-B636-D43E50552C6D" - }, - { - "providerName": "Microsoft-Windows-User Profiles General", - "providerGuid": "DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770" - }, - { - "providerName": "Microsoft-Windows-User Profiles Service", - "providerGuid": "89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845" - }, - { - "providerName": "Microsoft-Windows-User-ControlPanel", - "providerGuid": "319122A9-1485-4E48-AF35-7DB2D93B8AD2" - }, - { - "providerName": "Microsoft-Windows-User-Diagnostic", - "providerGuid": "305FC87B-002A-5E26-D297-60223012CA9C" - }, - { - "providerName": "Microsoft-Windows-User-Loader", - "providerGuid": "B059B83F-D946-4B13-87CA-4292839DC2F2" - }, - { - "providerName": "Microsoft-Windows-UserAccountControl", - "providerGuid": "2683B597-3CCA-410A-97FE-6F7EE3D09B94" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-CallHistoryClient", - "providerGuid": "F5988ABB-323A-4098-8A34-85A3613D4638" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-CEMAPI", - "providerGuid": "83A9277A-D2FC-4B34-BF81-8CEB4407824F" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-PimIndexMaintenance", - "providerGuid": "99C66BA7-5A97-40D5-AA01-8A07FB3DB292" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-Poom", - "providerGuid": "0BD19909-EB6F-4B16-8074-6DCE803F091D" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-UnifiedStore", - "providerGuid": "56F519AB-9DF6-4345-8491-A4BA21AC825B" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-UserDataApis", - "providerGuid": "B9B2DE3C-3FBD-4F42-8FF7-33C3BAD35FD4" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-UserDataService", - "providerGuid": "FB19EE2C-0D22-4A2E-969E-DD41AE0CE1A9" - }, - { - "providerName": "Microsoft-Windows-UserDataAccess-UserDataUtils", - "providerGuid": "D1F688BF-012F-4AEC-A38C-E7D4649F8CD2" - }, - { - "providerName": "Microsoft-Windows-UserModePowerService", - "providerGuid": "CE8DEE0B-D539-4000-B0F8-77BED049C590" - }, - { - "providerName": "Microsoft-Windows-UserPnp", - "providerGuid": "96F4A050-7E31-453C-88BE-9634F4E02139" - }, - { - "providerName": "Microsoft-Windows-UserSettingsBackup-BackupUnitProcessor", - "providerGuid": "DC84BBF4-CDED-56EF-BF3B-E2051D5589D5" - }, - { - "providerName": "Microsoft-Windows-UserSettingsBackup-EarlyDownloader", - "providerGuid": "C675305E-51BD-5DA6-08B4-D4CB88D198F0" - }, - { - "providerName": "Microsoft-Windows-UserSettingsBackup-Orchestrator", - "providerGuid": "47AE8351-B61A-51D1-0AD0-9D870C38F53A" - }, - { - "providerName": "Microsoft-Windows-UxInit", - "providerGuid": "4154A29C-40D9-445F-8D65-24DA473E8F65" - }, - { - "providerName": "Microsoft-Windows-UxTheme", - "providerGuid": "422088E6-CD0C-4F99-BD0B-6985FA290BDF" - }, - { - "providerName": "Microsoft-Windows-VDRVROOT", - "providerGuid": "E4480490-85B6-11DD-AD8B-0800200C9A66" - }, - { - "providerName": "Microsoft-Windows-VerifyHardwareSecurity", - "providerGuid": "F3F53C76-B06D-4F15-B412-61164A0D2B73" - }, - { - "providerName": "Microsoft-Windows-VHDMP", - "providerGuid": "E2816346-87F4-4F85-95C3-0C79409AA89D" - }, - { - "providerName": "Microsoft-Windows-Video-For-Windows", - "providerGuid": "712ABB2D-D806-4B42-9682-26DA01D8B307" - }, - { - "providerName": "Microsoft-Windows-VIRTDISK", - "providerGuid": "4D20DF22-E177-4514-A369-F1759FEEDEB3" - }, - { - "providerName": "Microsoft-Windows-VolumeControl", - "providerGuid": "07DE7879-1C96-41CE-AFBD-C659A0E8E643" - }, - { - "providerName": "Microsoft-Windows-VolumeSnapshot-Driver", - "providerGuid": "67FE2216-727A-40CB-94B2-C02211EDB34A" - }, - { - "providerName": "Microsoft-Windows-VPN-Client", - "providerGuid": "3C088E51-65BE-40D1-9B90-62BFEC076737" - }, - { - "providerName": "Microsoft-Windows-VWiFi", - "providerGuid": "314B2B0D-81EE-4474-B6E0-C2AAEC0DDBDE" - }, - { - "providerName": "Microsoft-Windows-WABSyncProvider", - "providerGuid": "17F14A23-551D-40CC-A086-E4194D64ED4C" - }, - { - "providerName": "Microsoft-Windows-Wallet", - "providerGuid": "6ED11B00-C1B5-48CB-AECC-FF72EBEFBAE8" - }, - { - "providerName": "Microsoft-Windows-Watchdog-Events", - "providerGuid": "70E74DD8-39DB-5F6F-6FD1-F5581B29E834" - }, - { - "providerName": "Microsoft-Windows-Wcmsvc", - "providerGuid": "67D07935-283A-4791-8F8D-FA9117F3E6F2" - }, - { - "providerName": "Microsoft-Windows-WCN-Config-Registrar", - "providerGuid": "C100BECF-D33A-4A4B-BF23-BBEF4663D017" - }, - { - "providerName": "Microsoft-Windows-WCN-Config-Registrar-Secure", - "providerGuid": "C100BECC-D33A-4A4B-BF23-BBEF4663D017" - }, - { - "providerName": "Microsoft-Windows-WCNWiz", - "providerGuid": "E8AA5402-26A1-455E-A21B-F240ED62D155" - }, - { - "providerName": "Microsoft-Windows-WDAG-PolicyEvaluator-CSP", - "providerGuid": "64A98C25-9E00-404E-84AD-6700DFE02529" - }, - { - "providerName": "Microsoft-Windows-WDAG-PolicyEvaluator-GP", - "providerGuid": "E53DF8BA-367A-4406-98D5-709FFB169681" - }, - { - "providerName": "Microsoft-Windows-WebAuth", - "providerGuid": "DB6972B6-DDDF-4820-84B1-2ED6AC0B96E5" - }, - { - "providerName": "Microsoft-Windows-WebAuthN", - "providerGuid": "3AE1EA61-C002-47FB-B06C-4022A8C98929" - }, - { - "providerName": "Microsoft-Windows-WebcamExperience", - "providerGuid": "9E12CEB1-E3FF-46AD-A0AA-11738B122D20" - }, - { - "providerName": "Microsoft-Windows-WebdavClient-LookupServiceTrigger", - "providerGuid": "22B6D684-FA63-4578-87C9-EFFCBE6643C7" - }, - { - "providerName": "Microsoft-Windows-WebDeploy", - "providerGuid": "AB77E98E-0138-4C77-8BFB-DECD33EDFE3C" - }, - { - "providerName": "Microsoft-Windows-WebIO", - "providerGuid": "50B3E73C-9370-461D-BB9F-26F32D68887D" - }, - { - "providerName": "Microsoft-Windows-WebServices", - "providerGuid": "E04FE2E0-C6CF-4273-B59D-5C97C9C374A4" - }, - { - "providerName": "Microsoft-Windows-Websocket-Protocol-Component", - "providerGuid": "CBA5F63C-E2CF-4B36-8305-BDE1311924FC" - }, - { - "providerName": "Microsoft-Windows-WEPHOSTSVC", - "providerGuid": "D5F7235B-48E2-4E9C-92FE-0E4950ABA9E8" - }, - { - "providerName": "Microsoft-Windows-WER-Diag", - "providerGuid": "AD8AA069-A01B-40A0-BA40-948D1D8DEDC5" - }, - { - "providerName": "Microsoft-Windows-WER-PayloadHealth", - "providerGuid": "4AFDDFDE-002D-51AC-C109-C3B7897858D0" - }, - { - "providerName": "Microsoft-Windows-WER-SystemErrorReporting", - "providerGuid": "ABCE23E7-DE45-4366-8631-84FA6C525952" - }, - { - "providerName": "Microsoft-Windows-WerKernel", - "providerGuid": "87A623F0-8DB5-5C11-7C80-A2EBBCBE5189" - }, - { - "providerName": "Microsoft-Windows-WFP", - "providerGuid": "0C478C5B-0351-41B1-8C58-4A6737DA32E3" - }, - { - "providerName": "Microsoft-Windows-WHEA-Logger", - "providerGuid": "C26C4F3C-3F66-4E99-8F8A-39405CFED220" - }, - { - "providerName": "Microsoft-Windows-WiFiDisplay", - "providerGuid": "712880E9-7813-41A3-8E4C-E4E0C4F6580A" - }, - { - "providerName": "Microsoft-Windows-WiFiHotspotService", - "providerGuid": "814182FE-58F7-11E1-853C-78E7D1CA7337" - }, - { - "providerName": "Microsoft-Windows-WiFiNetworkManager", - "providerGuid": "E5C16D49-2464-4382-BB20-97A4B5465DB9" - }, - { - "providerName": "Microsoft-Windows-Win32k", - "providerGuid": "8C416C79-D49B-4F01-A467-E56D3AA8234C" - }, - { - "providerName": "Microsoft-Windows-Windeploy", - "providerGuid": "75EBC33E-C8AE-4F93-9CA1-683A53E20CB6" - }, - { - "providerName": "Microsoft-Windows-Windows Defender", - "providerGuid": "11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78" - }, - { - "providerName": "Microsoft-Windows-Windows Firewall With Advanced Security", - "providerGuid": "D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85" - }, - { - "providerName": "Microsoft-Windows-WindowsBackup", - "providerGuid": "01979C6A-42FA-414C-B8AA-EEE2C8202018" - }, - { - "providerName": "Microsoft-Windows-WindowsColorSystem", - "providerGuid": "D53270E3-C8CF-4707-958A-DAD20C90073C" - }, - { - "providerName": "Microsoft-Windows-WindowsSystemAssessmentTool", - "providerGuid": "11A75546-3234-465E-BEC8-2D301CB501AC" - }, - { - "providerName": "Microsoft-Windows-WindowsToGo-StartupOptions", - "providerGuid": "2E6CB42E-161D-413B-A6C1-84CA4C1E5890" - }, - { - "providerName": "Microsoft-Windows-WindowsUIImmersive", - "providerGuid": "74827CBB-1E0F-45A2-8523-C605866D2F22" - }, - { - "providerName": "Microsoft-Windows-WindowsUpdateClient", - "providerGuid": "945A8954-C147-4ACD-923F-40C45405A658" - }, - { - "providerName": "Microsoft-Windows-WinHttp", - "providerGuid": "7D44233D-3055-4B9C-BA64-0D47CA40A232" - }, - { - "providerName": "Microsoft-Windows-WinHttp-Diagnostics", - "providerGuid": "64DE121B-5F08-5853-AB48-7758F2EA2DD3" - }, - { - "providerName": "Microsoft-Windows-WinHttp-Pca", - "providerGuid": "D071CE03-0D7B-5B27-E817-B9C12961934E" - }, - { - "providerName": "Microsoft-Windows-WinINet", - "providerGuid": "43D1A55C-76D6-4F7E-995C-64C711E5CAFE" - }, - { - "providerName": "Microsoft-Windows-WinINet-Capture", - "providerGuid": "A70FF94F-570B-4979-BA5C-E59C9FEAB61B" - }, - { - "providerName": "Microsoft-Windows-WinINet-Config", - "providerGuid": "5402E5EA-1BDD-4390-82BE-E108F1E634F5" - }, - { - "providerName": "Microsoft-Windows-WinINet-Pca", - "providerGuid": "4860EA43-3F05-5FB8-20CE-7BA346A44747" - }, - { - "providerName": "Microsoft-Windows-Wininit", - "providerGuid": "206F6DEA-D3C5-4D10-BC72-989F03C8B84B" - }, - { - "providerName": "Microsoft-Windows-Winlogon", - "providerGuid": "DBE9B383-7CF3-4331-91CC-A3CB16A3B538" - }, - { - "providerName": "Microsoft-Windows-WinMDE", - "providerGuid": "77549803-7BB1-418B-A98E-F2E22F35A873" - }, - { - "providerName": "Microsoft-Windows-WinML", - "providerGuid": "C8517E09-BEA2-5BB6-BEF3-50B4C91C431E" - }, - { - "providerName": "Microsoft-Windows-WinNat", - "providerGuid": "66C07ECD-6667-43FC-93F8-05CF07F446EC" - }, - { - "providerName": "Microsoft-Windows-WinREAgent", - "providerGuid": "1F7A6C55-5532-573B-35B7-2107E43A6EF5" - }, - { - "providerName": "Microsoft-Windows-WinRM", - "providerGuid": "A7975C8F-AC13-49F1-87DA-5A984A4AB417" - }, - { - "providerName": "Microsoft-Windows-WinRT-Error", - "providerGuid": "A86F8471-C31D-4FBC-A035-665D06047B03" - }, - { - "providerName": "Microsoft-Windows-Winsock-AFD", - "providerGuid": "E53C6823-7BB8-44BB-90DC-3F86090D48A6" - }, - { - "providerName": "Microsoft-Windows-Winsock-NameResolution", - "providerGuid": "55404E71-4DB9-4DEB-A5F5-8F86E46DDE56" - }, - { - "providerName": "Microsoft-Windows-Winsock-Sockets", - "providerGuid": "BDE46AEA-2357-51FE-7367-D5296F530BD1" - }, - { - "providerName": "Microsoft-Windows-Winsock-SQM", - "providerGuid": "093DA50C-0BB9-4D7D-B95C-3BB9FCDA5EE8" - }, - { - "providerName": "Microsoft-Windows-Winsock-WS2HELP", - "providerGuid": "D5C25F9A-4D47-493E-9184-40DD397A004D" - }, - { - "providerName": "Microsoft-Windows-Winsrv", - "providerGuid": "9D55B53D-449B-4824-A637-24F9D69AA02F" - }, - { - "providerName": "Microsoft-Windows-Wired-AutoConfig", - "providerGuid": "B92CF7FD-DC10-4C6B-A72D-1613BF25E597" - }, - { - "providerName": "Microsoft-Windows-WLAN-AutoConfig", - "providerGuid": "9580D7DD-0379-4658-9870-D5BE7D52D6DE" - }, - { - "providerName": "Microsoft-Windows-WLAN-Driver", - "providerGuid": "DAA6A96B-F3E7-4D4D-A0D6-31A350E6A445" - }, - { - "providerName": "Microsoft-Windows-WlanDlg", - "providerGuid": "D4AFA0DC-4DD1-40AF-AFCE-CB0D0E6736A7" - }, - { - "providerName": "Microsoft-Windows-WlanPref", - "providerGuid": "CA5BA219-C0D4-4EFA-9CEB-72AFF92672B0" - }, - { - "providerName": "Microsoft-Windows-WLGPA", - "providerGuid": "46098845-8A94-442D-9095-366A6BCFEFA9" - }, - { - "providerName": "Microsoft-Windows-wmbclass", - "providerGuid": "12D25187-6C0D-4783-AD3A-84CAA135ACFD" - }, - { - "providerName": "Microsoft-Windows-Wmbclass-Opn", - "providerGuid": "A42FE227-A7BF-4483-A502-6BCDA428CD96" - }, - { - "providerName": "Microsoft-Windows-WMI", - "providerGuid": "1EDEEE53-0AFE-4609-B846-D8C0B2075B1F" - }, - { - "providerName": "Microsoft-Windows-WMI-Activity", - "providerGuid": "1418EF04-B0B4-4623-BF7E-D74AB47BBDAA" - }, - { - "providerName": "Microsoft-Windows-WMP", - "providerGuid": "F3F14FF3-7B80-4868-91D0-D77E497B025E" - }, - { - "providerName": "Microsoft-Windows-WMP-Setup_WM", - "providerGuid": "0D759F0F-CFF9-4902-8867-EB9E29D7A98B" - }, - { - "providerName": "Microsoft-Windows-WMPDMCUI", - "providerGuid": "3F9E07BD-0E26-4241-A5A5-28CAFA150A75" - }, - { - "providerName": "Microsoft-Windows-WMPNSS-PublicAPI", - "providerGuid": "614696C9-85AF-4E64-B389-D2C0DB4FF87B" - }, - { - "providerName": "Microsoft-Windows-WMPNSS-Service", - "providerGuid": "6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C" - }, - { - "providerName": "Microsoft-Windows-WMPNSSUI", - "providerGuid": "7C314E58-8246-47D1-8F7A-4049DC543E0B" - }, - { - "providerName": "Microsoft-Windows-wmvdecod", - "providerGuid": "55BACC9F-9AC0-46F5-968A-A5A5DD024F8A" - }, - { - "providerName": "Microsoft-Windows-WMVENCOD", - "providerGuid": "313B0545-BF9C-492E-9173-8DE4863B8573" - }, - { - "providerName": "Microsoft-Windows-WorkFolders", - "providerGuid": "34A3697E-0F10-4E48-AF3C-F869B5BABEBB" - }, - { - "providerName": "Microsoft-Windows-Workplace Join", - "providerGuid": "76AB12D5-C986-4E60-9D7C-2A092B284CDD" - }, - { - "providerName": "Microsoft-Windows-WPD-API", - "providerGuid": "31569DCF-9C6F-4B8E-843A-B7C1CC7FFCBA" - }, - { - "providerName": "Microsoft-Windows-WPD-CompositeClassDriver", - "providerGuid": "355C44FE-0C8E-4BF8-BE28-8BC7B5A42720" - }, - { - "providerName": "Microsoft-Windows-WPD-MTPBT", - "providerGuid": "92AB58D3-F351-4AF5-9C72-D52F36EE2C92" - }, - { - "providerName": "Microsoft-Windows-WPD-MTPClassDriver", - "providerGuid": "21B7C16E-C5AF-4A69-A74A-7245481C1B97" - }, - { - "providerName": "Microsoft-Windows-WPD-MTPIP", - "providerGuid": "C374D21E-69B2-4CD7-9A25-62187C5A5619" - }, - { - "providerName": "Microsoft-Windows-WPD-MTPUS", - "providerGuid": "DCFC4489-9CE0-403C-99DF-A05422C60898" - }, - { - "providerName": "Microsoft-Windows-WPDClassInstaller", - "providerGuid": "AD5162D8-DAF0-4A25-88A7-01CBEB33902E" - }, - { - "providerName": "Microsoft-Windows-WSC-SRV", - "providerGuid": "5857D6CA-9732-4454-809B-2A87B70881F8" - }, - { - "providerName": "Microsoft-Windows-WUSA", - "providerGuid": "09608C12-C1DA-4104-A6FE-B959CF57560A" - }, - { - "providerName": "Microsoft-Windows-WWAN-MM-EVENTS", - "providerGuid": "7839BB2A-2EA3-4ECA-A00F-B558BA678BEC" - }, - { - "providerName": "Microsoft-Windows-WWAN-NDISUIO-EVENTS", - "providerGuid": "B3EEE223-D0A9-40CD-ADFC-50F1888138AB" - }, - { - "providerName": "Microsoft-Windows-WWAN-SVC-EVENTS", - "providerGuid": "3CB40AAA-1145-4FB8-B27B-7E30F0454316" - }, - { - "providerName": "Microsoft-Windows-WwanClient_0ca4cac9670d3ec454b4175eb8aa80b3", - "providerGuid": "0CA4CAC9-670D-3EC4-54B4-175EB8AA80B3" - }, - { - "providerName": "Microsoft-Windows-WwanProtDim_e72a6a5d74743941a6fa83201a9f8ef4", - "providerGuid": "E72A6A5D-7474-3941-A6FA-83201A9F8EF4" - }, - { - "providerName": "Microsoft-Windows-XAML", - "providerGuid": "531A35AB-63CE-4BCF-AA98-F88C7A89E455" - }, - { - "providerName": "Microsoft-Windows-XAML-Diagnostics", - "providerGuid": "59E7A714-73A4-4147-B47E-0957048C75C4" - }, - { - "providerName": "Microsoft-Windows-XAudio2", - "providerGuid": "1EE3ABDB-C1FC-4B43-9E56-11064ABBA866" - }, - { - "providerName": "Microsoft-Windows-XWizards", - "providerGuid": "777BA8FE-2498-4875-933A-3067DE883070" - }, - { - "providerName": "Microsoft-Windows-ZTDNS", - "providerGuid": "8507CD07-F18B-54F0-B871-23C43A5BF118" - }, - { - "providerName": "Microsoft-Windows-ZTHELPER", - "providerGuid": "40E3FC75-59E8-5443-47CB-A1E1B197FDE0" - }, - { - "providerName": "Microsoft-Windows-ZTraceMaps", - "providerGuid": "B865B57B-BDDA-4E1D-A2C8-ADFA69FE6AB9" - }, - { - "providerName": "Microsoft-WindowsAzure-Diagnostics", - "providerGuid": "9148C98F-152C-44D3-A496-26350C475D74" - }, - { - "providerName": "Microsoft-WindowsAzure-Status", - "providerGuid": "9E3B8BEE-15EB-444B-A692-BAB4546644F2" - }, - { - "providerName": "Microsoft-WindowsPhone-ConfigManager2", - "providerGuid": "2F94E1CC-A8C5-4FE7-A1C3-53D7BDA8E73E" - }, - { - "providerName": "Microsoft-WindowsPhone-CoreMessaging", - "providerGuid": "922CDCF3-6123-42DA-A877-1A24F23E39C5" - }, - { - "providerName": "Microsoft-WindowsPhone-CoreUIComponents", - "providerGuid": "A0B7550F-4E9A-4F03-AD41-B8042D06A2F7" - }, - { - "providerName": "Microsoft-WindowsPhone-Ufx", - "providerGuid": "E98EBDBF-3058-4784-8521-47860B1D2B8E" - }, - { - "providerName": "Microsoft-WindowsPhone-UfxSynopsys", - "providerGuid": "49B12C7C-4BD5-4F93-BB75-30FCE739600B" - }, - { - "providerName": "Microsoft.Windows.HyperV.GpupVDev", - "providerGuid": "C3A331B2-AF4F-5472-FD2F-4313035C4E77" - }, - { - "providerName": "Microsoft.Windows.HyperV.VmIcCore", - "providerGuid": "E5EA3CA6-5EB0-597D-504A-2FD09CCDEFDA" - }, - { - "providerName": "Microsoft.Windows.ResourceManager", - "providerGuid": "4180C4F7-E238-5519-338F-EC214F0B49AA" - }, - { - "providerName": "Microsoft_SideCar", - "providerGuid": "1DB28F2E-8F80-4027-8C5A-A11F7F10F62D" - }, - { - "providerName": "MMC", - "providerGuid": "9C88041D-349D-4647-8BFD-2C0A167BFE58" - }, - { - "providerName": "Mobility Center Performance Trace", - "providerGuid": "8A8B5246-6EB6-4339-8B59-B0085B9F4890" - }, - { - "providerName": "Mobility Center Trace", - "providerGuid": "082DFF20-F430-11D9-8CD6-0800200C9A66" - }, - { - "providerName": "Mount Manager Trace", - "providerGuid": "467C1914-37F0-4C7D-B6DB-5CD7DFE7BD5E" - }, - { - "providerName": "MSADCE.1", - "providerGuid": "76DBA919-5A36-FC80-2CAD-3185532B7CB1" - }, - { - "providerName": "MSADCF.1", - "providerGuid": "101C0E21-EBBA-A60A-EC3D-58797788928A" - }, - { - "providerName": "MSADCO.1", - "providerGuid": "5C6CE734-1B3E-705E-C2AB-B272D99AAF8F" - }, - { - "providerName": "MSADDS.1", - "providerGuid": "13CD7F92-5BAA-8C7C-3D72-B69FAC139A46" - }, - { - "providerName": "MSADOX.1", - "providerGuid": "6C770D53-0441-AFD4-DCAB-1D89155FECFC" - }, - { - "providerName": "MSDADIAG.ETW", - "providerGuid": "8B98D3F2-3CC6-0B9C-6651-9649CCE5C752" - }, - { - "providerName": "MSDAPRST.1", - "providerGuid": "64A552E0-6C60-B907-E59C-10F1DFF76B0D" - }, - { - "providerName": "MSDAREM.1", - "providerGuid": "564F1E24-FC86-28E1-74F8-5CA0D950BEE0" - }, - { - "providerName": "MSDART.1", - "providerGuid": "CEB7253C-BB96-9DFE-51D1-53D966D0CF8B" - }, - { - "providerName": "MSDASQL_1", - "providerGuid": "B6501BA0-C61A-C4E6-6FA2-A4E7F8C8E7A0" - }, - { - "providerName": "MSDATL3.1", - "providerGuid": "87B93A44-1F73-EC83-7261-2DFC972D9B1E" - }, - { - "providerName": "msiscsi_iScsi", - "providerGuid": "1BABEFB4-59CB-49E5-9698-FD38AC830A91" - }, - { - "providerName": "MUI Resource Trace", - "providerGuid": "D3DE60B2-A663-45D5-9826-A0A5949D2CB0" - }, - { - "providerName": "Native WIFI Filter Driver Trace", - "providerGuid": "D905AC1C-65E7-4242-99EA-FE66A8355DF8" - }, - { - "providerName": "Native WIFI MSM Trace", - "providerGuid": "D905AC1D-65E7-4242-99EA-FE66A8355DF8" - }, - { - "providerName": "NetJoin", - "providerGuid": "9741FD4E-3757-479F-A3C6-FC49F6D5EDD0" - }, - { - "providerName": "Network Location Awareness Trace", - "providerGuid": "1AC55562-D4FF-4BC5-8EF3-A18E07C4668E" - }, - { - "providerName": "Network Profile Manager", - "providerGuid": "D9131565-E1DD-4C9E-A728-951999C2ADB5" - }, - { - "providerName": "NisDrvWFP Provider", - "providerGuid": "49D6AD7B-52C4-4F79-A164-4DCD908391E4" - }, - { - "providerName": "Ntfs", - "providerGuid": "DD70BC80-EF44-421B-8AC3-CD31DA613A4E" - }, - { - "providerName": "Ntfs_NtfsLog", - "providerGuid": "B2FC00C4-2941-4D11-983B-B16E8AA4E25D" - }, - { - "providerName": "NTLM Security Protocol", - "providerGuid": "C92CF544-91B3-4DC0-8E11-C580339A0BF8" - }, - { - "providerName": "ODBC.1", - "providerGuid": "F34765F6-A1BE-4B9D-1400-B8A12921F704" - }, - { - "providerName": "ODBCBCP.1", - "providerGuid": "932B59F1-90C2-D8BA-0956-3975C344AE2B" - }, - { - "providerName": "OfficeAirSpace", - "providerGuid": "F562BB8E-422D-4B5C-B20E-90D710F7D11C" - }, - { - "providerName": "OfficeLoggingLiblet", - "providerGuid": "F50D9315-E17E-43C1-8370-3EDF6CC057BE" - }, - { - "providerName": "OLEDB.1", - "providerGuid": "0DD082C4-66F2-271F-74BA-2BF1F9F65C66" - }, - { - "providerName": "OpenSSH", - "providerGuid": "C4B57D35-0636-4BC3-A262-370F249F9802" - }, - { - "providerName": "PNPX AssocDB Trace", - "providerGuid": "7311AD03-18D6-45AC-9B08-B020BDD6A590" - }, - { - "providerName": "Portable Device Connectivity API Trace", - "providerGuid": "02FE721A-0725-469E-A26D-37B3C09FAAC1" - }, - { - "providerName": "PowerShellCore", - "providerGuid": "F90714A8-5509-434A-BF6D-B1624C8A19A2" - }, - { - "providerName": "PrintFilterPipelineSvc_ObjectsGuid", - "providerGuid": "AEFE45F4-8548-42B4-B1C8-25673B07AD8B" - }, - { - "providerName": "Refsv1WppTrace", - "providerGuid": "6D2FD9C5-8BD8-4A5D-8AA8-01E5C3B2AE23" - }, - { - "providerName": "RefsWppTrace", - "providerGuid": "740F3C34-57DF-4BAD-8EEA-72AC69AD5DF5" - }, - { - "providerName": "RmClient_RestartManager", - "providerGuid": "0888E5EF-9B98-4695-979D-E92CE4247224" - }, - { - "providerName": "RowsetHelper.1", - "providerGuid": "74A75B02-36D8-EDE6-D10E-95B691503408" - }, - { - "providerName": "RSS Platform Backgroundsync Perf Trace", - "providerGuid": "CA1CF55C-9E49-4AD3-8038-39CB6F66AF11" - }, - { - "providerName": "RSS Platform Backgroundsync Trace", - "providerGuid": "F59D1D86-CC03-4736-BC9C-4C7936871B3D" - }, - { - "providerName": "RSS Platform Perf Trace", - "providerGuid": "2B240425-3141-43EE-931F-EC9F997C7D7E" - }, - { - "providerName": "RSS Platform Trace", - "providerGuid": "8C50FA6E-394E-4B47-B6D1-A880A5F225A2" - }, - { - "providerName": "RuntimeInstaller", - "providerGuid": "417879EB-0EFB-4A9A-87EF-B9B55086AAF1" - }, - { - "providerName": "RuntimeRestServer", - "providerGuid": "EC93ADF0-A939-4E61-B96D-BFA285EBA2D5" - }, - { - "providerName": "SBP2 Port Driver Tracing Provider", - "providerGuid": "6710597F-7319-4AAE-9B85-C8D87136A56B" - }, - { - "providerName": "Schannel", - "providerGuid": "1F678132-5938-4686-9FDC-C8FF68F15C85" - }, - { - "providerName": "SD Bus Trace", - "providerGuid": "3B9E3DA4-70B8-46D3-9EF2-3DDF128BDED8" - }, - { - "providerName": "Security: Kerberos Authentication", - "providerGuid": "6B510852-3583-4E2D-AFFE-A67F9F223438" - }, - { - "providerName": "Security: NTLM Authentication", - "providerGuid": "5BBB6C18-AA45-49B1-A15F-085F7ED0AA90" - }, - { - "providerName": "Security: SChannel", - "providerGuid": "37D2C3CD-C5D4-4587-8531-4696C44244C8" - }, - { - "providerName": "Security: TSPkg", - "providerGuid": "6165F3E2-AE38-45D4-9B23-6B4818758BD9" - }, - { - "providerName": "Security: WDigest", - "providerGuid": "FB6A424F-B5D6-4329-B9D5-A975B3A93EAD" - }, - { - "providerName": "Sensor ClassExtension Trace", - "providerGuid": "A1E89BB0-EF73-4980-8C99-DD15F7271D7E" - }, - { - "providerName": "Service Control Manager", - "providerGuid": "555908D1-A6D7-4695-8E1E-26931D2012F4" - }, - { - "providerName": "Service Control Manager Trace", - "providerGuid": "EBCCA1C2-AB46-4A1D-8C2A-906C2FF25F39" - }, - { - "providerName": "ServiceRuntime", - "providerGuid": "3A867E2E-2C45-4B6C-9654-D7575E57F3CF" - }, - { - "providerName": "SQLOLEDB_1", - "providerGuid": "C5BFFE2E-9D87-D568-A09E-08FC83D0C7C2" - }, - { - "providerName": "SQLSRV32.1", - "providerGuid": "4B647745-F438-0A42-F870-5DBD29949C99" - }, - { - "providerName": "TCPIP Service Trace", - "providerGuid": "EB004A05-9B1A-11D4-9123-0050047759BC" - }, - { - "providerName": "Telemetry", - "providerGuid": "7C203661-7420-49DE-B8E0-7CC5878EBED0" - }, - { - "providerName": "TerminalServer-MediaFoundationPlugin", - "providerGuid": "4199EE71-D55D-47D7-9F57-34A1D5B2C904" - }, - { - "providerName": "Thread Pool", - "providerGuid": "C861D0E2-A2C1-4D36-9F9C-970BAB943A12" - }, - { - "providerName": "TPM", - "providerGuid": "1B6B0772-251B-4D42-917D-FACA166BC059" - }, - { - "providerName": "TransparentInstaller", - "providerGuid": "747C00B6-F0B4-438C-8B48-F3E5D7ED38A2" - }, - { - "providerName": "TS Client ActiveX Control Trace", - "providerGuid": "DAA6CAF5-6678-43F8-A6FE-B40EE096E06E" - }, - { - "providerName": "TS Client Trace", - "providerGuid": "0C51B20C-F755-48A8-8123-BF6DA2ADC727" - }, - { - "providerName": "TS Rdp Init Trace", - "providerGuid": "C127C1A8-6CEB-11DA-8BDE-F66BAD1E3F3A" - }, - { - "providerName": "TS RDP Shell Trace", - "providerGuid": "BFA655DC-6C51-11DA-8BDE-F66BAD1E3F3A" - }, - { - "providerName": "TS Rdp Sound End Point Trace", - "providerGuid": "5A966D1C-6B48-11DA-8BDE-F66BAD1E3F3A" - }, - { - "providerName": "UMB Trace", - "providerGuid": "96AB095A-9519-4F5C-81EE-C510B0A45463" - }, - { - "providerName": "UmBus Driver Trace", - "providerGuid": "F9BE9C98-10DB-4318-BB61-CB0DDEA08BF7" - }, - { - "providerName": "UMDF - Driver Manager Trace", - "providerGuid": "485E7DEA-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Framework Trace", - "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Host Process Trace", - "providerGuid": "485E7DF0-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Lpc Driver Trace", - "providerGuid": "485E7DED-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Lpc Trace", - "providerGuid": "485E7DEF-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Platform Library Trace", - "providerGuid": "485E7DE8-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Reflector Trace", - "providerGuid": "485E7DEE-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - Test Trace", - "providerGuid": "485E7DEB-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMDF - WDF Core", - "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "UMPass Driver Trace", - "providerGuid": "FF9E2BDD-0E24-437C-84BE-7CFCAE635808" - }, - { - "providerName": "USB Storage Driver Tracing Provider", - "providerGuid": "72FB9358-A9B3-41E0-AE41-E8DECA41E3A8" - }, - { - "providerName": "User-mode PnP Manager Trace", - "providerGuid": "A676B545-4CFB-4306-A067-502D9A0F2220" - }, - { - "providerName": "User32", - "providerGuid": "B0AA8734-56F7-41CC-B2F4-DE228E98B946" - }, - { - "providerName": "Volsnap", - "providerGuid": "CB017CD2-1F37-4E65-82BC-3E91F6A37559" - }, - { - "providerName": "VSS tracing provider", - "providerGuid": "9138500E-3648-4EDB-AA4C-859E9F7B7C38" - }, - { - "providerName": "Windows Connect Now", - "providerGuid": "C100BECE-D33A-4A4B-BF23-BBEF4663D017" - }, - { - "providerName": "Windows Defender Firewall API", - "providerGuid": "28C9F48F-D244-45A8-842F-DC9FBC9B6E92" - }, - { - "providerName": "Windows Defender Firewall API - GP", - "providerGuid": "0EFF663F-8B6E-4E6D-8182-087A8EAA29CB" - }, - { - "providerName": "Windows Defender Firewall Driver", - "providerGuid": "D5E09122-D0B2-4235-ADC1-C89FAAAF1069" - }, - { - "providerName": "Windows Defender Firewall NetShell Plugin", - "providerGuid": "28C9F48F-D244-45A8-842F-DC9FBC9B6E94" - }, - { - "providerName": "Windows Defender Firewall Service", - "providerGuid": "5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D" - }, - { - "providerName": "Windows Error Reporting", - "providerGuid": "0EAD09BD-2157-539A-8D6D-C87F95B64D70" - }, - { - "providerName": "Windows Kernel Trace", - "providerGuid": "9E814AAD-3204-11D2-9A82-006008A86939" - }, - { - "providerName": "Windows Media Player Trace", - "providerGuid": "A9C1A3B7-54F3-4724-ADCE-58BC03E3BC78" - }, - { - "providerName": "Windows NetworkItemFactory Trace", - "providerGuid": "D2A60D61-0F87-4673-A86C-9C461457FE27" - }, - { - "providerName": "Windows Notification Facility Provider", - "providerGuid": "42695762-EA50-497A-9068-5CBBB35E0B95" - }, - { - "providerName": "Windows Remote Management Trace", - "providerGuid": "04C6E16D-B99F-4A3A-9B3E-B8325BBC781E" - }, - { - "providerName": "Windows Wininit Trace", - "providerGuid": "C2BA06E2-F7CE-44AA-9E7E-62652CDEFE97" - }, - { - "providerName": "Windows Winlogon Trace", - "providerGuid": "D451642C-63A6-11D7-9720-00B0D03E0347" - }, - { - "providerName": "Windows-ApplicationModel-Store-SDK", - "providerGuid": "FF79A477-C45F-4A52-8AE0-2B324346D4E4" - }, - { - "providerName": "WindowsAzure-GuestAgent-Diagnostic", - "providerGuid": "DE49CBBE-8388-4C87-8310-2F9EC1338BDE" - }, - { - "providerName": "WindowsAzure-GuestAgent-Metrics", - "providerGuid": "FFF0196F-EE4C-4EAF-9AA5-776F622DEB4F" - }, - { - "providerName": "WindowsAzure-GuestAgent-Status", - "providerGuid": "69B669B9-4AF8-4C50-BDC4-6006FA76E975" - }, - { - "providerName": "WindowsAzureGuestAgent", - "providerGuid": "3000B92B-CA8B-4269-90EA-C4185EE09E92" - }, - { - "providerName": "WINSATAPI_ETW_PROVIDER", - "providerGuid": "617853D6-728B-4B59-8A78-C3A9A5EADE92" - }, - { - "providerName": "winsrvext", - "providerGuid": "2B9537F0-4A90-557B-1313-D0CE2827A94A" - }, - { - "providerName": "Wireless Client Trace", - "providerGuid": "8A3CF0B5-E0BC-450B-AE4B-61728FFA1D58" - }, - { - "providerName": "WLAN AutoConfig Trace", - "providerGuid": "0C5A3172-2248-44FD-B9A6-8389CB1DC56A" - }, - { - "providerName": "WLAN Diagnostics Trace", - "providerGuid": "637A0F36-DFF5-4B2F-83DD-B106C1C725E2" - }, - { - "providerName": "WLAN Dialog Trace", - "providerGuid": "520319A9-B932-4EC7-943C-61E560939101" - }, - { - "providerName": "WLAN Extensibility Trace", - "providerGuid": "E2EB5B52-08B1-4391-B670-F58317376247" - }, - { - "providerName": "WMI_Tracing", - "providerGuid": "1FF6B227-2CA7-40F9-9A66-980EADAA602E" - }, - { - "providerName": "WMI_Tracing_Client_Operations", - "providerGuid": "8E6B6962-AB54-4335-8229-3255B919DD0E" - }, - { - "providerName": "WMP Network Sharing API", - "providerGuid": "8ED60A3A-8C12-49C5-A518-FDF451BC10FC" - }, - { - "providerName": "WMP Network Sharing Service", - "providerGuid": "A7EB57F6-145E-4F18-BD75-DBBF6F7E23A7" - }, - { - "providerName": "WMP Network Sharing Taskbar", - "providerGuid": "D804A67F-4C25-43C1-896F-89FF78B3A911" - }, - { - "providerName": "WPD API Trace", - "providerGuid": "C3C5D8AF-2FD5-4500-A8E7-379C2D0BBE2E" - }, - { - "providerName": "WPD Bluetooth MTP Emumerator Driver Trace", - "providerGuid": "4B6EFB94-30EA-49A7-BB29-E9ED9DCE67DA" - }, - { - "providerName": "WPD BusEnumService Trace", - "providerGuid": "0381564E-D5CB-4E48-AB35-BE24389B0F59" - }, - { - "providerName": "WPD ClassExtension Trace", - "providerGuid": "A0A352C5-B8EC-41E9-9936-8452C1C0A6CF" - }, - { - "providerName": "WPD ClassInstaller Trace", - "providerGuid": "45350D79-4497-42F1-BD1B-83587575B91A" - }, - { - "providerName": "WPD FSDriver Trace", - "providerGuid": "1311095B-B9FF-497A-8560-2F43CA5438E4" - }, - { - "providerName": "WPD MTPDriver Trace", - "providerGuid": "97496DDA-C211-4FFE-B1B1-68E6E98EBC38" - }, - { - "providerName": "WPD ShellExtension Trace", - "providerGuid": "A42C7BD1-5AF3-4B32-9BC6-B85EB31D3F4A" - }, - { - "providerName": "WPD ShellServiceObject Trace", - "providerGuid": "1AB5AC29-037F-43A1-9484-78C9DB61F869" - }, - { - "providerName": "WPD Types Trace", - "providerGuid": "58E8F67D-29E9-456C-B23D-C6489E341BB0" - }, - { - "providerName": "WPD WiaCompat Trace", - "providerGuid": "B809F4FF-3023-473C-971B-AB594429EA57" - }, - { - "providerName": "WPD WMDMCompat Trace", - "providerGuid": "17ABF473-982C-4D0E-B502-3A59D89E71DE" - }, - { - "providerName": "WSAT_TraceProvider", - "providerGuid": "7F3FE630-462B-47C5-AB07-67CA84934ABD" - }, - { - "providerName": "Wudfx02000_KmdfTraceGuid", - "providerGuid": "485E7DE9-0A80-11D8-AD15-505054503030" - }, - { - "providerName": "XWizard Framework", - "providerGuid": "777BA8FF-2498-4875-933A-3067DE883070" - } - ] -} \ No newline at end of file diff --git a/internal/vm/vmutils/etw/etw_map.go b/internal/vm/vmutils/etw/etw_map.go new file mode 100644 index 0000000000..6bd7f72764 --- /dev/null +++ b/internal/vm/vmutils/etw/etw_map.go @@ -0,0 +1,1199 @@ +package etw + +// LOWERCASE ONLY keys for easier lookups and case-insensitive matching. +var etwNameToGuidMap = map[string]string{ + "microsoft.windows.containers.setup": "22267b1c-b979-5c81-9e24-0db386a62dd1", + "microsoft.windows.containers.storage": "2551390d-5927-5c84-6f0a-027a7e78d38d", + "microsoft.windows.containers.library": "67eb0417-9297-42ae-a1d9-98bfeb359059", + "microsoft.windows.containers.dynamicimage": "8ce2286c-3705-4a2a-8e36-134eae9ca147", + "microsoft.windows.filesystem.cimfs": "772ff917-30cf-50bd-d471-55a093ea8cf8", + "microsoft.windows.filesystem.unionfs": "68d6ffd0-365a-579d-6d26-76b2a0af1ddc", + "microsoft-windows-guest-network-service": "0bacf1d2-fb51-549a-6119-04daa7180dc8", + "microsoft.windows.hyperv.compute": "80ce50de-d264-4581-950d-abadeee0d340", + "microsoft.windows.logforwardservice.provider": "396a26ff-fb73-5465-0d17-dd4930896239", + "microsoft.windows.security.keyguard": "37e53459-522d-5f7d-9a19-ecfd819075c2", + "microsoft.windows.security.keyguard.attestation.verify": "268833e4-8305-5640-ecee-0f30f10668be", + ".net common language runtime": "e13c0d23-ccbc-4e12-931b-d9cc2eee27e4", + "acpi driver trace provider": "dab01d4d-2d48-477d-b1c3-daad0ce6f06b", + "active directory domain services: sam": "8e598056-8993-11d2-819e-0000f875a064", + "active directory: kerberos client": "bba3add2-c229-4cdb-ae2b-57eb6966b0c4", + "active directory: netlogon": "f33959b4-dbec-11d2-895b-00c04f79ab69", + "adodb.1": "04c8a86f-3369-12f8-4769-24e484a9e725", + "adomd.1": "7ea56435-3f2f-3f63-a829-f0b35b5cad41", + "appagentruntime": "d38b3095-6abd-419f-a8d5-3d01b8b6a4e7", + "application error": "a0e9b465-b939-57d7-b27d-95d8e925ff57", + "application hang": "c631c3dc-c676-59e4-2db3-5c0af00f9675", + "application popup": "47bfa2b7-bd54-4fac-b70b-29021084ca8f", + "application-addon-event-provider": "a83fa99f-c356-4ded-9fd6-5a5eb8546d68", + "asp.net events": "aff081fe-0247-4275-9c4e-021f3dc1da35", + "ata port driver tracing provider": "d08bd885-501e-489a-bac6-b7d24bfe6bbf", + "authfw netshell plugin": "935f4ae6-845d-41c6-97fa-380dad429b72", + "bcp.1": "24722b88-df97-4ff6-e395-db533ac42a1e", + "bfe trace provider": "106b464a-8043-46b1-8cb8-e92a0cd7a560", + "bits service trace": "4a8aaa94-cfc4-46a7-8e4e-17bc45608f0a", + "bootstrapper": "498a78f0-d57b-488d-9666-b0e7f5473cd9", + "certificate services client credentialroaming trace": "ef4109dc-68fc-45af-b329-ca2825437209", + "certificate services client trace": "f01b7774-7ed7-401e-8088-b576793d7841", + "circular kernel session provider": "54dea73a-ed1f-42a4-af71-3e63d056f174", + "classpnp driver tracing provider": "fa8de7c4-acde-4443-9994-c4e2359a9edb", + "critical section trace provider": "3ac66736-cc59-4cff-8115-8df50e39816b", + "dbnetlib.1": "bd568f20-fccd-b948-054e-db3421115d61", + "deduplication tracing provider": "5ebb59d1-4739-4e45-872d-b8703956d84b", + "disk class driver tracing provider": "945186bf-3dd6-4f3f-9c8e-9edd3fc9d558", + "downlevel ipsec api": "94335eb3-79ea-44d5-8ea9-306f49b3a041", + "downlevel ipsec netshell plugin": "e4ff10d8-8a88-4fc6-82c8-8c23e9462fe5", + "downlevel ipsec policy store": "94335eb3-79ea-44d5-8ea9-306f49b3a070", + "downlevel ipsec service": "94335eb3-79ea-44d5-8ea9-306f49b3a040", + "ea ime api": "e2a24a32-00dc-4025-9689-c108c01991c5", + "error instrument": "cd7cf0d0-02cc-4872-9b65-0dba0a90efe8", + "fd core trace": "480217a9-f824-4bd4-bbe8-f371caaf9a0d", + "fd publication trace": "649e3596-2620-4d58-a01f-17aefe8185db", + "fd ssdp trace": "db1d0418-105a-4c77-9a25-8f96a19716a4", + "fd wnet trace": "8b20d3e4-581f-4a27-8109-df01643a7a93", + "fd wsdapi trace": "7e2dbfc7-41e8-4987-bca7-76cadfad765f", + "fdphost service trace": "f1c521ca-da82-4d79-9ee4-d7a375723b68", + "file kernel trace; operation set 1": "d75d8303-6c21-4bde-9c98-ecc6320f9291", + "file kernel trace; operation set 2": "058dd951-7604-414d-a5d6-a56d35367a46", + "file kernel trace; optional data": "7da1385c-f8f5-414d-b9d0-02fca090f1ec", + "file kernel trace; volume to log": "127d46af-4ad3-489f-9165-f00ba64d5467", + "fwpkclnt trace provider": "ad33fa19-f2d2-46d1-8f4c-e3c3087e45ad", + "fwpuclnt trace provider": "5a1600d2-68e5-4de7-bcf4-1c2d215fe0fe", + "heap trace provider": "222962ab-6180-4b88-a825-346b75f2a24a", + "iisconfigurator": "753dc014-8b03-40d0-9ea9-1af6b3084e0a", + "iishost": "7f3d17a3-0a3d-43f1-bbf2-80e3bb04d54d", + "ikeext trace provider": "106b464d-8043-46b1-8cb8-e92a0cd7a560", + "imapi1 shim": "1ff10429-99ae-45bb-8a67-c9e945b9fb6c", + "imapi2 concatenate stream": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9d", + "imapi2 disc master": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e91", + "imapi2 disc recorder": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e93", + "imapi2 disc recorder enumerator": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e92", + "imapi2 dll": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e90", + "imapi2 interleave stream": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9e", + "imapi2 media eraser": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e97", + "imapi2 msf": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9f", + "imapi2 multisession sequential": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7ea0", + "imapi2 pseudo-random stream": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9c", + "imapi2 raw cd writer": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9a", + "imapi2 raw image writer": "07e397ec-c240-4ed7-8a2a-b9ff0fe5d581", + "imapi2 standard data writer": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e98", + "imapi2 track-at-once cd writer": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e99", + "imapi2 utilities": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e94", + "imapi2 write engine": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e96", + "imapi2 zero stream": "0e85a5a5-4d5c-44b7-8bda-5b7ab54f7e9b", + "imapi2fs tracing": "f8036571-42d9-480a-babb-de7833cb059c", + "intel-ialpss-gpio": "d386cc7a-620a-41c1-abf5-55018c6c699a", + "intel-ialpss-i2c": "d4aeac44-ad44-456e-9c90-33f8cdced6af", + "intel-ialpss2-gpio2": "63848cff-3ec7-4ddf-8072-5f95e8c8eb98", + "intel-ialpss2-i2c": "c2f86198-03ca-4771-8d4c-ce6e15cbca56", + "ipmi driver trace": "d5c6a3e9-fa9c-434e-9653-165b4fc869e4", + "ipmi provider trace": "651d672b-e11f-41b7-add3-c2f6a4023672", + "kmdfv1 trace provider": "544d4c9d-942c-46d5-bf50-df5cd9524a50", + "local security authority (lsa)": "cc85922f-db41-11d2-9244-006008269001", + "lsasrv": "199fe037-2b82-40a9-82ac-e1d46c792b99", + "microsoft-antimalware-amfilter": "cfeb0608-330e-4410-b00d-56d8da9986e6", + "microsoft-antimalware-engine": "0a002690-3839-4e3a-b3b6-96d8df868d99", + "microsoft-antimalware-engine-instrumentation": "68621c25-df8d-4a6b-aabc-19a22e296a7c", + "microsoft-antimalware-nis": "102aab0a-9d9c-4887-a860-55de33b96595", + "microsoft-antimalware-protection": "e4b70372-261f-4c54-8fa6-a5a7914d73da", + "microsoft-antimalware-rtp": "8e92deef-5e17-413b-b927-59b2f06a3cfc", + "microsoft-antimalware-scan-interface": "2a576b87-09a7-520e-c21a-4942f0271d67", + "microsoft-antimalware-service": "751ef305-6c6e-4fed-b847-02ef79d26aef", + "microsoft-antimalware-uacscan": "d37e7910-79c8-57c4-da77-52bb646364cd", + "microsoft-appv-client": "e4f68870-5ae8-4e5b-9ce7-ca9ed75b0245", + "microsoft-appv-client-streamingux": "28cb46c7-4003-4e50-8bd9-442086762d12", + "microsoft-appv-servicelog": "9cc69d1c-7917-4acd-8066-6bf8b63e551b", + "microsoft-appv-sharedperformance": "fb4a19ee-eb5a-47a4-bc52-e71aac6d0859", + "microsoft-autopilot-bootstrapperagent": "cb1ff6d6-3248-4484-b96e-0973f64838c4", + "microsoft-client-license-flexible-platform": "6e0df32c-7f11-54f7-e8ee-5ad4032727ce", + "microsoft-client-licensing-platform": "b6cc0d55-9ecc-49a8-b929-2b9022426f2a", + "microsoft-configmgr": "fd6007de-16d4-4d5b-a6d7-19aad3211528", + "microsoft-epm-events": "56b809b5-d9e6-4f21-a807-2a1e3ed4159e", + "microsoft-gaming-services": "bc1bdb57-71a2-581a-147b-e0b49474a2d4", + "microsoft-ie": "9e3b3947-ca5d-4614-91a2-7b624e0e7244", + "microsoft-ie-jsdumpheap": "7f8e35ca-68e8-41b9-86fe-d6adc5b327e7", + "microsoft-ieframe": "5c8bb950-959e-4309-8908-67961a1205d5", + "microsoft-intune-controlconfig-client-telemetry": "9d7adb63-2e58-4503-b3ce-9017d7c88537", + "microsoft-intune-epm-client-telemetry": "8ad61205-8e7e-4be4-8d30-e2480500b39a", + "microsoft-intune-sidecar-client-telemetry": "e20927af-32d7-4d5d-9f73-82f077a1c891", + "microsoft-inventory-events": "5e6ac3d4-6a7e-4fdc-98f8-7017e4f177bf", + "microsoft-jscript": "57277741-3638-4a4b-bdba-0ac6e45da56c", + "microsoft-office-events": "8736922d-e8b2-47eb-8564-23e77e728cf3", + "microsoft-office-word": "daf0b914-9c1c-450a-81b2-fea7244f6ffa", + "microsoft-office-word2": "bb00e856-a12f-4ab7-b2c8-4e80caea5b07", + "microsoft-office-word3": "a1b69d49-2195-4f59-9d33-bdf30c0fe473", + "microsoft-onecore-onlinesetup": "41862974-da3b-4f0b-97d5-bb29fbb9b71e", + "microsoft-perftrack-ieframe": "b2a40f1f-a05a-4dfd-886a-4c4f18c4334c", + "microsoft-perftrack-mshtml": "ffdb9886-80f3-4540-aa8b-b85192217ddf", + "microsoft-quic": "ff15e657-4f26-570e-88ab-0796b258d11c", + "microsoft-servicebus-client": "a307c7a2-a4cd-4d22-8093-94db72934152", + "microsoft-system-diagnostics-diagnosticinvoker": "9068a924-f97e-5506-c3a3-5c020c00e8e0", + "microsoft-user experience virtualization-admin": "61bc445e-7a8d-420e-ab36-9c7143881b98", + "microsoft-user experience virtualization-agent driver": "de29cf61-5ee6-43ff-9aac-959c4e13cc6c", + "microsoft-user experience virtualization-app agent": "1ed6976a-4171-4764-b415-7ea08bc46c51", + "microsoft-user experience virtualization-ipc": "21d79db0-8e03-41cd-9589-f3ef7001a92a", + "microsoft-user experience virtualization-sqm uploader": "57003e21-269b-4bdc-8434-b3bf8d57d2d5", + "microsoft-windows networking vpn plugin platform": "e5fc4a0f-7198-492f-9b0f-88fdcbfded48", + "microsoft-windows-aad": "4de9bc9c-b27a-43c9-8994-0915f1a5e24f", + "microsoft-windows-aadrt": "2dca52ac-167d-4d59-a491-c237bb978d83", + "microsoft-windows-accellib-accelcx": "9c4cf201-dd11-5e35-9de5-2c2146832011", + "microsoft-windows-acl-ui": "ea4cc8b8-a150-47a3-afb9-c8d194b19452", + "microsoft-windows-actionqueue": "0dd4d48e-2bbf-452f-a7ec-ba3dba8407ae", + "microsoft-windows-adsi": "7288c9f8-d63c-4932-a345-89d6b060174d", + "microsoft-windows-ait": "6addabf4-8c54-4eab-bf4f-fbef61b62eb0", + "microsoft-windows-all-user-install-agent": "d2e990da-8504-4702-a5e5-367fc2f823bf", + "microsoft-windows-apphost": "98e0765d-8c42-44a3-a57b-760d7f93225a", + "microsoft-windows-appid": "3cb2a168-fe19-4a4e-bdad-dcf422f13473", + "microsoft-windows-appidservicetrigger": "d02a9c27-79b8-40d6-9b97-cf3f8b7b5d60", + "microsoft-windows-applicabilityengine": "10a208dd-a372-421c-9d99-4fad6db68b62", + "microsoft-windows-application server-applications": "c651f5f6-1c0d-492e-8ae1-b4efd7c9d503", + "microsoft-windows-application-experience": "eef54e71-0661-422d-9a98-82fd4940b820", + "microsoft-windows-applicationexperience-cache": "6d8a3a60-40af-445a-98ca-99359e500146", + "microsoft-windows-applicationexperience-lookupservicetrigger": "18f4a5fd-fd3b-40a5-8fc2-e5d261c5d02e", + "microsoft-windows-applicationexperience-switchback": "17d6e590-f5fe-11dc-95ff-0800200c9a66", + "microsoft-windows-applicationexperienceinfrastructure": "5ec13d8e-4b3f-422e-a7e7-3121a1d90c7a", + "microsoft-windows-applocker": "cbda4dbf-8d5d-4f69-9578-be14aa540d22", + "microsoft-windows-appmodel-exec": "eb65a492-86c0-406a-bace-9912d595bd69", + "microsoft-windows-appmodel-messagingdatamodel": "1e2462be-b025-48da-8c1f-7b60b8ccae53", + "microsoft-windows-appmodel-runtime": "f1ef270a-0d32-4352-ba52-dbab41e1d859", + "microsoft-windows-appmodel-state": "bff15e13-81bf-45ee-8b16-7cfead00da86", + "microsoft-windows-appreadiness": "f0be35f8-237b-4814-86b5-ade51192e503", + "microsoft-windows-appsruprov": "0cc157b3-cf07-4fc2-91ee-31ac92e05fe1", + "microsoft-windows-appxdeployment": "8127f6d4-59f9-4abf-8952-3e3a02073d5f", + "microsoft-windows-appxdeployment-server": "3f471139-acb7-4a01-b7a7-ff5da4ba2d43", + "microsoft-windows-appxdeployment-server-undockeddeh": "43833e12-078d-4d7d-8aaf-ae8c8520f18c", + "microsoft-windows-appxpackagingom": "ba723d81-0d0c-4f1e-80c8-54740f508ddf", + "microsoft-windows-asn1": "d92ef8ac-99dd-4ab8-b91d-c6eba85f3755", + "microsoft-windows-assignedaccess": "8530db6e-51c0-43d6-9d02-a8c2088526cd", + "microsoft-windows-assignedaccessbroker": "f2311b48-32be-4902-a22a-7240371dbb2c", + "microsoft-windows-asynchronouscausality": "19a4c69a-28eb-4d4b-8d94-5f19055a1b5c", + "microsoft-windows-ataport": "cb587ad1-cc35-4ef1-ad93-36cc82a2d319", + "microsoft-windows-audio": "ae4bd3be-f36f-45b6-8d21-bdd6fb832853", + "microsoft-windows-audit": "75ebc33e-0936-4a55-9d26-5f298f3180bf", + "microsoft-windows-audit-cve": "85a62a0d-7e17-485f-9d4f-749a287193a6", + "microsoft-windows-authenticationprovider": "dddc1d91-51a1-4a8d-95b5-350c4ee3d809", + "microsoft-windows-axinstallservice": "dab3b18c-3c0f-43e8-80b1-e44bc0dad901", + "microsoft-windows-backgroundtransfer-contentprefetcher": "648a0644-7d62-4fd3-8841-440064762f95", + "microsoft-windows-base-filtering-engine-connections": "121d3da8-baf1-4dcb-929f-2d4c9a47f7ab", + "microsoft-windows-base-filtering-engine-resource-flows": "92765247-03a9-4ae3-a575-b42264616e78", + "microsoft-windows-battery": "59819d0a-adaf-46b2-8d7c-990bc39c7c15", + "microsoft-windows-bfetriggerprovider": "54732ee5-61ca-4727-9da1-10be5a4f773d", + "microsoft-windows-biometrics": "a0e3d8ea-c34f-4419-a1db-90435b8b21d0", + "microsoft-windows-bitlocker-api": "5d674230-ca9f-11da-a94d-0800200c9a66", + "microsoft-windows-bitlocker-drivepreparationtool": "632f767e-0ec3-47b9-ba1c-a0e62a74728a", + "microsoft-windows-bitlocker-driver": "651df93b-5053-4d1e-94c5-f6e6d25908d0", + "microsoft-windows-bitlocker-driver-performance": "1de130e1-c026-4cbf-ba0f-ab608e40aeea", + "microsoft-windows-bits-client": "ef1cc15b-46c1-414e-bb95-e76b077bd51e", + "microsoft-windows-bluetooth-bthleprepairing": "4af188ac-e9c4-4c11-b07b-1fabc07dfeb2", + "microsoft-windows-bluetooth-bthmini": "db25b328-a6f6-444f-9d97-a50e20217d16", + "microsoft-windows-bluetooth-mtpenum": "04268430-d489-424d-b914-0cff741d6684", + "microsoft-windows-bluetooth-policy": "0602ecef-6381-4bc0-aeda-eb9bb919b276", + "microsoft-windows-bootux": "67d781bd-cbd2-4bd2-ad1f-6152fb891246", + "microsoft-windows-branchcache": "7eafcf79-06a7-460b-8a55-bd0a0c9248aa", + "microsoft-windows-branchcacheclienteventprovider": "e837619c-a2a8-4689-833f-47b48ebd2442", + "microsoft-windows-branchcacheeventprovider": "dd85457f-4e2d-44a5-a7a7-6253362e34dc", + "microsoft-windows-branchcachemonitoring": "a2f55524-8ebc-45fd-88e4-a1b39f169e08", + "microsoft-windows-branchcachesmb": "4a933674-fb3d-4e8d-b01d-17ee14e91a3e", + "microsoft-windows-brokerinfrastructure": "e6835967-e0d2-41fb-bcec-58387404e25a", + "microsoft-windows-bth-bthport": "8a1f9517-3a8c-4a9e-a018-4f17a200f277", + "microsoft-windows-bth-bthusb": "33693e1d-246a-471b-83be-3e75f47a832d", + "microsoft-windows-build-regdll": "d39b6336-cfcb-483b-8c76-7c3e7d02bcb8", + "microsoft-windows-capi2": "5bbca4a8-b209-48dc-a8c7-b23d3e5216fb", + "microsoft-windows-cdrom": "9b6123dc-9af6-4430-80d7-7d36f054fb9f", + "microsoft-windows-certificateservicesclient": "73370bd6-85e5-430b-b60a-fea1285808a7", + "microsoft-windows-certificateservicesclient-autoenrollment": "f0db7ef8-b6f3-4005-9937-feb77b9e1b43", + "microsoft-windows-certificateservicesclient-certenroll": "54164045-7c50-4905-963f-e5bc1eef0cca", + "microsoft-windows-certificateservicesclient-credentialroaming": "89a2278b-c662-4aff-a06c-46ad3f220bca", + "microsoft-windows-certificateservicesclient-lifecycle-system": "bc0669e1-a10d-4a78-834e-1ca3c806c93b", + "microsoft-windows-certificateservicesclient-lifecycle-user": "bea18b89-126f-4155-9ee4-d36038b02680", + "microsoft-windows-certificationauthorityclient-certcli": "98bf1cd3-583e-4926-95ee-a61bf3f46470", + "microsoft-windows-certpoleng": "af9cc194-e9a8-42bd-b0d1-834e9cfab799", + "microsoft-windows-cleanmgr": "9ae87b12-a014-5288-92df-e3030981ebab", + "microsoft-windows-cleartypetexttuner": "0a88862d-20a3-4c1f-b76f-162c55adbf93", + "microsoft-windows-cloudfiles-filter": "4580bb06-baed-5b62-a4d5-92fa7156e7db", + "microsoft-windows-cloudrestorelauncher": "dc327e90-7748-58ed-f39c-8a8987cfac58", + "microsoft-windows-cloudstore": "741bb90c-a7a3-49d6-bd82-1e6b858403f7", + "microsoft-windows-cmisetup": "75ebc33e-0cc6-49da-8cd9-8903a5222aa0", + "microsoft-windows-codeintegrity": "4ee76bd8-3cf4-44a0-a0ac-3937643e37a3", + "microsoft-windows-com": "d4263c98-310c-4d97-ba39-b55354f08584", + "microsoft-windows-com-perf": "b8d6861b-d20f-4eec-bbae-87e0dd80602b", + "microsoft-windows-com-rundowninstrumentation": "2957313d-fcaa-5d4a-2f69-32ce5f0ac44e", + "microsoft-windows-comdlg32": "7f912b92-21ad-496e-b97a-88622a72bc42", + "microsoft-windows-compat-appraiser": "442c11c5-304b-45a4-ae73-dc2194c4e876", + "microsoft-windows-complus": "0f177893-4a9c-4709-b921-f432d67f43d5", + "microsoft-windows-comruntime": "bf406804-6afa-46e7-8a48-6c357e1d6d61", + "microsoft-windows-configuration-change-monitor": "a148cf02-be6d-5f08-94e3-b68de60d8422", + "microsoft-windows-containers-bindflt": "fc4e8f51-7a04-4bab-8b91-6321416f72ab", + "microsoft-windows-containers-wcifs": "aec5c129-7c10-407d-be97-91a042c61aaa", + "microsoft-windows-coresystem-initmachineconfig": "0b886108-1899-4d3a-9c0d-42d8fc4b9108", + "microsoft-windows-coresystem-netprovision-joinprovideronline": "3629dd4d-d6f1-4302-a623-0768b51501c7", + "microsoft-windows-coresystem-smsrouter": "a9c11050-9e93-4fa4-8fe0-7c4750a345b2", + "microsoft-windows-corewindow": "a3d95055-34cc-4e4a-b99f-ec88f5370495", + "microsoft-windows-corruptedfilerecovery-client": "ba093605-3909-4345-990b-26b746adee0a", + "microsoft-windows-corruptedfilerecovery-server": "d6f68875-cdf5-43a5-a3e3-53ffd683311c", + "microsoft-windows-crashdump": "ecdaacfa-6fe9-477c-b5f0-85b76f8f50aa", + "microsoft-windows-credui": "5a24fcdb-1cf3-477b-b422-ef4909d51223", + "microsoft-windows-crypto-bcrypt": "c7e089ac-ba2a-11e0-9af7-68384824019b", + "microsoft-windows-crypto-cng": "e3e0e2f0-c9c5-11e0-8ab9-9ebc4824019b", + "microsoft-windows-crypto-dpapi": "89fe8f40-cdce-464e-8217-15ef97d4c7c3", + "microsoft-windows-crypto-dssenh": "43dad447-735f-4829-a6ff-9829a87419ff", + "microsoft-windows-crypto-ncrypt": "e8ed09dc-100c-45e2-9fc8-b53399ec1f70", + "microsoft-windows-crypto-rng": "54d5ac20-e14f-4fda-92da-ebf7556ff176", + "microsoft-windows-crypto-rsaenh": "152fdb2b-6e9d-4b60-b317-815d5f174c4a", + "microsoft-windows-d3d10level9": "7e7d3382-023c-43cb-95d2-6f0ca6d70381", + "microsoft-windows-d3d9": "783aca0a-790e-4d7f-8451-aa850511c6b9", + "microsoft-windows-dal-provider": "7e87506f-bace-4bf1-bc09-3a1f37045c71", + "microsoft-windows-data-pdf": "b97561fe-b27a-4c48-aa3e-7d3addc105b1", + "microsoft-windows-dataintegrityscan": "13bc4371-4e21-4e46-a84f-8c0ffb548ced", + "microsoft-windows-datetimecontrolpanel": "741fc222-44ed-4ba7-98e3-f405b2d2c4b4", + "microsoft-windows-dclocator": "cfaa5446-c6c4-4f5c-866f-31c9b55b962d", + "microsoft-windows-ddisplay": "75051c9d-2833-4a29-8923-046db7a432ca", + "microsoft-windows-deduplication": "f9fe3908-44b8-48d9-9a32-5a763ff5ed79", + "microsoft-windows-deduplication-change": "1d5e499d-739c-45a6-a3e1-8cbe0a352beb", + "microsoft-windows-defrag-core": "e3257c8c-c7cb-444f-9da0-5d92a2625289", + "microsoft-windows-deliveryoptimization": "f8ad09ba-419c-5134-1750-270f4d0fb889", + "microsoft-windows-deplorch": "b9da9fe6-ae5f-4f3e-b2fa-8e623c11dc75", + "microsoft-windows-desktopactivitymoderator": "32dd13df-9c0b-4c3b-b854-ee76c050f5f4", + "microsoft-windows-deviceassociationservice": "56c71c31-cfbd-4cdd-8559-505e042bbbe1", + "microsoft-windows-deviceconfidence": "1d5990c1-ec62-49f0-9e37-1f4db12db41e", + "microsoft-windows-deviceguard": "f717d024-f5b4-4f03-9ab9-331b2dc38ffb", + "microsoft-windows-devicemanagement-enterprise-diagnostics-provider": "3da494e4-0fe2-415c-b895-fb5265c5c83b", + "microsoft-windows-devicemanagement-pushrouter": "f1201b5a-e170-42b6-8d20-b57ac57e6416", + "microsoft-windows-devices-accessbroker": "64fb8d23-f0b6-5d2d-b1f6-488303c1761f", + "microsoft-windows-devices-background": "64ef2b1c-4ae1-4e64-8599-1636e441ec88", + "microsoft-windows-devices-query": "df63d0dc-97c2-5e48-c1cc-7b46bfd4df88", + "microsoft-windows-devicesetupmanager": "fcbb06bb-6a2a-46e3-abaa-246cb4e508b2", + "microsoft-windows-devicesync": "09ec9687-d7ad-40ca-9c5e-78a04a5ae993", + "microsoft-windows-deviceupdateagent": "e8f9af91-afbe-5a03-dfec-5d591686326c", + "microsoft-windows-deviceux": "ded165cf-485d-4770-a3e7-9c5f0320e80c", + "microsoft-windows-devmgmt-ueficsp": "739d66d8-76c4-4004-873f-169ae5c6eaca", + "microsoft-windows-dfssvc": "7da4fe0e-fd42-4708-9aa5-89b77a224885", + "microsoft-windows-dhcp-client": "15a7a4f8-0072-4eab-abad-f98a4d666aed", + "microsoft-windows-dhcpv6-client": "6a1f2b00-6a90-4c38-95a5-5cab3b056778", + "microsoft-windows-diagcpl": "1a396961-5f3c-4c71-8310-44c653c0bf8a", + "microsoft-windows-diagnosis-advancedtaskmanager": "178dadaf-7ac4-4593-ab3e-a45fda6d0d55", + "microsoft-windows-diagnosis-dps": "6bba3851-2c7e-4dea-8f54-31e5afd029e3", + "microsoft-windows-diagnosis-msde": "a50b09f8-93eb-4396-84c9-dc921259f952", + "microsoft-windows-diagnosis-pcw": "aabf8b86-7936-4fa2-acb0-63127f879dbf", + "microsoft-windows-diagnosis-pla": "e4d53f84-7de3-11d8-9435-505054503030", + "microsoft-windows-diagnosis-scheduled": "40ab57c2-1c53-4df9-9324-ff7cf898a02c", + "microsoft-windows-diagnosis-scripted": "e1dd7e52-621d-44e3-a1ad-0370c2b25946", + "microsoft-windows-diagnosis-scripteddiagnosticsprovider": "9363ccd9-d429-4452-9adb-2501e704b810", + "microsoft-windows-diagnosis-wdc": "05921578-2261-42c7-a0d3-26ddbce6c50d", + "microsoft-windows-diagnosis-wdi": "e01b1a7c-c5c9-4e67-99a9-5e85acfb2e10", + "microsoft-windows-diagnostics-loggingchannel": "4bd2826e-54a1-4ba9-bf63-92b73ea1ac4a", + "microsoft-windows-diagnostics-networking": "36c23e18-0e66-11d9-bbeb-505054503030", + "microsoft-windows-diagnostics-performance": "cfc18ec0-96b1-4eba-961b-622caee05b0a", + "microsoft-windows-diagnostics-perftrack": "030f2f57-abd0-4427-bcf1-3a3587d7dc7d", + "microsoft-windows-direct3d10": "9b7e4c0f-342c-4106-a19f-4f2704f689f0", + "microsoft-windows-direct3d10_1": "9b7e4c8f-342c-4106-a19f-4f2704f689f0", + "microsoft-windows-direct3d11": "db6f6ddb-ac77-4e88-8253-819df9bbf140", + "microsoft-windows-direct3d12": "5d8087dd-3a9b-4f56-90df-49196cdc4f11", + "microsoft-windows-direct3dshadercache": "2d4ebca6-ea64-453f-a292-ae2ea0ee513b", + "microsoft-windows-directcomposition": "c44219d0-f344-11df-a5e2-b307dfd72085", + "microsoft-windows-directmanipulation": "5786e035-ef2d-4178-84f2-5a6bbedbb947", + "microsoft-windows-directory-services-sam": "0d4fdc09-8c27-494a-bda0-505e4fd8adae", + "microsoft-windows-directory-services-sam-utility": "bd8fea17-5549-4b49-aa03-1981d16396a9", + "microsoft-windows-directshow-core": "968f313b-097f-4e09-9cdd-bc62692d138b", + "microsoft-windows-directshow-kernelsupport": "3cc2d4af-da5e-4ed4-bcbe-3cf995940483", + "microsoft-windows-directsound": "8a93b54b-c75a-49b5-a5be-9060715b1a33", + "microsoft-windows-disk": "6b4db0bc-9a3d-467d-81b9-a84c6f2f3d40", + "microsoft-windows-diskdiagnostic": "e670a5a2-ce74-4ab4-9347-61b815319f4c", + "microsoft-windows-diskdiagnosticdatacollector": "e104fb41-6b04-4f3a-b47d-f0df2f02b954", + "microsoft-windows-diskdiagnosticresolver": "6b1ffe48-5b1e-4793-9f7f-ae926454499d", + "microsoft-windows-dism-api": "75b0da21-8b50-42eb-9448-ec48b1729b57", + "microsoft-windows-dism-cli": "2f959466-24d4-4972-8729-0d5e3539ebc3", + "microsoft-windows-display": "6ece3302-fee1-4ea9-8b88-086d459ed976", + "microsoft-windows-displaycolorcalibration": "3239eb6f-c7fc-4953-aa15-646829a4ca4c", + "microsoft-windows-displayswitch": "192ede41-9175-4c86-ac02-9d003c9d43ab", + "microsoft-windows-distributedcom": "1b562e86-b7aa-4131-badc-b6f3a001407e", + "microsoft-windows-dlna-namespace": "d38fb874-33e4-4dcf-911e-1b53bb106d53", + "microsoft-windows-dns-client": "1c95126e-7eea-49a9-a3fe-a378b03ddb4d", + "microsoft-windows-documents": "c89b991e-3b48-49b2-80d3-ac000dfc9749", + "microsoft-windows-domainjoinmanagertriggerprovider": "5b004607-1087-4f16-b10e-979685a8d131", + "microsoft-windows-dotnetruntime": "e13c0d23-ccbc-4e12-931b-d9cc2eee27e4", + "microsoft-windows-dotnetruntimerundown": "a669021c-c450-4609-a035-5af59af4df18", + "microsoft-windows-driverframeworks-kernelmode-performance": "486a5c7c-11cc-46c5-9de7-43dfe0bb57c1", + "microsoft-windows-driverframeworks-usermode": "2e35aaeb-857f-4beb-a418-2e6c0e54d988", + "microsoft-windows-driverframeworks-usermode-performance": "9fa5dd5d-999e-466a-8ca9-7b3a66f8882f", + "microsoft-windows-driverproxy": "45c0e4cb-5120-5f84-0418-8a18ed702e9a", + "microsoft-windows-dsc": "50df9e12-a8c4-4939-b281-47e1325ba63e", + "microsoft-windows-dui": "8360bd0f-a7dc-4391-91a7-a457c5c381e4", + "microsoft-windows-duser": "8429e243-345b-47c1-8a91-2c94caf0daab", + "microsoft-windows-dvd": "e18d0fca-9515-4232-98e4-89e456d8551b", + "microsoft-windows-dwm-api": "292a52c4-fa27-4461-b526-54a46430bd54", + "microsoft-windows-dwm-compositor": "044a9015-d96c-5dd1-0199-72d258325298", + "microsoft-windows-dwm-core": "9e9bba3c-2e38-40cb-99f4-9e8281425164", + "microsoft-windows-dwm-dwm": "d29d56ea-4867-4221-b02e-cfd998834075", + "microsoft-windows-dwm-redir": "7d99f6a4-1bec-4c09-9703-3aaa8148347f", + "microsoft-windows-dwm-udwm": "a2d1c713-093b-43a7-b445-d09370ec9f47", + "microsoft-windows-dxgi": "ca11c036-0102-4a2d-a6ad-f03cfed5d3c9", + "microsoft-windows-dxgidebug": "f1ff64ef-faf3-5699-8e51-f6ec2fbd97d1", + "microsoft-windows-dxgkrnl": "802ec45a-1e99-4b83-9920-87c98277ba9d", + "microsoft-windows-dxgkrnl-sysmm": "9de90b19-62c4-511d-a1c5-9e990812d18b", + "microsoft-windows-dxp": "728b8c72-0f0f-4071-9bcc-27cb3b6dacbe", + "microsoft-windows-dxptasksyncprovider": "271c5228-c3fe-4e47-831f-48c3652ce5ac", + "microsoft-windows-eaphost": "6eb8db94-fe96-443f-a366-5fe0cee7fb1c", + "microsoft-windows-eapmethods-raschap": "58980f4b-bd39-4a3e-b344-492ed2254a4e", + "microsoft-windows-eapmethods-rastls": "9cc0413e-5717-4af5-82eb-6103d8707b45", + "microsoft-windows-eapmethods-sim": "3d42a67d-9ce8-4284-b755-2550672b0ce0", + "microsoft-windows-eapmethods-ttls": "d710d46c-235d-4798-ac20-9f83e1dcd557", + "microsoft-windows-easeofaccess": "74b4a4b1-2302-4768-ac5b-9773dd456b08", + "microsoft-windows-edp-applearning": "9803daa0-81ba-483a-986c-f0e395b9f8d1", + "microsoft-windows-edp-audit-regular": "50f99b2d-96d2-421f-be4c-222c4140da9f", + "microsoft-windows-edp-audit-tcb": "287d59b6-79ba-4741-a08b-2fedeede6435", + "microsoft-windows-efs": "3663a992-84be-40ea-bba9-90c7ed544222", + "microsoft-windows-els-hyphenation": "51aedb05-890b-4ade-8ba1-0ba14b8e8973", + "microsoft-windows-endpointtriggerprovider": "92aab24d-d9a9-4a60-9f94-201fed3e3e88", + "microsoft-windows-energy-estimation-engine": "ddcc3826-a68a-4e0d-bcfd-9c06c27c6948", + "microsoft-windows-energyefficiencywizard": "1a772f65-be1e-4fc6-96bb-248e03fa60f5", + "microsoft-windows-enhancedphishingprotection-events": "e8abc5fb-bf87-5462-278d-1b5e18775a8f", + "microsoft-windows-enhancedstorage-classdriver": "f6cf91be-e7d7-57d6-2a3d-278ca406d190", + "microsoft-windows-enhancedstorage-ehstortcgdrv": "aa3aa23b-bb6d-425a-b58c-1d7e37f5d02a", + "microsoft-windows-eqos": "54cb22ff-26b4-4393-a8c2-6b0715912c5f", + "microsoft-windows-errorreportingconsole": "017247f2-7e96-11dc-8314-0800200c9a66", + "microsoft-windows-ese": "478ea8a8-00be-4ba6-8e75-8b9dc7db9f78", + "microsoft-windows-eventcollector": "b977cf02-76f6-df84-cc1a-6a4b232322b6", + "microsoft-windows-eventlog": "fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148", + "microsoft-windows-eventlog-wmiprovider": "35ac6ce8-6104-411d-976c-877f183d2d32", + "microsoft-windows-eventsystem": "899daace-4868-4295-afcd-9eb8fb497561", + "microsoft-windows-exfat-sqm": "494e7a3d-8db9-4ec4-b43e-2844af6e38d6", + "microsoft-windows-failoverclustering-client": "a82fda5d-745f-409c-b0fe-18ae0678a0e0", + "microsoft-windows-fat-sqm": "3e59a529-b0b3-4a11-8129-9ffe6bb46eb9", + "microsoft-windows-fault-tolerant-heap": "6b93bf66-a922-4c11-a617-cf60d95c133d", + "microsoft-windows-featureconfiguration": "c2f36562-a1e4-4bc3-a6f6-01a7adb643e8", + "microsoft-windows-feedback-service-triggerprovider": "e46eead8-0c54-4489-9898-8fa79d059e0e", + "microsoft-windows-filehistory-catalog": "b447b4dc-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-configmanager": "b447b4dd-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-core": "b447b4db-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-engine": "b447b4de-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-eventlistener": "b447b4df-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-service": "b447b4e0-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-filehistory-ui": "b447b4e1-7780-11e0-ada3-18a90531a85a", + "microsoft-windows-fileinfominifilter": "a319d300-015c-48be-acdb-47746e154751", + "microsoft-windows-filtermanager": "f3c5e28e-63f6-49c7-a204-e48a1bc4b09d", + "microsoft-windows-firewall": "e595f735-b42a-494b-afcd-b68666945cd3", + "microsoft-windows-firewall-cpl": "546549be-9d63-46aa-9154-4f6eb9526378", + "microsoft-windows-firstux-perfinstrumentation": "fbef8096-2ca3-4082-acde-dcfb47e96b72", + "microsoft-windows-fltmgrtrace_307b3ab035ae31a8462e37b4da258d1a": "307b3ab0-35ae-31a8-462e-37b4da258d1a", + "microsoft-windows-fms": "dea07764-0790-44de-b9c4-49677b17174f", + "microsoft-windows-folder redirection": "7d7b0c39-93f6-4100-bd96-4dda859652c5", + "microsoft-windows-forwarding": "699e309c-e782-4400-98c8-e21d162d7b7b", + "microsoft-windows-functiondiscovery": "9db0fdb5-3b21-440e-a94b-63738a4be5de", + "microsoft-windows-functiondiscoveryhost": "538cbbad-4877-4eb2-b26e-7caee8f0f8cb", + "microsoft-windows-genericroaming": "4eacb4d0-263b-4b93-8cd6-778a278e5642", + "microsoft-windows-gpio-classextension": "55ab77f6-fa04-43ef-af45-688fbf500482", + "microsoft-windows-gpiobuttons": "e13ff11e-e989-4838-a9fa-38a4d13914cf", + "microsoft-windows-graphics-capture-server": "7d0cbd25-390e-524d-8c1e-2a8e846055c0", + "microsoft-windows-graphics-printing": "e7aa32fb-77d0-477f-987d-7e83df1b7ed0", + "microsoft-windows-graphics-printing3d": "be967569-e3c8-425b-ad0e-4f2c790b1848", + "microsoft-windows-graphicscapture-api": "347d2cdf-f126-56d7-12b1-69e27c655d7e", + "microsoft-windows-grouppolicy": "aea1b4fa-97d1-45f2-a64c-4d69fffd92c9", + "microsoft-windows-grouppolicytriggerprovider": "bd2f4252-5e1e-49fc-9a30-f3978ad89ee2", + "microsoft-windows-hal": "63d1e632-95cc-4443-9312-af927761d52a", + "microsoft-windows-healthcenter": "588c5c5a-ffc5-44a2-9a7f-d5e8dbe6efd7", + "microsoft-windows-healthcentercpl": "959f1fac-7ca8-4ed1-89dc-cdfa7e093cb0", + "microsoft-windows-heap-snapshot": "901d2afa-4ff6-46d7-8d0e-53645e1a47f5", + "microsoft-windows-helloforbusiness": "906b8a99-63ce-58d7-86ab-10989bbd5567", + "microsoft-windows-help": "de513a55-c345-438b-9a74-e18cac5c5cc5", + "microsoft-windows-hidcfu": "7628e972-6d6f-4974-b58f-6428622ec09a", + "microsoft-windows-homegroup-controlpanel": "134ea407-755d-4a93-b8a6-f290cd155023", + "microsoft-windows-host-network-management": "93f693dc-9163-4dee-af64-d855218af242", + "microsoft-windows-host-network-service": "0c885e0d-6eb6-476c-a048-2457eed3a5c1", + "microsoft-windows-hostguardianclient-service": "5d487fad-104b-5ca6-ca4e-14c206850501", + "microsoft-windows-hostguardianservice-ca": "9fb3388c-a54c-4e98-bdd1-445a82ed4bf7", + "microsoft-windows-hostguardianservice-client": "7dee1fdc-ffa8-4087-912a-95189d6a2d7f", + "microsoft-windows-hotpatch-monitor": "57eaf242-3772-533c-9fd2-29ed95606d14", + "microsoft-windows-hotspotauth": "de095dbe-8667-4168-94c2-48ca61665aca", + "microsoft-windows-http-sqm-provider": "f5344219-87a4-4399-b14a-e59cd118abb8", + "microsoft-windows-httpevent": "7b6bc78c-898b-4170-bbf8-1a469ea43fc5", + "microsoft-windows-httplog": "c42a2738-2333-40a5-a32f-6acc36449dcc", + "microsoft-windows-httpservice": "dd5ef90a-6398-47a4-ad34-4dcecdef795f", + "microsoft-windows-hyper-v-chipset": "de9ba731-7f33-4f44-98c9-6cac856b9f83", + "microsoft-windows-hyper-v-compute": "17103e3f-3c6e-4677-bb17-3b267eb5be57", + "microsoft-windows-hyper-v-computelib": "af7fd3a7-b248-460c-a9f5-fec39ef8468c", + "microsoft-windows-hyper-v-config": "02f3a5e3-e742-4720-85a5-f64c4184e511", + "microsoft-windows-hyper-v-crashdump": "c7c9e4f7-c41d-5c68-f104-d72a920016c7", + "microsoft-windows-hyper-v-debug": "eded5085-79d0-4e31-9b4e-4299b78cbeeb", + "microsoft-windows-hyper-v-dynmem": "b1d080a6-f3a5-42f6-b6f1-b9fd86c088da", + "microsoft-windows-hyper-v-emulateddevices": "da5a028b-b248-4a75-b60a-024fe6457484", + "microsoft-windows-hyper-v-emulatednic": "09242393-1349-4f4d-9fd7-59cc79f553ce", + "microsoft-windows-hyper-v-emulatedstor": "86e15e01-edf1-4ac7-89cf-b19563fd6894", + "microsoft-windows-hyper-v-guest-drivers-dynamic-memory": "ba2ffb5c-e20a-4fb9-91b4-45f61b4b66a0", + "microsoft-windows-hyper-v-guest-drivers-storage-filter": "0b9fdccc-451c-449c-9bd8-6756fcc6091a", + "microsoft-windows-hyper-v-guest-drivers-vmbus": "f2e2ce31-0e8a-4e46-a03b-2e0fe97e93c2", + "microsoft-windows-hyper-v-hierarchical-nic-switch": "31732ca5-d67c-59fd-dd5c-60a136ee4953", + "microsoft-windows-hyper-v-hypervisor": "52fc89f8-995e-434c-a91e-199986449890", + "microsoft-windows-hyper-v-integration": "2b74a015-3873-4c56-9928-ea80c58b2787", + "microsoft-windows-hyper-v-integration-rdv": "fdff33ec-70aa-46d3-ba65-7210009fa2a7", + "microsoft-windows-hyper-v-kmcl": "fa3f78ff-ba6d-4ede-96b2-9c5bb803e3ba", + "microsoft-windows-hyper-v-kmcl-child": "16d90d71-caca-5cd9-a618-8210d93015f3", + "microsoft-windows-hyper-v-netvsc": "152fbe4b-c7ad-4f68-bada-a4fcc1464f6c", + "microsoft-windows-hyper-v-serial": "8f9df503-1d12-49ec-bb28-f6ec42d361d4", + "microsoft-windows-hyper-v-storagevsp": "10b3d268-9782-49a4-aacc-a93c5482cb6f", + "microsoft-windows-hyper-v-synthfcvdev": "5b621a17-3b58-4d03-94f0-314f4e9c79ae", + "microsoft-windows-hyper-v-synthnic": "c29c4fb7-b60e-4fff-9af9-cf21f9b09a34", + "microsoft-windows-hyper-v-synthstor": "edacd782-2564-4497-ade6-7199377850f2", + "microsoft-windows-hyper-v-tpm": "13eae551-76ca-4ddc-b974-d3a0f8d44a03", + "microsoft-windows-hyper-v-uidevices": "339aad0a-4124-4968-8147-4cbbb1f8b3d5", + "microsoft-windows-hyper-v-vfpext": "9f2660ea-cfe7-428f-9850-aeca612619b0", + "microsoft-windows-hyper-v-vfpext-ifr": "dba692d9-d755-51b8-84ee-fe38fd18f4f0", + "microsoft-windows-hyper-v-vid": "5931d877-4860-4ee7-a95c-610a5f0d1407", + "microsoft-windows-hyper-v-virtual-pmem": "ae3f5bf8-ab9f-56d6-29c8-8c312e2faec2", + "microsoft-windows-hyper-v-vmbusvdev": "177d1599-9764-4e3a-bf9a-c86887aaddce", + "microsoft-windows-hyper-v-vmms": "6066f867-7ca1-4418-85fd-36e3f9c0600c", + "microsoft-windows-hyper-v-vmsp": "1ceb22b1-97ff-4703-beb2-333eb89b522a", + "microsoft-windows-hyper-v-vmswitch": "67dc0d66-3695-47c0-9642-33f76f7bd7ad", + "microsoft-windows-hyper-v-vsmb": "7b0ea079-e3bc-424a-b2f0-e3d8478d204b", + "microsoft-windows-hyper-v-worker": "51ddfa29-d5c8-4803-be4b-2ecb715570fe", + "microsoft-windows-idctrls": "6d7662a9-034e-4b1f-a167-67819c401632", + "microsoft-windows-idletriggerprovider": "9e03f75a-bcbe-428a-8f3c-d46f2a444935", + "microsoft-windows-ie-f12-provider": "d17fff2f-392d-478c-a41d-737a216eb2a4", + "microsoft-windows-ie-smartscreen": "52f82079-1974-4c67-81da-807b892778bb", + "microsoft-windows-ime-broker": "e2c15fd7-8924-4c8c-8cfe-da0be539ce27", + "microsoft-windows-ime-candidateui": "7c4117b1-ed82-4f47-b2ca-29e4e25719c7", + "microsoft-windows-ime-customerfeedbackmanager": "e2242b38-9453-42fd-b446-00746e76eb82", + "microsoft-windows-ime-customerfeedbackmanagerui": "1b734b40-a458-4b81-954f-ad7c9461bed8", + "microsoft-windows-ime-jpapi": "31bcac7f-4ab8-47a1-b73a-a161ee68d585", + "microsoft-windows-ime-jplmp": "dbc388bc-89c2-4fe0-b71f-6e4881fb575c", + "microsoft-windows-ime-jppred": "3ad571f3-bdae-4942-8733-4d1b85870a1e", + "microsoft-windows-ime-jpsetting": "14371053-1813-471a-9510-1cf1d0a055a8", + "microsoft-windows-ime-jptip": "8c8a69ad-cc89-481f-bbad-fd95b5006256", + "microsoft-windows-ime-krapi": "7562948e-2671-4dda-8f8f-bf945ef984a1", + "microsoft-windows-ime-krtip": "e013e74b-97f4-4e1c-a120-596e5629ecfe", + "microsoft-windows-ime-oedcompiler": "fd44a6e7-580f-4a9c-83d9-d820b7d3a033", + "microsoft-windows-ime-tccore": "f67b2345-47fa-4721-a6fb-fe08110eecf7", + "microsoft-windows-ime-tctip": "d5268c02-6f51-436f-983b-74f2efbfaf3a", + "microsoft-windows-ime-tip": "bdd4b92e-19ef-4497-9c4a-e10e7fd2e227", + "microsoft-windows-immersive-shell": "315a8872-923e-4ea2-9889-33cd4754bf64", + "microsoft-windows-immersive-shell-api": "5f0e257f-c224-43e5-9555-2adcb8540a58", + "microsoft-windows-indirectdisplays-classextension-events": "966cd1c0-3f69-42ad-9877-517dce8462b4", + "microsoft-windows-input-hidclass": "6465da78-e7a0-4f39-b084-8f53c7c30dc6", + "microsoft-windows-inputswitch": "bb8e7234-bbf4-48a7-8741-339206ed1dfb", + "microsoft-windows-install-agent": "e0c6f6de-258a-50e0-ac1a-103482d118bc", + "microsoft-windows-international-regionaloptionscontrolpanel": "c6bf6832-f7bd-4151-ac21-753ce4707453", + "microsoft-windows-iphlpsvc": "66a5c15c-4f8e-4044-bf6e-71d896038977", + "microsoft-windows-iphlpsvc-trace": "6600e712-c3b6-44a2-8a48-935c511f28c8", + "microsoft-windows-ipmiprovider": "2a45d52e-bbf3-4843-8e18-b356ed5f6a65", + "microsoft-windows-ipnat": "a67075c2-3e39-4109-b6cd-6d750058a732", + "microsoft-windows-ipsec-srv": "c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b", + "microsoft-windows-ipxlatcfg": "3e5ac668-af52-4c15-b99b-a3e7a6616ebd", + "microsoft-windows-isolatedusermode": "73a33ab2-1966-4999-8add-868c41415269", + "microsoft-windows-kdssvc": "89203471-d554-47d4-bde4-7552ec219999", + "microsoft-windows-kerberos-local-key-distribution-center": "57c834d7-0368-5d1b-8f01-1e2f89f0000d", + "microsoft-windows-kernel-acpi": "c514638f-7723-485b-bcfc-96565d735d4a", + "microsoft-windows-kernel-appcompat": "16a1adc1-9b7f-4cd9-94b3-d8296ab1b130", + "microsoft-windows-kernel-audit-api-calls": "e02a841c-75a3-4fa7-afc8-ae09cf9b7f23", + "microsoft-windows-kernel-boot": "15ca44ff-4d7a-4baa-bba5-0998955e531e", + "microsoft-windows-kernel-bootdiagnostics": "96ac7637-5950-4a30-b8f7-e07e8e5734c1", + "microsoft-windows-kernel-cache": "a2d34bf1-70ab-5b21-c819-5a0dd42748fd", + "microsoft-windows-kernel-cpu-partition": "3a493674-937f-5a23-f598-d56b9bd10d28", + "microsoft-windows-kernel-cpu-starvation": "7f54ca8a-6c72-5cbc-b96f-d0ef905b8bce", + "microsoft-windows-kernel-disk": "c7bde69a-e1e0-4177-b6ef-283ad1525271", + "microsoft-windows-kernel-dump": "17d2a329-4539-5f4d-3435-f510634ce3b9", + "microsoft-windows-kernel-eventtracing": "b675ec37-bdb6-4648-bc92-f3fdc74d3ca2", + "microsoft-windows-kernel-file": "edd08927-9cc4-4e65-b970-c2560fb5c289", + "microsoft-windows-kernel-general": "a68ca8b7-004f-d7b6-a698-07e2de0f1f5d", + "microsoft-windows-kernel-interrupt-steering": "951b41ea-c830-44dc-a671-e2c9958809b8", + "microsoft-windows-kernel-io": "abf1f586-2e50-4ba8-928d-49044e6f0db7", + "microsoft-windows-kernel-iotrace": "a103cabd-8242-4a93-8df5-1cdf3b3f26a6", + "microsoft-windows-kernel-licensing-startservicetrigger": "f5528ada-be5f-4f14-8aef-a95de7281161", + "microsoft-windows-kernel-licensingsqm": "a0af438f-4431-41cb-a675-a265050ee947", + "microsoft-windows-kernel-livedump": "bef2aa8e-81cd-11e2-a7bb-5eac6188709b", + "microsoft-windows-kernel-memory": "d1d93ef7-e1f2-4f45-9943-03d245fe6c00", + "microsoft-windows-kernel-network": "7dd42a49-5329-4832-8dfd-43d979153a88", + "microsoft-windows-kernel-pep": "5412704e-b2e1-4624-8ffd-55777b8f7373", + "microsoft-windows-kernel-pnp": "9c205a39-1250-487d-abd7-e831c6290539", + "microsoft-windows-kernel-pnp-rundown": "b3a0c2c8-83bb-4ddf-9f8d-4b22d3c38ad7", + "microsoft-windows-kernel-power": "331c3b3a-2005-44c2-ac5e-77220c37d6b4", + "microsoft-windows-kernel-powertrigger": "aa1f73e8-15fd-45d2-abfd-e7f64f78eb11", + "microsoft-windows-kernel-prefetch": "5322d61a-9efa-4bc3-a3f9-14be95c144f8", + "microsoft-windows-kernel-prm": "b931ed29-66f4-576e-0579-0b8818a5dc6b", + "microsoft-windows-kernel-process": "22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716", + "microsoft-windows-kernel-processor-power": "0f67e49f-fe51-4e9f-b490-6f2948cc6027", + "microsoft-windows-kernel-registry": "70eb4f03-c1de-4f73-a051-33d13d5413bd", + "microsoft-windows-kernel-shimengine": "0bf2fb94-7b60-4b4d-9766-e82f658df540", + "microsoft-windows-kernel-storemgr": "a6ad76e3-867a-4635-91b3-4904ba6374d7", + "microsoft-windows-kernel-tm": "4cec9c95-a65f-4591-b5c4-30100e51d870", + "microsoft-windows-kernel-tm-trigger": "ce20d1c3-a247-4c41-bcb8-3c7f52c8b805", + "microsoft-windows-kernel-wdi": "2ff3e6b7-cb90-4700-9621-443f389734ed", + "microsoft-windows-kernel-whea": "7b563579-53c8-44e7-8236-0f87b9fe6594", + "microsoft-windows-kernel-wsservice-startservicetrigger": "3635d4b6-77e3-4375-8124-d545b7149337", + "microsoft-windows-kernel-xdv": "f029ac39-38f0-4a40-b7de-404d244004cb", + "microsoft-windows-kernelstreaming": "548c4417-ce45-41ff-99dd-528f01ce0fe1", + "microsoft-windows-keyboardfilter": "84de80eb-86e8-4ff6-85a6-9319abd578a4", + "microsoft-windows-knownfolders": "8939299f-2315-4c5c-9b91-abb86aa0627d", + "microsoft-windows-l2nacp": "85fe7609-ff4a-48e9-9d50-12918e43e1da", + "microsoft-windows-langpa": "cb070027-1534-4cf3-98ea-b9751f508376", + "microsoft-windows-languagepacksetup": "7237fff9-a08a-4804-9c79-4a8704b70b87", + "microsoft-windows-laps": "4fcc72a9-d7ca-5dd2-8d34-6f41a0cdb7e0", + "microsoft-windows-ldap-client": "099614a5-5dd7-4788-8bc9-e29f43db28fc", + "microsoft-windows-limitsmanagement": "73aa0094-facb-4aeb-bd1d-a7b98dd5c799", + "microsoft-windows-linklayerdiscoveryprotocol": "dcbfb8f0-cd19-4f1c-a27d-23ac706ded72", + "microsoft-windows-liveid": "05f02597-fe85-4e67-8542-69567ab8fd4f", + "microsoft-windows-lltd-mapper": "ccc64809-6b5f-4c1b-ab39-336904da9b3b", + "microsoft-windows-lltd-mapperio": "0741c7be-daac-4a5b-b00a-4bd9a2d89d0e", + "microsoft-windows-lltd-responder": "e159fc63-02fe-42f3-a234-028b9b8561cb", + "microsoft-windows-locationserviceprovider": "8e889f0c-7d54-52b3-e4ae-2c8b27a482c2", + "microsoft-windows-lua": "93c05d69-51a3-485e-877f-1806a8731346", + "microsoft-windows-magnification": "c882ff1d-7585-4b33-b135-95c577179137", + "microsoft-windows-management-secureassessment": "a329cf81-57ec-46ed-ab7c-261a52b0754a", + "microsoft-windows-mapcontrols": "acd88d21-e1d4-4483-b974-0c1da66cc529", + "microsoft-windows-mccs-accountaccessor": "4025d192-273d-42ec-bdf8-940ec34eedca", + "microsoft-windows-mccs-accountshost": "04eccf8e-8490-4ad1-8ed5-0ae7750e69e6", + "microsoft-windows-mccs-accountsrt": "dd2743c6-1722-4674-9f6f-c80044c4232e", + "microsoft-windows-mccs-activesynccsp": "602a0873-9bde-48b3-b6b7-277035293458", + "microsoft-windows-mccs-activesyncprovider": "4a155f10-25ad-47e6-aba8-2c4f5eee7846", + "microsoft-windows-mccs-davsyncprovider": "5d86c4e2-8fcd-48d7-a713-9a04609c0189", + "microsoft-windows-mccs-engineshared": "bf460fc6-45c5-4119-add3-e361a6e7d5ac", + "microsoft-windows-mccs-internetmail": "618473bc-8eef-4868-adff-a1b640b06411", + "microsoft-windows-mccs-internetmailcsp": "bec5e7a4-0527-42e8-8174-fabde799ad7f", + "microsoft-windows-mccs-networkhelper": "25b99a4c-2f80-4fcd-982d-69cd1f77badf", + "microsoft-windows-mccs-synccontroller": "7fcb9791-f481-46d1-846e-2eb6f003c4d3", + "microsoft-windows-mccs-syncutil": "dca074ce-547c-4595-ae90-56229b8e3bd9", + "microsoft-windows-media-protection-playready-performance": "d2402fde-7526-5a7b-501a-25dc7c9c282e", + "microsoft-windows-media-streaming": "982824e5-e446-46ae-bc74-836401ffb7b6", + "microsoft-windows-mediaengine": "8f2048e0-f260-4f57-a8d1-932376291682", + "microsoft-windows-mediafoundation-mfcaptureengine": "b8197c10-845f-40ca-82ab-9341e98cfc2b", + "microsoft-windows-mediafoundation-mfreadwrite": "4b7eac67-fc53-448c-a49d-7cc6db524da7", + "microsoft-windows-mediafoundation-msvproc": "a4112d1a-6dfa-476e-bb75-e350d24934e1", + "microsoft-windows-mediafoundation-performance": "f404b94e-27e0-4384-bfe8-1d8d390b0aa3", + "microsoft-windows-mediafoundation-performance-core": "b20e65ac-c905-4014-8f78-1b6a508142eb", + "microsoft-windows-mediafoundation-platform": "bc97b970-d001-482f-8745-b8d7d5759f99", + "microsoft-windows-mediafoundation-playapi": "b65471e1-019d-436f-bc38-e15fa8e87f53", + "microsoft-windows-memory-diagnostic-task-handler": "babda89a-4d5e-48eb-af3d-e0e8410207c0", + "microsoft-windows-memorydiagnostics-results": "5f92bc59-248f-4111-86a9-e393e12c6139", + "microsoft-windows-memorydiagnostics-schedule": "73e9c9de-a148-41f7-b1db-4da051fdc327", + "microsoft-windows-mf": "a7364e1a-894f-4b3d-a930-2ed9c8c4c811", + "microsoft-windows-mf-frameserver": "9e22a3ed-7b32-4b99-b6c2-21dd6ace01e1", + "microsoft-windows-mf-mfdshowreversebridge": "aa1105fa-5af2-5fd6-89b5-002421c5e2ca", + "microsoft-windows-mfh264enc": "2a49de31-8a5b-4d3a-a904-7fc7409ae90d", + "microsoft-windows-minstore": "55b24b1d-dd9c-44c0-ba77-4f749f1b6976", + "microsoft-windows-mmcss": "36008301-e154-466c-acec-5f4cbd6b4694", + "microsoft-windows-mobile-broadband-experience-api": "2e2bbb16-0c36-4b9b-a567-40924a199fd5", + "microsoft-windows-mobile-broadband-experience-api-internal": "2aabd03b-f48b-419a-b4ce-7a14403f4a46", + "microsoft-windows-mobile-broadband-experience-smsapi": "0ff1c24b-7f05-45c0-abdc-3c8521be4f62", + "microsoft-windows-mobilitycenter": "91f42016-0b4e-4a4b-9bbb-825d06cbed35", + "microsoft-windows-mobsync": "b44aec44-38f4-4b59-8df3-10306abf19b2", + "microsoft-windows-moderndeployment-diagnostics-provider": "bab3ad92-fb96-5902-450b-b8421bdec7bd", + "microsoft-windows-moshost": "d116f0f2-a6d6-4f1f-bdda-0c88c8d1f2e9", + "microsoft-windows-mountmgr": "e3bac9f8-27be-4823-8d7f-1cc320c05fa7", + "microsoft-windows-mp4sdecd": "7f2bd991-ae93-454a-b219-0bc23f02262a", + "microsoft-windows-mpeg2_dlna-encoder": "86efff39-2bdd-4efd-bd0b-853d71b2a9dc", + "microsoft-windows-mprddm": "3a5bef13-d0f7-4e7f-9ec8-5e707df711d0", + "microsoft-windows-mprmsg": "f2c628ae-d26c-4352-9c45-74754e1e2f9f", + "microsoft-windows-mps-clnt": "37945dc2-899b-44d1-b79c-dd4a9e57ff98", + "microsoft-windows-mps-drv": "50bd1bfd-936b-4db3-86be-e25b96c25898", + "microsoft-windows-mps-srv": "5444519f-2484-45a2-991e-953e4b54c8e0", + "microsoft-windows-mptf": "ea6c5bea-f5cc-56a4-e146-671bf483d53b", + "microsoft-windows-msdtc": "719be4ed-e9bc-4dd8-a7cf-c85ce8e4975d", + "microsoft-windows-msdtc 2": "5d9e0020-3761-4f36-90c8-38ce6511bd12", + "microsoft-windows-msdtc client": "7a67066e-193f-4d3a-82d3-322fee5259de", + "microsoft-windows-msdtc client 2": "155cb334-3d7f-4ff1-b107-df8afc3c0363", + "microsoft-windows-msftedit": "9640427c-7d03-4331-b8ee-fb77625bf381", + "microsoft-windows-msiserver": "17e92e2a-3d08-413e-baeb-a79a262bf486", + "microsoft-windows-msmpeg2adec": "51311de3-d55e-454a-9c58-43dc7b4c01d2", + "microsoft-windows-msmpeg2vdec": "ae5cf422-786a-476a-ac96-753b05877c99", + "microsoft-windows-msmpeg2venc": "d17b213a-c505-49c9-98cc-734253ef65d4", + "microsoft-windows-mui": "a8a1f2f6-a13a-45e9-b1fe-3419569e5ef2", + "microsoft-windows-narrator": "835b79e2-e76a-44c4-9885-26ad122d3b4d", + "microsoft-windows-ncasvc": "126ded58-a28d-4113-8e7a-59d7444b2af1", + "microsoft-windows-ncdautosetup": "ec23f986-ae2d-4269-b52f-4e20765c1a94", + "microsoft-windows-ncsi": "314de49f-ce63-4779-ba2b-d616f6963a88", + "microsoft-windows-ndf-helperclassdiscovery": "fc3bc8a7-2f61-449c-a8b4-22ac22058f92", + "microsoft-windows-ndis": "cdead503-17f5-4a3e-b7ae-df8cc2902eb9", + "microsoft-windows-ndis-packetcapture": "2ed6006e-4729-4609-b423-3ee7bcd678ef", + "microsoft-windows-ndisimplatformeventprovider": "11c5d8ad-756a-42c2-8087-eb1b4a72a846", + "microsoft-windows-ndisimplatformsysevtprovider": "62de9e48-90c6-4755-8813-6a7d655b0802", + "microsoft-windows-ndu": "df271536-4298-45e1-b0f2-e88f78619c5d", + "microsoft-windows-netadaptercim-diag": "6cc2405d-817f-4886-886f-d5d1643210f0", + "microsoft-windows-netshell": "af2e340c-0743-4f5a-b2d3-2f7225d215de", + "microsoft-windows-network-and-sharing-center": "6a502821-ab44-40c8-b32f-37315d9d52e0", + "microsoft-windows-network-connection-broker": "3eb875eb-8f4a-4800-a00b-e484c97d7551", + "microsoft-windows-network-executioncontext": "0075e1ab-e1d1-5d1f-35f5-da36fb4f41b1", + "microsoft-windows-network-setup": "a111f1c2-5923-47c0-9a68-d0bafb577901", + "microsoft-windows-networkbridge": "a67075c2-3e39-4109-b6cd-6d750058a731", + "microsoft-windows-networkconnectivitystatus": "014de49f-ce63-4779-ba2b-d616f6963a87", + "microsoft-windows-networkgcw": "be932b00-0f8e-4386-ab89-873f7d0274aa", + "microsoft-windows-networking-correlation": "83ed54f0-4d48-4e45-b16e-726ffd1fa4af", + "microsoft-windows-networking-realtimecommunication": "1e39b4ce-d1e6-46ce-b65b-5ab05d6cc266", + "microsoft-windows-networkmanagertriggerprovider": "9b307223-4e4d-4bf5-9be8-995cd8e7420b", + "microsoft-windows-networkprofile": "fbcfac3f-8459-419f-8e48-1f0b49cdb85e", + "microsoft-windows-networkprofiletriggerprovider": "fbcfac3f-8460-419f-8e48-1f0b49cdb85e", + "microsoft-windows-networkprovider": "1e9a4978-78c2-441e-8858-75b5d1326bc5", + "microsoft-windows-networkprovisioning": "93a19ab3-fb2c-46eb-91ef-56b0a318b983", + "microsoft-windows-networksecurity": "7b702970-90bc-4584-8b20-c0799086ee5a", + "microsoft-windows-nlasvc": "63b530f8-29c9-4880-a5b4-b8179096e7b8", + "microsoft-windows-ntfs": "3ff37a1c-a68d-4d6e-8c9b-f79e8b16c482", + "microsoft-windows-ntfs-ubpm": "8e6a5303-a4ce-498f-afdb-e03a8a82b077", + "microsoft-windows-ntfslog_38cd4a5ae98f33938fa5234e6817e23d": "38cd4a5a-e98f-3393-8fa5-234e6817e23d", + "microsoft-windows-ntlm": "ac43300d-5fcc-4800-8e99-1bd3f85f0320", + "microsoft-windows-ntshrui": "676f167f-f72c-446e-a498-eda43319a5e3", + "microsoft-windows-nvmedisk": "9799276c-fb04-47e8-845e-36946045c218", + "microsoft-windows-nwifi": "0bd3506a-9030-4f76-9b88-3e8fe1f7cfb6", + "microsoft-windows-offlinefiles": "95353826-4fbe-41d4-9c42-f521c6e86360", + "microsoft-windows-offlinefiles-cscapi": "19ee4cf9-5322-4843-b0d8-bab81be4e81e", + "microsoft-windows-offlinefiles-cscdcluser": "d5418619-c167-44d9-bc36-765beb5d55f3", + "microsoft-windows-offlinefiles-cscfastsync": "791cd79c-65b5-48a3-804c-786048994f47", + "microsoft-windows-offlinefiles-cscnetapi": "361f227c-aa14-4d19-9007-0c8d1a8a541b", + "microsoft-windows-offlinefiles-cscservice": "89d89015-c0df-414c-bc48-f50e114832bc", + "microsoft-windows-offlinefiles-cscum": "5e23b838-5b71-47e6-b123-6fe02ef573ef", + "microsoft-windows-ole-perf": "84958368-7da7-49a0-b33d-07fabb879626", + "microsoft-windows-oleacc": "19d2c934-ee9b-49e5-aaeb-9cce721d2c65", + "microsoft-windows-onebackup": "72561cf0-c85c-4f78-9e8d-cba9093df62d", + "microsoft-windows-onex": "ab0d8ef9-866d-4d39-b83f-453f3b8f6325", + "microsoft-windows-oobe-firstlogonanim": "2d4c0c5e-6704-493a-a44b-f5add4fc9283", + "microsoft-windows-oobe-machine-core": "ec276cde-2a17-473c-a010-2ff78d5426d2", + "microsoft-windows-oobe-machine-dui": "f5dbaa02-15d6-4644-a784-7032d508bf64", + "microsoft-windows-oobeldr": "75ebc33e-8670-4eb6-b535-3b9d6bb222fd", + "microsoft-windows-osk": "4f768be8-9c69-4bbc-87fc-95291d3f9d0c", + "microsoft-windows-otpcredentialproviderevt": "5cad485a-210f-4c16-80c5-f892de74e28d", + "microsoft-windows-overlayfilter": "46c78e5c-a213-46a8-8a6b-622f6916201d", + "microsoft-windows-parentalcontrols": "01090065-b467-4503-9b28-533766761087", + "microsoft-windows-partition": "412bdff2-a8c4-470d-8f33-63fe0d8c20e2", + "microsoft-windows-pci": "1a9443d4-b099-44d6-8eb1-829b9c2fe290", + "microsoft-windows-pcrpf": "5909c524-5e57-5275-803f-ddb7b74c52f2", + "microsoft-windows-pdc": "a6bf0deb-3659-40ad-9f81-e25af62ce3c7", + "microsoft-windows-pdfreader": "dfa86faa-2c55-4140-bff9-5cc586217a7b", + "microsoft-windows-pdh": "04d66358-c4a1-419b-8023-23b73902de2c", + "microsoft-windows-perceptionruntime": "add0de40-32b0-4b58-9d5e-938b2f5c1d1f", + "microsoft-windows-perceptionsensordataservice": "85be49ea-38f1-4547-a604-80060202fb27", + "microsoft-windows-perfdisk": "7f9d83de-8abb-457f-98e8-4ad161449ecc", + "microsoft-windows-perflib": "13b197bd-7cee-4b4e-8dd0-59314ce374ce", + "microsoft-windows-perfnet": "cab2b8a5-49b9-4eec-b1b0-fac21da05a3b", + "microsoft-windows-performance-recorder-control": "36b6f488-aad7-48c2-afe3-d4ec2c8b46fa", + "microsoft-windows-perfos": "f82fb576-e941-4956-a2c7-a0cf83f6450a", + "microsoft-windows-perfproc": "72d211e1-4c54-4a93-9520-4901681b2271", + "microsoft-windows-persistentmemory-nvdimm": "a7f2235f-be51-51ed-decf-f4498812a9a2", + "microsoft-windows-persistentmemory-pmemdisk": "0fa2ee03-1feb-5057-3bb3-eb25521b8482", + "microsoft-windows-persistentmemory-scmbus": "c03715ce-ea6f-5b67-4449-da1d1e1afeb8", + "microsoft-windows-photo-image-codec": "be3a31ea-aa6c-4196-9dcc-9ca13a49e09f", + "microsoft-windows-photoacq": "76cfa528-b26e-b773-62d0-9588270442a6", + "microsoft-windows-pktmon": "4d4f80d9-c8bd-4d73-bb5b-19c90402c5ac", + "microsoft-windows-playtomanager": "bb311100-2d9f-4cd3-b2d6-f4ea3839c548", + "microsoft-windows-portabledevicestatusprovider": "8c63b5a5-b484-4381-892d-edd424582df7", + "microsoft-windows-portabledevicesyncprovider": "a3e1697b-a12c-46b9-84d1-7ffe73c4b678", + "microsoft-windows-power-cad": "daba4d32-cc40-4266-bb95-c30344dbc680", + "microsoft-windows-power-meter-polling": "306c4e0b-e148-543d-315b-c618eb93157c", + "microsoft-windows-power-troubleshooter": "cdc05e28-c449-49c6-b9d2-88cf761644df", + "microsoft-windows-powercfg": "9f0c4ea8-ec01-4200-a00d-b9701cbea5d8", + "microsoft-windows-powercpl": "b1f90b27-4551-49d6-b2bd-dfc6453762a6", + "microsoft-windows-powershell": "a0c1853b-5c40-4b15-8766-3cf1c58f985a", + "microsoft-windows-powershell-desiredstateconfiguration-filedownloadmanager": "aaf67066-0bf8-469f-ab76-275590c434ee", + "microsoft-windows-printbrm": "cf3f502e-b40d-4071-996f-00981edf938e", + "microsoft-windows-printservice": "747ef6fd-e535-4d16-b510-42c90f6873a1", + "microsoft-windows-printservice-usbmon": "7f812073-b28d-4afc-9ced-b8010f914ef6", + "microsoft-windows-privacy-auditing": "d67fbb76-d18a-5ae3-24a3-8c1db52d6c62", + "microsoft-windows-privacy-auditing-activity-history-privacy-settings": "63dd5dfb-2488-5e1f-7895-d49ff5bc7125", + "microsoft-windows-privacy-auditing-cpss": "15f4cd44-ca53-5422-db17-4e76821b5a69", + "microsoft-windows-privacy-auditing-diagnosticdata": "d3610dca-4501-5a5d-21a7-30ca91130711", + "microsoft-windows-privacy-auditing-onesettingsclient": "23f0f2c7-c77c-51ee-0ac1-5ac7796a85df", + "microsoft-windows-privacy-auditing-permissivelearningmode": "811a1ddb-2e69-5f25-adc0-4b186170e760", + "microsoft-windows-privacy-auditing-tailoredexperiences": "1bd672b8-445e-53fc-35ef-09f53672c385", + "microsoft-windows-processexitmonitor": "fd771d53-8492-4057-8e35-8c02813af49b", + "microsoft-windows-processor-aggregator": "cba16cf2-2fab-49f8-89ae-894e718649e7", + "microsoft-windows-processstatemanager": "d49918cf-9489-4bf1-9d7b-014d864cf71f", + "microsoft-windows-program-compatibility-assistant": "4cb314df-c11f-47d7-9c04-65fb0051561b", + "microsoft-windows-projfs-filter": "b6d7dc51-78cf-4e85-8bac-488a9f47a0bb", + "microsoft-windows-provisioning-diagnostics-provider": "ed8b9bd3-f66e-4ff2-b86b-75c7925f72a9", + "microsoft-windows-proximity-common": "28058203-d394-4afc-b2a6-2f9155a3bb95", + "microsoft-windows-push-to-install-service": "3a718a68-6974-4075-abd3-e8243caef398", + "microsoft-windows-pushnotifications-developer": "5cad3597-5fec-4c62-9ce1-9d7abc723d3a", + "microsoft-windows-pushnotifications-inproc": "815a1f4a-3f8d-4b37-9b31-5142f9d724a5", + "microsoft-windows-pushnotifications-platform": "88cd9180-4491-4640-b571-e3bee2527943", + "microsoft-windows-qos-pacer": "914ed502-b70d-4add-b758-95692854f8a3", + "microsoft-windows-qos-qwave": "6ba132c4-da49-415b-a7f4-31870dc9fe25", + "microsoft-windows-qos-wmi-diag": "725ba9b3-c1f3-4518-af1b-c8d669191e15", + "microsoft-windows-radiomanager": "92061e3d-21cd-45bc-a3df-0e8ae5e8580a", + "microsoft-windows-ras-agilevpn": "b5325cd6-438e-4ec1-aa46-14f46f2570e4", + "microsoft-windows-ras-ndiswanpacketcapture": "d84521f7-2235-4237-a7c0-14e3a9676286", + "microsoft-windows-rasserver": "29d13147-1c2e-48ec-9994-e29dfe496eb3", + "microsoft-windows-rassstp": "6c260f2c-049a-43d8-bf4d-d350a4e6611a", + "microsoft-windows-rdp-graphics-rdpavenc": "ec7b8a8b-1432-58b3-6025-be73d4ea28ed", + "microsoft-windows-rdp-graphics-rdplite": "54de4fb6-64d0-5710-3c14-13e4456119ce", + "microsoft-windows-readyboost": "e6307a09-292c-497e-aad6-498f68e2b619", + "microsoft-windows-readyboostdriver": "2a274310-42d5-4019-b816-e4b8c7abe95c", + "microsoft-windows-refs": "cd9c6198-bf73-4106-803b-c17d26559018", + "microsoft-windows-refs-v1": "059f0f37-910e-4ff0-a7ee-ae8d49dd319b", + "microsoft-windows-refsdedupsvc": "596cb176-fb71-587a-8ffb-f5cf15ee1e36", + "microsoft-windows-remote-filesystem-log": "20c46239-d059-4214-a11e-7d6769cbe020", + "microsoft-windows-remote-filesystem-monitor": "51734b23-5b7e-4892-ba8e-45bc110b735c", + "microsoft-windows-remoteapp and desktop connections": "1b8b402d-78dc-46fb-bf71-46e64aedf165", + "microsoft-windows-remoteassistance": "5b0a651a-8807-45cc-9656-7579815b6af0", + "microsoft-windows-remotedesktopservices-rdpclipcdv": "b1e2ee25-b5bc-5129-0582-81a0a146b59b", + "microsoft-windows-remotedesktopservices-rdpcorecdv": "c8e6dc53-660c-44ee-8d00-e47f189db87f", + "microsoft-windows-remotedesktopservices-rdpcorets": "1139c61b-b549-4251-8ed3-27250a1edec8", + "microsoft-windows-remotedesktopservices-sessionservices": "f1394de0-32c7-4a76-a6de-b245e48f4615", + "microsoft-windows-remotefs-rdbss": "1a870028-f191-4699-8473-6fcd299eab77", + "microsoft-windows-remotehelp": "8b7587bf-3253-5620-fb1f-625bca71d28d", + "microsoft-windows-reseteng": "a4445c76-ed85-c8a3-02c1-532a38614a9e", + "microsoft-windows-reseteng-trace": "7fa514b5-a023-4b62-a6ab-2946a483e065", + "microsoft-windows-resource-exhaustion-detector": "9988748e-c2e8-4054-85f6-0c3e1cad2470", + "microsoft-windows-resource-exhaustion-resolver": "91f5fb12-fdea-4095-85d5-614b495cd9de", + "microsoft-windows-resourcepublication": "74c2135f-cc76-45c3-879a-ef3bb1eeaf86", + "microsoft-windows-restartmanager": "0888e5ef-9b98-4695-979d-e92ce4247224", + "microsoft-windows-retaildemo": "d3f29eda-805d-428a-9902-b259b937f84b", + "microsoft-windows-rpc": "6ad52b32-d609-4be9-ae07-ce8dae937e39", + "microsoft-windows-rpc-audit": "3c578d57-f85a-5fc9-dea0-8c663ccff942", + "microsoft-windows-rpc-events": "f4aed7c7-a898-4627-b053-44a7caa12fcd", + "microsoft-windows-rpc-firewallmanager": "f997cd11-0fc9-4ab4-acba-bc742a4c0dd3", + "microsoft-windows-rpc-proxy-lbs": "272a979b-34b5-48ec-94f5-7225a59c85a0", + "microsoft-windows-rpcss": "d8975f88-7ddb-4ed0-91bf-3adf48c48e0c", + "microsoft-windows-rras": "24989972-0967-4e21-a926-93854033638e", + "microsoft-windows-rtworkqueue-extended": "83faaa86-63c8-4dd8-a2da-fbadddfc0655", + "microsoft-windows-rtworkqueue-threading": "e18d0fc9-9515-4232-98e4-89e456d8551b", + "microsoft-windows-runtime-graphics": "fa5cf675-72eb-49e2-b447-de5552faff1c", + "microsoft-windows-runtime-media": "8f0db3a8-299b-4d64-a4ed-907b409d4584", + "microsoft-windows-runtime-networking": "6eb875eb-8f4a-4800-a00b-e484c97d7561", + "microsoft-windows-runtime-networking-backgroundtransfer": "b9d5b35d-bbb8-4625-9450-f71a5d414f4f", + "microsoft-windows-runtime-web-http": "41877cb4-11fc-4188-b590-712c143c881d", + "microsoft-windows-runtime-webapi": "6bd96334-dc49-441a-b9c4-41425ba628d8", + "microsoft-windows-schannel-events": "91cc1150-71aa-47e2-ae18-c96e61736b6f", + "microsoft-windows-scpnp": "9f650c63-9409-453c-a652-83d7185a2e83", + "microsoft-windows-sdbus": "fe28004e-b08f-4407-92b3-bad3a2c51708", + "microsoft-windows-sdstor": "afe654eb-0a83-4eb4-948f-d4510ec39c30", + "microsoft-windows-search": "ca4e628d-8567-4896-ab6b-835b221f373f", + "microsoft-windows-search-core": "49c2c27c-fe2d-40bf-8c4e-c3fb518037e7", + "microsoft-windows-search-profilenotify": "fc6f77dd-769a-470e-bcf9-1b6555a118be", + "microsoft-windows-search-protocolhandlers": "dab065a9-620f-45ba-b5d6-d6bb8efedee9", + "microsoft-windows-sec": "16c6501a-ff2d-46ea-868d-8f96cb0cb52d", + "microsoft-windows-sec-wfp": "62834e12-795f-5ab2-b404-8d6d870dbbeb", + "microsoft-windows-security-audit-configuration-client": "08466062-aed4-4834-8b04-cddb414504e5", + "microsoft-windows-security-auditing": "54849625-5478-4994-a5ba-3e3b0328c30d", + "microsoft-windows-security-enterprisedata-filerevocationmanager": "2cd58181-0bb6-463e-828a-056ff837f966", + "microsoft-windows-security-exchangeactivesyncprovisioning": "9249d0d0-f034-402f-a29b-92fa8853d9f3", + "microsoft-windows-security-identitystore": "00b7e1df-b469-4c69-9c41-53a6576e3dad", + "microsoft-windows-security-isolation-brokeringfilesystem": "cd8b60a0-2a19-5eb9-564f-6154e2d987f4", + "microsoft-windows-security-kerberos": "98e6cfcb-ee0a-41e0-a57b-622d4e1b30b1", + "microsoft-windows-security-lessprivilegedappcontainer": "45eec9e5-4a1b-5446-7ad8-a4ab1313c437", + "microsoft-windows-security-mitigations": "fae10392-f0af-4ac0-b8ff-9f4d920c3cdf", + "microsoft-windows-security-netlogon": "e5ba83f6-07d0-46b1-8bc7-7e669a1d31dc", + "microsoft-windows-security-spp": "e23b33b0-c8c9-472c-a5f9-f2bdfea0f156", + "microsoft-windows-security-spp-ux": "6bdadc96-673e-468c-9f5b-f382f95b2832", + "microsoft-windows-security-spp-ux-gc": "bbbdd6a3-f35e-449b-a471-4d830c8eda1f", + "microsoft-windows-security-spp-ux-genuinecenter-logging": "fb829150-cd7d-44c3-af5b-711a3c31cedc", + "microsoft-windows-security-spp-ux-notifications": "c4efc9bb-2570-4821-8923-1bad317d2d4b", + "microsoft-windows-security-userconsentverifier": "40783728-8921-45d0-b231-919037b4b4fd", + "microsoft-windows-security-vault": "e6c92fb8-89d7-4d1f-be46-d56e59804783", + "microsoft-windows-securitymitigationsbroker": "ea8cd8a5-78ff-4418-b292-aadc6a7181df", + "microsoft-windows-sendto": "35642cf5-da5e-410b-9d9c-a45f3638042b", + "microsoft-windows-sens": "be69781c-b63b-41a1-8e24-a4fc7b3fc498", + "microsoft-windows-sense": "fae96d09-ade1-5223-0098-af7b67348531", + "microsoft-windows-senseir": "b6d775ef-1436-4fe6-bad3-9e436319e218", + "microsoft-windows-sensors": "d8900e18-36cb-4548-966f-13f068d1f78e", + "microsoft-windows-sensors-core": "751c292b-23e6-58cf-1fd4-38f8512c66c2", + "microsoft-windows-sensors-core-performance": "9e051eaa-7fee-4f9f-8897-d86f3692e8af", + "microsoft-windows-serial-classextension": "47bc9477-a8ba-452e-b951-4f2ed3593cf9", + "microsoft-windows-serial-classextension-v2": "eee173ef-7ed2-45de-9877-01c70a852fbd", + "microsoft-windows-servicereportingapi": "606a6a38-70ec-4309-b3a3-82ff86f73329", + "microsoft-windows-services": "0063715b-eeda-4007-9429-ad526f62696e", + "microsoft-windows-services-svchost": "06184c97-5201-480e-92af-3a3626c5b140", + "microsoft-windows-servicetriggerperfeventprovider": "6545939f-3398-411a-88b7-6a8914b8cec7", + "microsoft-windows-servicing": "bd12f3b8-fc40-4a61-a307-b7a013a069c1", + "microsoft-windows-setup": "75ebc33e-997f-49cf-b49f-ecc50184b75d", + "microsoft-windows-setupcl": "75ebc33e-d017-4d0f-93ab-0b4f86579164", + "microsoft-windows-setupplatform": "530fb9b9-c515-4472-9313-fb346f9255e3", + "microsoft-windows-setupqueue": "a615acb9-d5a4-4738-b561-1df301d207f8", + "microsoft-windows-setupugc": "75ebc33e-0870-49e5-bdce-9d7028279489", + "microsoft-windows-sharedaccess_nat": "a6f32731-9a38-4159-a220-3d9b7fc5fe5d", + "microsoft-windows-sharemedia-controlpanel": "02012a8a-adf5-4fab-92cb-ccb7bb3e689a", + "microsoft-windows-shell-appwizcpl": "08d945eb-c8bd-44aa-994f-86079d8dce35", + "microsoft-windows-shell-authui": "63d2bb1d-e39a-41b8-9a3d-52dd06677588", + "microsoft-windows-shell-connectedaccountstate": "6df57621-e7e4-410f-a7e9-e43eeb61b11f", + "microsoft-windows-shell-core": "30336ed4-e327-447c-9de0-51b652c86108", + "microsoft-windows-shell-defaultprograms": "65d99466-7a8e-489c-b8e1-962bc945031e", + "microsoft-windows-shell-lockscreencontent": "a3c0d58a-9fe5-4f24-a2ce-e16de8baa0d2", + "microsoft-windows-shell-openwith": "11bd2a68-77ff-4991-9658-f451f2eb6ce1", + "microsoft-windows-shell-shwebsvc": "f61cefc0-aa2e-11da-a746-0800200c9a66", + "microsoft-windows-shell-zipfolder": "1f84007d-19ce-4b15-9e81-8a3dd8eb9ecb", + "microsoft-windows-shellcommon-startlayoutpopulation": "97ca8142-10b1-4baa-9fbb-70a7d11231c3", + "microsoft-windows-shsvcs": "059c3e04-5535-4929-85e1-93030e78f47b", + "microsoft-windows-sleepstudy": "d37687e7-8bf0-4d11-b589-a7abe080756a", + "microsoft-windows-smartcard-audit": "09ac07b9-6ac9-43bc-a50f-58419a797c69", + "microsoft-windows-smartcard-deviceenum": "aaeac398-3028-487c-9586-44eacad03637", + "microsoft-windows-smartcard-server": "4fcbf664-a33a-4652-b436-9d558983d955", + "microsoft-windows-smartcard-tpm-vcard-module": "125f2cf1-2768-4d33-976e-527137d080f8", + "microsoft-windows-smartcard-trigger": "aedd909f-41c6-401a-9e41-dfc33006af5d", + "microsoft-windows-smartscreen": "3cb2a168-fe34-4a4e-bdad-dcf422f34473", + "microsoft-windows-smbclient": "988c59c5-0a1c-45b6-a555-0c62276e327d", + "microsoft-windows-smbdirect": "db66ea65-b7bb-4ca9-8748-334cb5c32400", + "microsoft-windows-smbserver": "d48ce617-33a2-4bc3-a5c7-11aa4f29619e", + "microsoft-windows-smbwitnessclient": "32254f6c-aa33-46f0-a5e3-1cbcc74bf683", + "microsoft-windows-smbwmiprovider": "50b9e206-9d55-4092-92e8-f157a8235799", + "microsoft-windows-softwarerestrictionpolicies": "7d29d58a-931a-40ac-8743-48c733045548", + "microsoft-windows-spb-classextension": "72cd9ff7-4af8-4b89-aede-5f26fda13567", + "microsoft-windows-spb-hidi2c": "991f8fe6-249d-44d6-b93d-5a3060c1dedb", + "microsoft-windows-specialadministrationconsole": "8551491d-2545-5955-44bd-f5f1efacfcda", + "microsoft-windows-speech-tts": "74dcc47a-846e-4c98-9e2c-80043ed82b15", + "microsoft-windows-speech-userexperience": "13480a22-d79f-4334-9d32-aa239398ad3c", + "microsoft-windows-spell-checking": "d0e22efc-ac66-4b25-a72d-382736b5e940", + "microsoft-windows-spellchecker": "b2fcd41f-9a40-4150-8c92-b224b7d8c8aa", + "microsoft-windows-spellchecking-host": "1bda2ab1-bbc1-4acb-a849-c0ef2b249672", + "microsoft-windows-srumon": "c8dbf506-e3d3-4822-930d-84c557eb6247", + "microsoft-windows-srumtelemetry": "48d445a8-2f64-4d49-b093-a5774d8dc531", + "microsoft-windows-startnameres": "277c9237-51d8-5c1c-b089-f02c683e5ba7", + "microsoft-windows-startuprepair": "c914f0df-835a-4a22-8c70-732c9a80c634", + "microsoft-windows-staterepository": "89592015-d996-4636-8f61-066b5d4dd739", + "microsoft-windows-stobject": "86133982-63d7-4741-928e-ef1349b80219", + "microsoft-windows-storage-tiering": "4a104570-ec6d-4560-a40f-858fa955e84f", + "microsoft-windows-storage-tiering-ioheat": "990c55fc-2662-47f6-b7d7-eb3c027cb13f", + "microsoft-windows-storagemanagement": "7e58e69a-e361-4f06-b880-ad2f4b64c944", + "microsoft-windows-storagemanagement-partutil": "93db76c2-63ab-5de1-88b3-c068686675b8", + "microsoft-windows-storagemanagement-wsp-fs": "435f8e4b-8cc4-430e-9796-28cae4976576", + "microsoft-windows-storagemanagement-wsp-health": "b1f01d1a-ae3a-4940-81ee-ddccbad380ef", + "microsoft-windows-storagemanagement-wsp-host": "595f33ea-d4af-4f4d-b4dd-9dacdd17fc6e", + "microsoft-windows-storagemanagement-wsp-spaces": "88c09888-118d-48fc-8863-e1c6d39ca4df", + "microsoft-windows-storagesettings": "e934e6dd-62be-55d8-1cc8-416d0039498b", + "microsoft-windows-storagespaces-api": "bcf0c6a7-6130-5208-f27d-fa77a91f12df", + "microsoft-windows-storagespaces-driver": "595f7f52-c90a-4026-a125-8eb5e083f15e", + "microsoft-windows-storagespaces-managementagent": "aa4c798d-d91b-4b07-a013-787f5803d6fc", + "microsoft-windows-storagespaces-parser": "5bcf2a5c-2e90-5a03-aa4e-2e459bae21b4", + "microsoft-windows-storagespaces-spacemanager": "69c8ca7e-1adf-472b-ba4c-a0485986b9f6", + "microsoft-windows-storagevolume": "c8127b86-e611-5638-63f4-ae37539084d2", + "microsoft-windows-stordiag": "f5d05b38-80a6-4653-825d-c414e4ab3c68", + "microsoft-windows-store": "9c2a37f3-e5fd-5cae-bcd1-43dafeee1ff0", + "microsoft-windows-storport": "c4636a1e-7986-4646-bf10-7bc3b4a76e8e", + "microsoft-windows-storsvc": "a963a23c-0058-521d-71ec-a1cce6173f21", + "microsoft-windows-subsys-csr": "e8316a2d-0d94-4f52-85dd-1e15b66c5891", + "microsoft-windows-subsys-smss": "43e63da5-41d1-4fbf-aded-1bbed98fdd1d", + "microsoft-windows-sudo": "9d74dc62-b75f-54cd-be9e-c28940b5feed", + "microsoft-windows-superfetch": "99806515-9f51-4c2f-b918-1eae407aa8cb", + "microsoft-windows-sysprep": "75ebc33e-77b8-4ba8-9474-4f4a9db2f5c6", + "microsoft-windows-system-profile-hardwareid": "3419de6d-5d7f-4668-acc8-f80566814d96", + "microsoft-windows-system-restore": "126cdb97-d346-4894-8a34-658da5eea1b6", + "microsoft-windows-systemeventsbroker": "b6bfcc79-a3af-4089-8d4d-0eecb1b80779", + "microsoft-windows-systemsettingshandlers": "fbbd52e1-df97-529d-4b67-53f67da99a98", + "microsoft-windows-systemsettingsthreshold": "8bcdf442-3070-4118-8c94-e8843be363b3", + "microsoft-windows-tabletpc-inputpanel": "e978f84e-582d-4167-977e-32af52706888", + "microsoft-windows-tabletpc-mathinput": "8443ccb7-feb0-4b8d-8e28-8d4c7cb814e8", + "microsoft-windows-tabletpc-mathrecognizer": "bdb462fc-a297-49a2-bf2e-4f1809e12abc", + "microsoft-windows-tabletpc-platform-input-core": "b5fd844a-01d4-4b10-a57f-58b13b561582", + "microsoft-windows-tabletpc-platform-input-ninput": "2c3e6d9f-8298-450f-8e5d-49b724f1216f", + "microsoft-windows-tabletpc-platform-input-wisp": "e5aa2a53-30be-40f5-8d84-ad3f40a404cd", + "microsoft-windows-tabletpc-platform-manipulations": "2fd7a9a5-b1a1-4fc7-b95c-c32fed818f30", + "microsoft-windows-taskbarcpl": "05d7b0f0-2121-4eff-bf6b-ed3f69b894d7", + "microsoft-windows-taskscheduler": "de7b24ea-73c8-4a09-985d-5bdadcfa9017", + "microsoft-windows-tcpip": "2f07e2ee-15db-40f1-90ef-9d7ba282188a", + "microsoft-windows-tenantrestrictions": "4053fada-178b-5aa8-746b-7cf8538b5118", + "microsoft-windows-terminalservices-clientactivexcore": "28aa95bb-d444-4719-a36f-40462168127e", + "microsoft-windows-terminalservices-clientusbdevices": "6e400999-5b82-475f-b800-cef6fe361539", + "microsoft-windows-terminalservices-localsessionmanager": "5d896912-022d-40aa-a3a8-4fa5515c76d7", + "microsoft-windows-terminalservices-mediaredirection": "3f7b2f99-b863-4045-ad05-f6afb62e7af1", + "microsoft-windows-terminalservices-pnpdevices": "27a8c1e2-eb19-463e-8424-b399df27a216", + "microsoft-windows-terminalservices-printers": "952773bf-c2b7-49bc-88f4-920744b82c43", + "microsoft-windows-terminalservices-rdpsounddriver": "127e0dc5-e13b-4935-985e-78fd508b1d80", + "microsoft-windows-terminalservices-remoteconnectionmanager": "c76baa63-ae81-421c-b425-340b4b24157f", + "microsoft-windows-terminalservices-serverusbdevices": "dcbe5aaa-16e2-457c-9337-366950045f0a", + "microsoft-windows-tethering-manager": "cc311f1f-623c-4ca4-ba44-a458016555e8", + "microsoft-windows-tethering-station": "585cab4f-9351-436e-9d99-dc4b41a20de0", + "microsoft-windows-textpredictionengine": "39a63500-7d76-49cd-994f-ffd796ef5a53", + "microsoft-windows-themecpl": "61f044af-9104-4ca5-81ee-cb6c51bb01ab", + "microsoft-windows-themeui": "869fb599-80aa-485d-bca7-db18d72b7219", + "microsoft-windows-thermal-polling": "e8a7c168-81ee-465c-8e8e-d39a2ac1ca41", + "microsoft-windows-threat-intelligence": "f4e1897c-bb5d-5668-f1d8-040f4d8dd344", + "microsoft-windows-time-service": "06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb", + "microsoft-windows-time-service-ptp-provider": "cffb980e-327c-5b87-19c6-62c4c3be2290", + "microsoft-windows-timebroker": "0657adc1-9ae8-4e18-932d-e6079cda5ab3", + "microsoft-windows-tpm-wmi": "7d5387b0-cbe0-11da-a94d-0800200c9a66", + "microsoft-windows-triggeremulatorprovider": "f230d19a-5d93-47d9-a83f-53829edfb8df", + "microsoft-windows-troubleshooting-recommended": "4969de67-439c-516f-f805-a82a4f905730", + "microsoft-windows-tsf-msctf": "4fba1227-f606-4e5f-b9e8-fab9ab5740f3", + "microsoft-windows-tsf-msutb": "74b655a2-8958-410e-80e2-3457051b8dff", + "microsoft-windows-tsf-uimanager": "4dd778b8-379c-4d8c-b659-517a43d6df7d", + "microsoft-windows-tunneldriver": "4edbe902-9ed3-4cf0-93e8-b8b5fa920299", + "microsoft-windows-tunneldriver-sqm-provider": "4214dcd2-7c33-4f74-9898-719ccceec20f", + "microsoft-windows-tzsync": "3527cb55-1298-49d4-ab94-1243db0fcaff", + "microsoft-windows-tzutil": "2d318b91-e6e7-4c46-bd04-bfe6db412cf9", + "microsoft-windows-uac": "e7558269-3fa5-46ed-9f4d-3c6e282dde55", + "microsoft-windows-uac-filevirtualization": "c02afc2b-e24e-4449-ad76-bcc2c2575ead", + "microsoft-windows-ui-input-inking": "bf1db390-3e67-4d4d-a287-8958044a3db4", + "microsoft-windows-ui-search": "d8965fcf-7397-4e0e-b750-21a4580bd880", + "microsoft-windows-uianimation": "e0a40b26-30c4-4656-bc9a-74a5c3a0b2ec", + "microsoft-windows-uiautomationcore": "820a42d8-38c4-465d-b64e-d7d56ea1d612", + "microsoft-windows-uiribbon": "87d476fe-1a0f-4370-b785-60b028019693", + "microsoft-windows-universaltelemetryclient": "6489b27f-7c43-5886-1d00-0a61bb2a375b", + "microsoft-windows-urlmon": "245f975d-909d-49ed-b8f9-9a75691d6b6b", + "microsoft-windows-usb-ccid": "f708c483-4880-11e6-9121-5cf37068b67b", + "microsoft-windows-usb-mausbhost": "7725b5f9-1f2e-4e21-baeb-b2af4690bc87", + "microsoft-windows-usb-ucmucsicx": "569d11aa-5068-5ee5-da22-ce541c0b1481", + "microsoft-windows-usb-ucx": "36da592d-e43a-4e28-af6f-4bc57c5a11e8", + "microsoft-windows-usb-usb4devicerouter-eventlogs": "d07e8c3f-78fb-4c22-b77c-2203d00bfdf3", + "microsoft-windows-usb-usbhub": "7426a56b-e2d5-4b30-bdef-b31815c1a74a", + "microsoft-windows-usb-usbhub3": "ac52ad17-cc01-4f85-8df5-4dce4333c99b", + "microsoft-windows-usb-usbport": "c88a4ef5-d048-4013-9408-e04b7db2814a", + "microsoft-windows-usb-usbxhci": "30e1d284-5d88-459c-83fd-6345b39b19ec", + "microsoft-windows-user device registration": "23b8d46b-67dd-40a3-b636-d43e50552c6d", + "microsoft-windows-user profiles general": "db00dfb6-29f9-4a9c-9b3b-1f4f9e7d9770", + "microsoft-windows-user profiles service": "89b1e9f0-5aff-44a6-9b44-0a07a7ce5845", + "microsoft-windows-user-controlpanel": "319122a9-1485-4e48-af35-7db2d93b8ad2", + "microsoft-windows-user-diagnostic": "305fc87b-002a-5e26-d297-60223012ca9c", + "microsoft-windows-user-loader": "b059b83f-d946-4b13-87ca-4292839dc2f2", + "microsoft-windows-useraccountcontrol": "2683b597-3cca-410a-97fe-6f7ee3d09b94", + "microsoft-windows-userdataaccess-callhistoryclient": "f5988abb-323a-4098-8a34-85a3613d4638", + "microsoft-windows-userdataaccess-cemapi": "83a9277a-d2fc-4b34-bf81-8ceb4407824f", + "microsoft-windows-userdataaccess-pimindexmaintenance": "99c66ba7-5a97-40d5-aa01-8a07fb3db292", + "microsoft-windows-userdataaccess-poom": "0bd19909-eb6f-4b16-8074-6dce803f091d", + "microsoft-windows-userdataaccess-unifiedstore": "56f519ab-9df6-4345-8491-a4ba21ac825b", + "microsoft-windows-userdataaccess-userdataapis": "b9b2de3c-3fbd-4f42-8ff7-33c3bad35fd4", + "microsoft-windows-userdataaccess-userdataservice": "fb19ee2c-0d22-4a2e-969e-dd41ae0ce1a9", + "microsoft-windows-userdataaccess-userdatautils": "d1f688bf-012f-4aec-a38c-e7d4649f8cd2", + "microsoft-windows-usermodepowerservice": "ce8dee0b-d539-4000-b0f8-77bed049c590", + "microsoft-windows-userpnp": "96f4a050-7e31-453c-88be-9634f4e02139", + "microsoft-windows-usersettingsbackup-backupunitprocessor": "dc84bbf4-cded-56ef-bf3b-e2051d5589d5", + "microsoft-windows-usersettingsbackup-earlydownloader": "c675305e-51bd-5da6-08b4-d4cb88d198f0", + "microsoft-windows-usersettingsbackup-orchestrator": "47ae8351-b61a-51d1-0ad0-9d870c38f53a", + "microsoft-windows-uxinit": "4154a29c-40d9-445f-8d65-24da473e8f65", + "microsoft-windows-uxtheme": "422088e6-cd0c-4f99-bd0b-6985fa290bdf", + "microsoft-windows-vdrvroot": "e4480490-85b6-11dd-ad8b-0800200c9a66", + "microsoft-windows-verifyhardwaresecurity": "f3f53c76-b06d-4f15-b412-61164a0d2b73", + "microsoft-windows-vhdmp": "e2816346-87f4-4f85-95c3-0c79409aa89d", + "microsoft-windows-video-for-windows": "712abb2d-d806-4b42-9682-26da01d8b307", + "microsoft-windows-virtdisk": "4d20df22-e177-4514-a369-f1759feedeb3", + "microsoft-windows-volumecontrol": "07de7879-1c96-41ce-afbd-c659a0e8e643", + "microsoft-windows-volumesnapshot-driver": "67fe2216-727a-40cb-94b2-c02211edb34a", + "microsoft-windows-vpn-client": "3c088e51-65be-40d1-9b90-62bfec076737", + "microsoft-windows-vwifi": "314b2b0d-81ee-4474-b6e0-c2aaec0ddbde", + "microsoft-windows-wabsyncprovider": "17f14a23-551d-40cc-a086-e4194d64ed4c", + "microsoft-windows-wallet": "6ed11b00-c1b5-48cb-aecc-ff72ebefbae8", + "microsoft-windows-watchdog-events": "70e74dd8-39db-5f6f-6fd1-f5581b29e834", + "microsoft-windows-wcmsvc": "67d07935-283a-4791-8f8d-fa9117f3e6f2", + "microsoft-windows-wcn-config-registrar": "c100becf-d33a-4a4b-bf23-bbef4663d017", + "microsoft-windows-wcn-config-registrar-secure": "c100becc-d33a-4a4b-bf23-bbef4663d017", + "microsoft-windows-wcnwiz": "e8aa5402-26a1-455e-a21b-f240ed62d155", + "microsoft-windows-wdag-policyevaluator-csp": "64a98c25-9e00-404e-84ad-6700dfe02529", + "microsoft-windows-wdag-policyevaluator-gp": "e53df8ba-367a-4406-98d5-709ffb169681", + "microsoft-windows-webauth": "db6972b6-dddf-4820-84b1-2ed6ac0b96e5", + "microsoft-windows-webauthn": "3ae1ea61-c002-47fb-b06c-4022a8c98929", + "microsoft-windows-webcamexperience": "9e12ceb1-e3ff-46ad-a0aa-11738b122d20", + "microsoft-windows-webdavclient-lookupservicetrigger": "22b6d684-fa63-4578-87c9-effcbe6643c7", + "microsoft-windows-webdeploy": "ab77e98e-0138-4c77-8bfb-decd33edfe3c", + "microsoft-windows-webio": "50b3e73c-9370-461d-bb9f-26f32d68887d", + "microsoft-windows-webservices": "e04fe2e0-c6cf-4273-b59d-5c97c9c374a4", + "microsoft-windows-websocket-protocol-component": "cba5f63c-e2cf-4b36-8305-bde1311924fc", + "microsoft-windows-wephostsvc": "d5f7235b-48e2-4e9c-92fe-0e4950aba9e8", + "microsoft-windows-wer-diag": "ad8aa069-a01b-40a0-ba40-948d1d8dedc5", + "microsoft-windows-wer-payloadhealth": "4afddfde-002d-51ac-c109-c3b7897858d0", + "microsoft-windows-wer-systemerrorreporting": "abce23e7-de45-4366-8631-84fa6c525952", + "microsoft-windows-werkernel": "87a623f0-8db5-5c11-7c80-a2ebbcbe5189", + "microsoft-windows-wfp": "0c478c5b-0351-41b1-8c58-4a6737da32e3", + "microsoft-windows-whea-logger": "c26c4f3c-3f66-4e99-8f8a-39405cfed220", + "microsoft-windows-wifidisplay": "712880e9-7813-41a3-8e4c-e4e0c4f6580a", + "microsoft-windows-wifihotspotservice": "814182fe-58f7-11e1-853c-78e7d1ca7337", + "microsoft-windows-wifinetworkmanager": "e5c16d49-2464-4382-bb20-97a4b5465db9", + "microsoft-windows-win32k": "8c416c79-d49b-4f01-a467-e56d3aa8234c", + "microsoft-windows-windeploy": "75ebc33e-c8ae-4f93-9ca1-683a53e20cb6", + "microsoft-windows-windows defender": "11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78", + "microsoft-windows-windows firewall with advanced security": "d1bc9aff-2abf-4d71-9146-ecb2a986eb85", + "microsoft-windows-windowsbackup": "01979c6a-42fa-414c-b8aa-eee2c8202018", + "microsoft-windows-windowscolorsystem": "d53270e3-c8cf-4707-958a-dad20c90073c", + "microsoft-windows-windowssystemassessmenttool": "11a75546-3234-465e-bec8-2d301cb501ac", + "microsoft-windows-windowstogo-startupoptions": "2e6cb42e-161d-413b-a6c1-84ca4c1e5890", + "microsoft-windows-windowsuiimmersive": "74827cbb-1e0f-45a2-8523-c605866d2f22", + "microsoft-windows-windowsupdateclient": "945a8954-c147-4acd-923f-40c45405a658", + "microsoft-windows-winhttp": "7d44233d-3055-4b9c-ba64-0d47ca40a232", + "microsoft-windows-winhttp-diagnostics": "64de121b-5f08-5853-ab48-7758f2ea2dd3", + "microsoft-windows-winhttp-pca": "d071ce03-0d7b-5b27-e817-b9c12961934e", + "microsoft-windows-wininet": "43d1a55c-76d6-4f7e-995c-64c711e5cafe", + "microsoft-windows-wininet-capture": "a70ff94f-570b-4979-ba5c-e59c9feab61b", + "microsoft-windows-wininet-config": "5402e5ea-1bdd-4390-82be-e108f1e634f5", + "microsoft-windows-wininet-pca": "4860ea43-3f05-5fb8-20ce-7ba346a44747", + "microsoft-windows-wininit": "206f6dea-d3c5-4d10-bc72-989f03c8b84b", + "microsoft-windows-winlogon": "dbe9b383-7cf3-4331-91cc-a3cb16a3b538", + "microsoft-windows-winmde": "77549803-7bb1-418b-a98e-f2e22f35a873", + "microsoft-windows-winml": "c8517e09-bea2-5bb6-bef3-50b4c91c431e", + "microsoft-windows-winnat": "66c07ecd-6667-43fc-93f8-05cf07f446ec", + "microsoft-windows-winreagent": "1f7a6c55-5532-573b-35b7-2107e43a6ef5", + "microsoft-windows-winrm": "a7975c8f-ac13-49f1-87da-5a984a4ab417", + "microsoft-windows-winrt-error": "a86f8471-c31d-4fbc-a035-665d06047b03", + "microsoft-windows-winsock-afd": "e53c6823-7bb8-44bb-90dc-3f86090d48a6", + "microsoft-windows-winsock-nameresolution": "55404e71-4db9-4deb-a5f5-8f86e46dde56", + "microsoft-windows-winsock-sockets": "bde46aea-2357-51fe-7367-d5296f530bd1", + "microsoft-windows-winsock-sqm": "093da50c-0bb9-4d7d-b95c-3bb9fcda5ee8", + "microsoft-windows-winsock-ws2help": "d5c25f9a-4d47-493e-9184-40dd397a004d", + "microsoft-windows-winsrv": "9d55b53d-449b-4824-a637-24f9d69aa02f", + "microsoft-windows-wired-autoconfig": "b92cf7fd-dc10-4c6b-a72d-1613bf25e597", + "microsoft-windows-wlan-autoconfig": "9580d7dd-0379-4658-9870-d5be7d52d6de", + "microsoft-windows-wlan-driver": "daa6a96b-f3e7-4d4d-a0d6-31a350e6a445", + "microsoft-windows-wlandlg": "d4afa0dc-4dd1-40af-afce-cb0d0e6736a7", + "microsoft-windows-wlanpref": "ca5ba219-c0d4-4efa-9ceb-72aff92672b0", + "microsoft-windows-wlgpa": "46098845-8a94-442d-9095-366a6bcfefa9", + "microsoft-windows-wmbclass": "12d25187-6c0d-4783-ad3a-84caa135acfd", + "microsoft-windows-wmbclass-opn": "a42fe227-a7bf-4483-a502-6bcda428cd96", + "microsoft-windows-wmi": "1edeee53-0afe-4609-b846-d8c0b2075b1f", + "microsoft-windows-wmi-activity": "1418ef04-b0b4-4623-bf7e-d74ab47bbdaa", + "microsoft-windows-wmp": "f3f14ff3-7b80-4868-91d0-d77e497b025e", + "microsoft-windows-wmp-setup_wm": "0d759f0f-cff9-4902-8867-eb9e29d7a98b", + "microsoft-windows-wmpdmcui": "3f9e07bd-0e26-4241-a5a5-28cafa150a75", + "microsoft-windows-wmpnss-publicapi": "614696c9-85af-4e64-b389-d2c0db4ff87b", + "microsoft-windows-wmpnss-service": "6a2dc7c1-930a-4fb5-bb44-80b30aebed6c", + "microsoft-windows-wmpnssui": "7c314e58-8246-47d1-8f7a-4049dc543e0b", + "microsoft-windows-wmvdecod": "55bacc9f-9ac0-46f5-968a-a5a5dd024f8a", + "microsoft-windows-wmvencod": "313b0545-bf9c-492e-9173-8de4863b8573", + "microsoft-windows-workfolders": "34a3697e-0f10-4e48-af3c-f869b5babebb", + "microsoft-windows-workplace join": "76ab12d5-c986-4e60-9d7c-2a092b284cdd", + "microsoft-windows-wpd-api": "31569dcf-9c6f-4b8e-843a-b7c1cc7ffcba", + "microsoft-windows-wpd-compositeclassdriver": "355c44fe-0c8e-4bf8-be28-8bc7b5a42720", + "microsoft-windows-wpd-mtpbt": "92ab58d3-f351-4af5-9c72-d52f36ee2c92", + "microsoft-windows-wpd-mtpclassdriver": "21b7c16e-c5af-4a69-a74a-7245481c1b97", + "microsoft-windows-wpd-mtpip": "c374d21e-69b2-4cd7-9a25-62187c5a5619", + "microsoft-windows-wpd-mtpus": "dcfc4489-9ce0-403c-99df-a05422c60898", + "microsoft-windows-wpdclassinstaller": "ad5162d8-daf0-4a25-88a7-01cbeb33902e", + "microsoft-windows-wsc-srv": "5857d6ca-9732-4454-809b-2a87b70881f8", + "microsoft-windows-wusa": "09608c12-c1da-4104-a6fe-b959cf57560a", + "microsoft-windows-wwan-mm-events": "7839bb2a-2ea3-4eca-a00f-b558ba678bec", + "microsoft-windows-wwan-ndisuio-events": "b3eee223-d0a9-40cd-adfc-50f1888138ab", + "microsoft-windows-wwan-svc-events": "3cb40aaa-1145-4fb8-b27b-7e30f0454316", + "microsoft-windows-wwanclient_0ca4cac9670d3ec454b4175eb8aa80b3": "0ca4cac9-670d-3ec4-54b4-175eb8aa80b3", + "microsoft-windows-wwanprotdim_e72a6a5d74743941a6fa83201a9f8ef4": "e72a6a5d-7474-3941-a6fa-83201a9f8ef4", + "microsoft-windows-xaml": "531a35ab-63ce-4bcf-aa98-f88c7a89e455", + "microsoft-windows-xaml-diagnostics": "59e7a714-73a4-4147-b47e-0957048c75c4", + "microsoft-windows-xaudio2": "1ee3abdb-c1fc-4b43-9e56-11064abba866", + "microsoft-windows-xwizards": "777ba8fe-2498-4875-933a-3067de883070", + "microsoft-windows-ztdns": "8507cd07-f18b-54f0-b871-23c43a5bf118", + "microsoft-windows-zthelper": "40e3fc75-59e8-5443-47cb-a1e1b197fde0", + "microsoft-windows-ztracemaps": "b865b57b-bdda-4e1d-a2c8-adfa69fe6ab9", + "microsoft-windowsazure-diagnostics": "9148c98f-152c-44d3-a496-26350c475d74", + "microsoft-windowsazure-status": "9e3b8bee-15eb-444b-a692-bab4546644f2", + "microsoft-windowsphone-configmanager2": "2f94e1cc-a8c5-4fe7-a1c3-53d7bda8e73e", + "microsoft-windowsphone-coremessaging": "922cdcf3-6123-42da-a877-1a24f23e39c5", + "microsoft-windowsphone-coreuicomponents": "a0b7550f-4e9a-4f03-ad41-b8042d06a2f7", + "microsoft-windowsphone-ufx": "e98ebdbf-3058-4784-8521-47860b1d2b8e", + "microsoft-windowsphone-ufxsynopsys": "49b12c7c-4bd5-4f93-bb75-30fce739600b", + "microsoft.windows.hyperv.gpupvdev": "c3a331b2-af4f-5472-fd2f-4313035c4e77", + "microsoft.windows.hyperv.vmiccore": "e5ea3ca6-5eb0-597d-504a-2fd09ccdefda", + "microsoft.windows.resourcemanager": "4180c4f7-e238-5519-338f-ec214f0b49aa", + "microsoft_sidecar": "1db28f2e-8f80-4027-8c5a-a11f7f10f62d", + "mmc": "9c88041d-349d-4647-8bfd-2c0a167bfe58", + "mobility center performance trace": "8a8b5246-6eb6-4339-8b59-b0085b9f4890", + "mobility center trace": "082dff20-f430-11d9-8cd6-0800200c9a66", + "mount manager trace": "467c1914-37f0-4c7d-b6db-5cd7dfe7bd5e", + "msadce.1": "76dba919-5a36-fc80-2cad-3185532b7cb1", + "msadcf.1": "101c0e21-ebba-a60a-ec3d-58797788928a", + "msadco.1": "5c6ce734-1b3e-705e-c2ab-b272d99aaf8f", + "msadds.1": "13cd7f92-5baa-8c7c-3d72-b69fac139a46", + "msadox.1": "6c770d53-0441-afd4-dcab-1d89155fecfc", + "msdadiag.etw": "8b98d3f2-3cc6-0b9c-6651-9649cce5c752", + "msdaprst.1": "64a552e0-6c60-b907-e59c-10f1dff76b0d", + "msdarem.1": "564f1e24-fc86-28e1-74f8-5ca0d950bee0", + "msdart.1": "ceb7253c-bb96-9dfe-51d1-53d966d0cf8b", + "msdasql_1": "b6501ba0-c61a-c4e6-6fa2-a4e7f8c8e7a0", + "msdatl3.1": "87b93a44-1f73-ec83-7261-2dfc972d9b1e", + "msiscsi_iscsi": "1babefb4-59cb-49e5-9698-fd38ac830a91", + "mui resource trace": "d3de60b2-a663-45d5-9826-a0a5949d2cb0", + "native wifi filter driver trace": "d905ac1c-65e7-4242-99ea-fe66a8355df8", + "native wifi msm trace": "d905ac1d-65e7-4242-99ea-fe66a8355df8", + "netjoin": "9741fd4e-3757-479f-a3c6-fc49f6d5edd0", + "network location awareness trace": "1ac55562-d4ff-4bc5-8ef3-a18e07c4668e", + "network profile manager": "d9131565-e1dd-4c9e-a728-951999c2adb5", + "nisdrvwfp provider": "49d6ad7b-52c4-4f79-a164-4dcd908391e4", + "ntfs": "dd70bc80-ef44-421b-8ac3-cd31da613a4e", + "ntfs_ntfslog": "b2fc00c4-2941-4d11-983b-b16e8aa4e25d", + "ntlm security protocol": "c92cf544-91b3-4dc0-8e11-c580339a0bf8", + "odbc.1": "f34765f6-a1be-4b9d-1400-b8a12921f704", + "odbcbcp.1": "932b59f1-90c2-d8ba-0956-3975c344ae2b", + "officeairspace": "f562bb8e-422d-4b5c-b20e-90d710f7d11c", + "officeloggingliblet": "f50d9315-e17e-43c1-8370-3edf6cc057be", + "oledb.1": "0dd082c4-66f2-271f-74ba-2bf1f9f65c66", + "openssh": "c4b57d35-0636-4bc3-a262-370f249f9802", + "pnpx assocdb trace": "7311ad03-18d6-45ac-9b08-b020bdd6a590", + "portable device connectivity api trace": "02fe721a-0725-469e-a26d-37b3c09faac1", + "powershellcore": "f90714a8-5509-434a-bf6d-b1624c8a19a2", + "printfilterpipelinesvc_objectsguid": "aefe45f4-8548-42b4-b1c8-25673b07ad8b", + "refsv1wpptrace": "6d2fd9c5-8bd8-4a5d-8aa8-01e5c3b2ae23", + "refswpptrace": "740f3c34-57df-4bad-8eea-72ac69ad5df5", + "rmclient_restartmanager": "0888e5ef-9b98-4695-979d-e92ce4247224", + "rowsethelper.1": "74a75b02-36d8-ede6-d10e-95b691503408", + "rss platform backgroundsync perf trace": "ca1cf55c-9e49-4ad3-8038-39cb6f66af11", + "rss platform backgroundsync trace": "f59d1d86-cc03-4736-bc9c-4c7936871b3d", + "rss platform perf trace": "2b240425-3141-43ee-931f-ec9f997c7d7e", + "rss platform trace": "8c50fa6e-394e-4b47-b6d1-a880a5f225a2", + "runtimeinstaller": "417879eb-0efb-4a9a-87ef-b9b55086aaf1", + "runtimerestserver": "ec93adf0-a939-4e61-b96d-bfa285eba2d5", + "sbp2 port driver tracing provider": "6710597f-7319-4aae-9b85-c8d87136a56b", + "schannel": "1f678132-5938-4686-9fdc-c8ff68f15c85", + "sd bus trace": "3b9e3da4-70b8-46d3-9ef2-3ddf128bded8", + "security: kerberos authentication": "6b510852-3583-4e2d-affe-a67f9f223438", + "security: ntlm authentication": "5bbb6c18-aa45-49b1-a15f-085f7ed0aa90", + "security: schannel": "37d2c3cd-c5d4-4587-8531-4696c44244c8", + "security: tspkg": "6165f3e2-ae38-45d4-9b23-6b4818758bd9", + "security: wdigest": "fb6a424f-b5d6-4329-b9d5-a975b3a93ead", + "sensor classextension trace": "a1e89bb0-ef73-4980-8c99-dd15f7271d7e", + "service control manager": "555908d1-a6d7-4695-8e1e-26931d2012f4", + "service control manager trace": "ebcca1c2-ab46-4a1d-8c2a-906c2ff25f39", + "serviceruntime": "3a867e2e-2c45-4b6c-9654-d7575e57f3cf", + "sqloledb_1": "c5bffe2e-9d87-d568-a09e-08fc83d0c7c2", + "sqlsrv32.1": "4b647745-f438-0a42-f870-5dbd29949c99", + "tcpip service trace": "eb004a05-9b1a-11d4-9123-0050047759bc", + "telemetry": "7c203661-7420-49de-b8e0-7cc5878ebed0", + "terminalserver-mediafoundationplugin": "4199ee71-d55d-47d7-9f57-34a1d5b2c904", + "thread pool": "c861d0e2-a2c1-4d36-9f9c-970bab943a12", + "tpm": "1b6b0772-251b-4d42-917d-faca166bc059", + "transparentinstaller": "747c00b6-f0b4-438c-8b48-f3e5d7ed38a2", + "ts client activex control trace": "daa6caf5-6678-43f8-a6fe-b40ee096e06e", + "ts client trace": "0c51b20c-f755-48a8-8123-bf6da2adc727", + "ts rdp init trace": "c127c1a8-6ceb-11da-8bde-f66bad1e3f3a", + "ts rdp shell trace": "bfa655dc-6c51-11da-8bde-f66bad1e3f3a", + "ts rdp sound end point trace": "5a966d1c-6b48-11da-8bde-f66bad1e3f3a", + "umb trace": "96ab095a-9519-4f5c-81ee-c510b0a45463", + "umbus driver trace": "f9be9c98-10db-4318-bb61-cb0ddea08bf7", + "umdf - driver manager trace": "485e7dea-0a80-11d8-ad15-505054503030", + "umdf - framework trace": "485e7de9-0a80-11d8-ad15-505054503030", + "umdf - host process trace": "485e7df0-0a80-11d8-ad15-505054503030", + "umdf - lpc driver trace": "485e7ded-0a80-11d8-ad15-505054503030", + "umdf - lpc trace": "485e7def-0a80-11d8-ad15-505054503030", + "umdf - platform library trace": "485e7de8-0a80-11d8-ad15-505054503030", + "umdf - reflector trace": "485e7dee-0a80-11d8-ad15-505054503030", + "umdf - test trace": "485e7deb-0a80-11d8-ad15-505054503030", + "umdf - wdf core": "485e7de9-0a80-11d8-ad15-505054503030", + "umpass driver trace": "ff9e2bdd-0e24-437c-84be-7cfcae635808", + "usb storage driver tracing provider": "72fb9358-a9b3-41e0-ae41-e8deca41e3a8", + "user-mode pnp manager trace": "a676b545-4cfb-4306-a067-502d9a0f2220", + "user32": "b0aa8734-56f7-41cc-b2f4-de228e98b946", + "volsnap": "cb017cd2-1f37-4e65-82bc-3e91f6a37559", + "vss tracing provider": "9138500e-3648-4edb-aa4c-859e9f7b7c38", + "windows connect now": "c100bece-d33a-4a4b-bf23-bbef4663d017", + "windows defender firewall api": "28c9f48f-d244-45a8-842f-dc9fbc9b6e92", + "windows defender firewall api - gp": "0eff663f-8b6e-4e6d-8182-087a8eaa29cb", + "windows defender firewall driver": "d5e09122-d0b2-4235-adc1-c89faaaf1069", + "windows defender firewall netshell plugin": "28c9f48f-d244-45a8-842f-dc9fbc9b6e94", + "windows defender firewall service": "5eefebdb-e90c-423a-8abf-0241e7c5b87d", + "windows error reporting": "0ead09bd-2157-539a-8d6d-c87f95b64d70", + "windows kernel trace": "9e814aad-3204-11d2-9a82-006008a86939", + "windows media player trace": "a9c1a3b7-54f3-4724-adce-58bc03e3bc78", + "windows networkitemfactory trace": "d2a60d61-0f87-4673-a86c-9c461457fe27", + "windows notification facility provider": "42695762-ea50-497a-9068-5cbbb35e0b95", + "windows remote management trace": "04c6e16d-b99f-4a3a-9b3e-b8325bbc781e", + "windows wininit trace": "c2ba06e2-f7ce-44aa-9e7e-62652cdefe97", + "windows winlogon trace": "d451642c-63a6-11d7-9720-00b0d03e0347", + "windows-applicationmodel-store-sdk": "ff79a477-c45f-4a52-8ae0-2b324346d4e4", + "windowsazure-guestagent-diagnostic": "de49cbbe-8388-4c87-8310-2f9ec1338bde", + "windowsazure-guestagent-metrics": "fff0196f-ee4c-4eaf-9aa5-776f622deb4f", + "windowsazure-guestagent-status": "69b669b9-4af8-4c50-bdc4-6006fa76e975", + "windowsazureguestagent": "3000b92b-ca8b-4269-90ea-c4185ee09e92", + "winsatapi_etw_provider": "617853d6-728b-4b59-8a78-c3a9a5eade92", + "winsrvext": "2b9537f0-4a90-557b-1313-d0ce2827a94a", + "wireless client trace": "8a3cf0b5-e0bc-450b-ae4b-61728ffa1d58", + "wlan autoconfig trace": "0c5a3172-2248-44fd-b9a6-8389cb1dc56a", + "wlan diagnostics trace": "637a0f36-dff5-4b2f-83dd-b106c1c725e2", + "wlan dialog trace": "520319a9-b932-4ec7-943c-61e560939101", + "wlan extensibility trace": "e2eb5b52-08b1-4391-b670-f58317376247", + "wmi_tracing": "1ff6b227-2ca7-40f9-9a66-980eadaa602e", + "wmi_tracing_client_operations": "8e6b6962-ab54-4335-8229-3255b919dd0e", + "wmp network sharing api": "8ed60a3a-8c12-49c5-a518-fdf451bc10fc", + "wmp network sharing service": "a7eb57f6-145e-4f18-bd75-dbbf6f7e23a7", + "wmp network sharing taskbar": "d804a67f-4c25-43c1-896f-89ff78b3a911", + "wpd api trace": "c3c5d8af-2fd5-4500-a8e7-379c2d0bbe2e", + "wpd bluetooth mtp emumerator driver trace": "4b6efb94-30ea-49a7-bb29-e9ed9dce67da", + "wpd busenumservice trace": "0381564e-d5cb-4e48-ab35-be24389b0f59", + "wpd classextension trace": "a0a352c5-b8ec-41e9-9936-8452c1c0a6cf", + "wpd classinstaller trace": "45350d79-4497-42f1-bd1b-83587575b91a", + "wpd fsdriver trace": "1311095b-b9ff-497a-8560-2f43ca5438e4", + "wpd mtpdriver trace": "97496dda-c211-4ffe-b1b1-68e6e98ebc38", + "wpd shellextension trace": "a42c7bd1-5af3-4b32-9bc6-b85eb31d3f4a", + "wpd shellserviceobject trace": "1ab5ac29-037f-43a1-9484-78c9db61f869", + "wpd types trace": "58e8f67d-29e9-456c-b23d-c6489e341bb0", + "wpd wiacompat trace": "b809f4ff-3023-473c-971b-ab594429ea57", + "wpd wmdmcompat trace": "17abf473-982c-4d0e-b502-3a59d89e71de", + "wsat_traceprovider": "7f3fe630-462b-47c5-ab07-67ca84934abd", + "wudfx02000_kmdftraceguid": "485e7de9-0a80-11d8-ad15-505054503030", + "xwizard framework": "777ba8ff-2498-4875-933a-3067de883070", +} diff --git a/internal/vm/vmutils/etw/etw_map_test.go b/internal/vm/vmutils/etw/etw_map_test.go new file mode 100644 index 0000000000..2c78659242 --- /dev/null +++ b/internal/vm/vmutils/etw/etw_map_test.go @@ -0,0 +1,65 @@ +package etw + +import ( + "strings" + "testing" +) + +func TestETWNameToGuidMap_AllKeysAndValuesAreLowercase(t *testing.T) { + if len(etwNameToGuidMap) == 0 { + t.Fatal("etwNameToGuidMap is empty") + } + + for key, value := range etwNameToGuidMap { + if key != strings.ToLower(key) { + t.Fatalf("map key is not lowercase: key=%q value=%q", key, value) + } + if value != strings.ToLower(value) { + t.Fatalf("map value is not lowercase: key=%q value=%q", key, value) + } + } +} + +func isValidGuid(guid string) bool { + // GUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (8-4-4-4-12 hex digits) + if len(guid) != 36 { + return false + } + for i, c := range guid { + switch i { + case 8, 13, 18, 23: + if c != '-' { + return false + } + default: + if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f')) { + return false + } + } + } + return true +} + +func TestETWNameToGuidMap_AllGuidsAreValid(t *testing.T) { + for key, guid := range etwNameToGuidMap { + if !isValidGuid(guid) { + t.Fatalf("invalid GUID format: key=%q guid=%q", key, guid) + } + } +} + +func TestETWNameToGuidMap_KeysAreNonEmpty(t *testing.T) { + for key := range etwNameToGuidMap { + if strings.TrimSpace(key) == "" { + t.Fatal("found empty key in etwNameToGuidMap") + } + } +} + +func TestETWNameToGuidMap_ValuesAreNonEmpty(t *testing.T) { + for key, value := range etwNameToGuidMap { + if strings.TrimSpace(value) == "" { + t.Fatalf("found empty value for key=%q", key) + } + } +} diff --git a/internal/vm/vmutils/etw/provider_map.go b/internal/vm/vmutils/etw/provider_map.go index da7d95cbd7..2c03ce5f5e 100644 --- a/internal/vm/vmutils/etw/provider_map.go +++ b/internal/vm/vmutils/etw/provider_map.go @@ -2,37 +2,14 @@ package etw import ( "context" - "embed" "encoding/base64" "encoding/json" "fmt" "strings" - "sync" "github.com/Microsoft/hcsshim/internal/log" ) -//go:embed etw-map.json default-logsources.json -var embeddedFiles embed.FS - -const ( - EtwMapFileName = "etw-map.json" - DefaultLogSourcesFile = "default-logsources.json" -) - -var ( - onceLists sync.Once - onceListMap sync.Once - defaultLogSources LogSourcesInfo - defaultLogSourcesWithMap LogSourcesInfo -) - -var ( - onceProvider sync.Once - nameToGUID map[string]string // STATIC - guidToName map[string]string // STATIC -) - // Log Sources JSON structure type LogSourcesInfo struct { LogConfig LogConfig `json:"LogConfig"` @@ -54,18 +31,8 @@ type EtwProvider struct { Keywords string `json:"keywords,omitempty"` } -// ETW - Map JSON structure -type EtwInfo struct { - EtwMap []EtwProviderMap `json:"EtwProviderMap"` -} - -type EtwProviderMap struct { - ProviderName string `json:"providerName"` - ProviderGUID string `json:"providerGuid"` -} - // NormalizeGUID takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID. -func NormalizeGUID(in string) (string, error) { +func normalizeGUID(in string) (string, error) { s := strings.TrimSpace(in) s = strings.TrimPrefix(s, "{") s = strings.TrimSuffix(s, "}") @@ -86,7 +53,7 @@ func NormalizeGUID(in string) (string, error) { } } - compact = strings.ToUpper(compact) + compact = strings.ToLower(compact) return compact[0:8] + "-" + compact[8:12] + "-" + compact[12:16] + "-" + @@ -94,139 +61,17 @@ func NormalizeGUID(in string) (string, error) { compact[20:32], nil } -// LoadEtwMap loads the ETW provider name to GUID mapping from the embedded JSON file. It returns two maps, one for name to GUID and another for GUID to name. If there is an error in loading or parsing the file, it returns empty maps and the error. -func LoadEtwMap(ctx context.Context) (map[string]string, map[string]string, error) { - onceProvider.Do(func() { - b, err := embeddedFiles.ReadFile(EtwMapFileName) - if err != nil { - log.G(ctx).Errorf("Error reading ETW map file: %v", err) - return - } - - var cfg EtwInfo - if err := json.Unmarshal(b, &cfg); err != nil { - log.G(ctx).Errorf("Error unmarshalling ETW map file: %v", err) - return - } - - n2g := make(map[string]string) - g2n := make(map[string]string) - - for _, p := range cfg.EtwMap { - name := strings.TrimSpace(p.ProviderName) - guid, err := NormalizeGUID(p.ProviderGUID) - if name == "" || err != nil { - // skip invalid entries - log.G(ctx).Warningf("Skipping invalid ETW map entry with name %q and GUID %q: %v", p.ProviderName, p.ProviderGUID, err) - continue - } - - // Duplicate check - if _, ok := n2g[name]; ok { - // skip if already exists - log.G(ctx).Warningf("Skipping duplicate ETW provider name %q in ETW map", name) - continue - } - if _, ok := g2n[guid]; ok { - // skip if already exists - log.G(ctx).Warningf("Skipping duplicate ETW provider GUID %q in ETW map", guid) - continue - } - - n2g[name] = guid - g2n[guid] = name - } - - nameToGUID = n2g - guidToName = g2n - - }) - - return nameToGUID, guidToName, nil -} - -// GetDefaultLogSources returns the default log sources from the embedded JSON file. If there is an error in loading or parsing the file, it returns an empty LogSourcesInfo struct and the error. -// The default log sources are defined in the "default-logsources.json" file and are loaded only once using sync.Once to ensure thread safety and performance. -// The providers in the default-logsources.json file should only have Provider Names and must not contain GUIDs as the handling of GUIDs is based on the configuration and is done in the UpdateEncodedLogSources function where we -// check if we need to include GUIDs for the log sources based on the configuration and if needed, we map the provider names to their corresponding GUIDs using the ETW map loaded from the "etw-map.json" file. -// The only exception to this is if the provider does not have any name and only has a GUID. -func GetDefaultLogSources(ctx context.Context) (LogSourcesInfo, error) { - onceLists.Do(func() { - - allList, err := embeddedFiles.ReadFile(DefaultLogSourcesFile) - if err != nil { - log.G(ctx).Errorf("Error reading default log sources file: %v", err) - return - } - - if err := json.Unmarshal(allList, &defaultLogSources); err != nil { - log.G(ctx).Errorf("Error unmarshalling default log sources file: %v", err) - return - } - - // Check if the default log sources have provider names. If they do, do not include GUIDs in the - // default log sources, because GUID handling is based on configuration and is done in the - // UpdateEncodedLogSources function. There we check if GUIDs are needed for the log sources and, - // if so, map provider names to their corresponding GUIDs using the ETW map from "etw-map.json". - // The only exception is when a provider has no name and only a GUID. - for i := range defaultLogSources.LogConfig.Sources { - for j := range defaultLogSources.LogConfig.Sources[i].Providers { - if defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderName != "" && - defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID != "" { - defaultLogSources.LogConfig.Sources[i].Providers[j].ProviderGUID = "" - } - } - } - }) - return defaultLogSources, nil -} - -// GetDefaultLogSourcesWithMappedGUID returns the default log sources with provider GUIDs included in the providers. If there is an error in loading the default log sources or the ETW map, it returns the default log sources without GUIDs. -func GetDefaultLogSourcesWithMappedGUID(ctx context.Context) (LogSourcesInfo, error) { - onceListMap.Do(func() { - _, err := GetDefaultLogSources(ctx) - if err != nil { - log.G(ctx).Errorf("Error getting default log sources: %v", err) - return - } - - var logConfig LogConfig - for _, src := range defaultLogSources.LogConfig.Sources { - var source Source - source.Type = src.Type - for _, provider := range src.Providers { - var etwProvider EtwProvider - etwProvider.Keywords = provider.Keywords - etwProvider.Level = provider.Level - etwProvider.ProviderName = provider.ProviderName - etwProvider.ProviderGUID = GetProviderGUIDFromName(ctx, provider.ProviderName) - source.Providers = append(source.Providers, etwProvider) - } - - logConfig.Sources = append(logConfig.Sources, source) - } - - defaultLogSourcesWithMap.LogConfig = logConfig - }) - return defaultLogSourcesWithMap, nil +// GetDefaultLogSources returns the default log sources configuration. +func GetDefaultLogSources() LogSourcesInfo { + return defaultLogSourcesInfo } // GetProviderGUIDFromName returns the provider GUID for a given provider name. If the provider name is not found in the map, it returns an empty string. -func GetProviderGUIDFromName(ctx context.Context, providerName string) string { - if _, _, err := LoadEtwMap(ctx); err != nil { - log.G(ctx).Errorf("Error loading ETW map: %v", err) - return "" - } - return nameToGUID[providerName] -} - -// GetProviderNameFromGUID returns the provider name for a given provider GUID. If the provider GUID is not found in the map, it returns an empty string. -func GetProviderNameFromGUID(ctx context.Context, providerGUID string) string { - if _, _, err := LoadEtwMap(ctx); err != nil { - log.G(ctx).Errorf("Error loading ETW map: %v", err) - return "" +func getProviderGUIDFromName(providerName string) string { + if guid, ok := etwNameToGuidMap[strings.ToLower(providerName)]; ok { + return guid } - return guidToName[providerGUID] + return "" } // UpdateLogSources updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded JSON string. @@ -234,7 +79,7 @@ func GetProviderNameFromGUID(ctx context.Context, providerGUID string) string { func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) string { var resultLogCfg LogSourcesInfo if useDefaultLogSources { - resultLogCfg, _ = GetDefaultLogSources(ctx) + resultLogCfg = defaultLogSourcesInfo } if base64EncodedJSONLogConfig != "" { @@ -301,14 +146,14 @@ func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, us for i, src := range resultLogCfg.LogConfig.Sources { for j, provider := range src.Providers { if provider.ProviderGUID != "" { - guid, err := NormalizeGUID(provider.ProviderGUID) + guid, err := normalizeGUID(provider.ProviderGUID) if err != nil { log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) } resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid } if provider.ProviderName != "" && provider.ProviderGUID == "" { - resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = GetProviderGUIDFromName(ctx, provider.ProviderName) + resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = getProviderGUIDFromName(provider.ProviderName) } } } @@ -320,12 +165,12 @@ func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, us for i, src := range resultLogCfg.LogConfig.Sources { for j, provider := range src.Providers { if provider.ProviderName != "" && provider.ProviderGUID != "" { - guid, err := NormalizeGUID(provider.ProviderGUID) + guid, err := normalizeGUID(provider.ProviderGUID) if err != nil { log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) continue } - if strings.EqualFold(guid, GetProviderGUIDFromName(ctx, provider.ProviderName)) { + if strings.EqualFold(guid, getProviderGUIDFromName(provider.ProviderName)) { resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" } else { resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid diff --git a/internal/vm/vmutils/etw/provider_map_test.go b/internal/vm/vmutils/etw/provider_map_test.go new file mode 100644 index 0000000000..8e8230c4c4 --- /dev/null +++ b/internal/vm/vmutils/etw/provider_map_test.go @@ -0,0 +1,282 @@ +package etw + +import ( + "context" + "encoding/base64" + "encoding/json" + "reflect" + "strings" + "testing" +) + +func TestNormalizeGUID(t *testing.T) { + tests := []struct { + input string + expected string + wantErr bool + }{ + // Valid GUIDs in various formats + {"01234567-89ab-cdef-0123-456789abcdef", "01234567-89ab-cdef-0123-456789abcdef", false}, + {"0123456789abcdef0123456789abcdef", "01234567-89ab-cdef-0123-456789abcdef", false}, + {"{01234567-89ab-cdef-0123-456789abcdef}", "01234567-89ab-cdef-0123-456789abcdef", false}, + {"{0123456789abcdef0123456789abcdef}", "01234567-89ab-cdef-0123-456789abcdef", false}, + {"01234567-89AB-CDEF-0123-456789ABCDEF", "01234567-89ab-cdef-0123-456789abcdef", false}, + {"{01234567-89AB-CDEF-0123-456789ABCDEF}", "01234567-89ab-cdef-0123-456789abcdef", false}, + // Invalid GUIDs + {"", "", true}, + {"01234567-89ab-cdef-0123-456789abcde", "", true}, // too short + {"01234567-89ab-cdef-0123-456789abcdef0", "", true}, // too long + {"01234567-89ab-cdef-0123-456789abcdeg", "", true}, // non-hex char + {"{01234567-89ab-cdef-0123-456789abcdeg}", "", true}, // non-hex char with braces + {"01234567-89ab-cdef-0123-456789abcde-", "", true}, // trailing dash + } + + for _, tt := range tests { + got, err := normalizeGUID(tt.input) + if tt.wantErr { + if err == nil { + t.Errorf("normalizeGUID(%q) expected error, got none", tt.input) + } + } else { + if err != nil { + t.Errorf("normalizeGUID(%q) unexpected error: %v", tt.input, err) + } + if got != tt.expected { + t.Errorf("normalizeGUID(%q) = %q, want %q", tt.input, got, tt.expected) + } + } + } +} + +func TestGetProviderGUIDFromName(t *testing.T) { + // These names should be present in the etwNameToGuidMap for the tests to pass. + tests := []struct { + name string + expected string + }{ + {"Microsoft.Windows.HyperV.Compute", etwNameToGuidMap["microsoft.windows.hyperv.compute"]}, + {"Microsoft.Windows.Containers.Setup", etwNameToGuidMap["microsoft.windows.containers.setup"]}, + {"nonexistent.provider", ""}, + {"", ""}, + } + + for _, tt := range tests { + got := getProviderGUIDFromName(tt.name) + if got != tt.expected { + t.Errorf("getProviderGUIDFromName(%q) = %q, want %q", tt.name, got, tt.expected) + } + } +} + +func TestUpdateLogSources_Combinations(t *testing.T) { + originalDefaults := cloneLogSourcesInfo(defaultLogSourcesInfo) + t.Cleanup(func() { + defaultLogSourcesInfo = cloneLogSourcesInfo(originalDefaults) + }) + + userConfig := buildTestUserLogSources(t) + + tests := []struct { + name string + base64Input string + useDefault bool + includeGUIDs bool + expectedLogCfg LogSourcesInfo + }{ + { + name: "empty_input_no_defaults_no_guids", + base64Input: "", + useDefault: false, + includeGUIDs: false, + expectedLogCfg: LogSourcesInfo{}, + }, + { + name: "empty_input_no_defaults_with_guids", + base64Input: "", + useDefault: false, + includeGUIDs: true, + expectedLogCfg: LogSourcesInfo{}, + }, + { + name: "empty_input_with_defaults_no_guids", + base64Input: "", + useDefault: true, + includeGUIDs: false, + expectedLogCfg: expectedLogSources(originalDefaults, LogSourcesInfo{}, true, false, false), + }, + { + name: "empty_input_with_defaults_with_guids", + base64Input: "", + useDefault: true, + includeGUIDs: true, + expectedLogCfg: expectedLogSources(originalDefaults, LogSourcesInfo{}, true, true, false), + }, + { + name: "user_input_no_defaults_no_guids", + base64Input: mustEncodeLogSources(t, userConfig), + useDefault: false, + includeGUIDs: false, + expectedLogCfg: expectedLogSources(originalDefaults, userConfig, false, false, true), + }, + { + name: "user_input_no_defaults_with_guids", + base64Input: mustEncodeLogSources(t, userConfig), + useDefault: false, + includeGUIDs: true, + expectedLogCfg: expectedLogSources(originalDefaults, userConfig, false, true, true), + }, + { + name: "user_input_with_defaults_no_guids", + base64Input: mustEncodeLogSources(t, userConfig), + useDefault: true, + includeGUIDs: false, + expectedLogCfg: expectedLogSources(originalDefaults, userConfig, true, false, true), + }, + { + name: "user_input_with_defaults_with_guids", + base64Input: mustEncodeLogSources(t, userConfig), + useDefault: true, + includeGUIDs: true, + expectedLogCfg: expectedLogSources(originalDefaults, userConfig, true, true, true), + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + defaultLogSourcesInfo = cloneLogSourcesInfo(originalDefaults) + + gotEncoded := UpdateLogSources(context.Background(), tt.base64Input, tt.useDefault, tt.includeGUIDs) + got := mustDecodeLogSources(t, gotEncoded) + + if !reflect.DeepEqual(got, tt.expectedLogCfg) { + t.Fatalf("unexpected log config.\n got: %#v\nwant: %#v", got, tt.expectedLogCfg) + } + }) + } +} + +func buildTestUserLogSources(t *testing.T) LogSourcesInfo { + t.Helper() + + nameOnlyProvider := "Microsoft.Windows.HyperV.Compute" + nameAndGUIDProvider := "Microsoft.Windows.Containers.Setup" + + guid := getProviderGUIDFromName(nameAndGUIDProvider) + if guid == "" { + t.Fatalf("missing GUID mapping for provider %q", nameAndGUIDProvider) + } + if getProviderGUIDFromName(nameOnlyProvider) == "" { + t.Fatalf("missing GUID mapping for provider %q", nameOnlyProvider) + } + + return LogSourcesInfo{ + LogConfig: LogConfig{ + Sources: []Source{ + { + Type: "UserETW", + Providers: []EtwProvider{ + { + ProviderName: nameOnlyProvider, + Level: "Verbose", + }, + { + ProviderName: nameAndGUIDProvider, + ProviderGUID: "{" + strings.ToUpper(guid) + "}", + Level: "Warning", + }, + }, + }, + }, + }, + } +} + +func expectedLogSources(defaults LogSourcesInfo, user LogSourcesInfo, useDefault bool, includeGUIDs bool, includeUser bool) LogSourcesInfo { + var result LogSourcesInfo + + if useDefault { + result = cloneLogSourcesInfo(defaults) + } + + if includeUser { + userCopy := cloneLogSourcesInfo(user) + result.LogConfig.Sources = append(result.LogConfig.Sources, userCopy.LogConfig.Sources...) + } + + applyExpectedGUIDBehavior(&result, includeGUIDs) + return result +} + +func applyExpectedGUIDBehavior(cfg *LogSourcesInfo, includeGUIDs bool) { + for i, src := range cfg.LogConfig.Sources { + for j, provider := range src.Providers { + if includeGUIDs { + if provider.ProviderGUID != "" { + guid, err := normalizeGUID(provider.ProviderGUID) + if err != nil { + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" + } else { + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + } + } + if provider.ProviderName != "" && provider.ProviderGUID == "" { + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = getProviderGUIDFromName(provider.ProviderName) + } + continue + } + + if provider.ProviderName != "" && provider.ProviderGUID != "" { + guid, err := normalizeGUID(provider.ProviderGUID) + if err != nil { + continue + } + if strings.EqualFold(guid, getProviderGUIDFromName(provider.ProviderName)) { + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" + } else { + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + } + } + } + } +} + +func cloneLogSourcesInfo(in LogSourcesInfo) LogSourcesInfo { + out := LogSourcesInfo{} + if in.LogConfig.Sources == nil { + return out + } + + out.LogConfig.Sources = make([]Source, len(in.LogConfig.Sources)) + for i, src := range in.LogConfig.Sources { + out.LogConfig.Sources[i].Type = src.Type + if src.Providers != nil { + out.LogConfig.Sources[i].Providers = append([]EtwProvider(nil), src.Providers...) + } + } + return out +} + +func mustEncodeLogSources(t *testing.T, cfg LogSourcesInfo) string { + t.Helper() + + b, err := json.Marshal(cfg) + if err != nil { + t.Fatalf("failed to marshal log sources: %v", err) + } + return base64.StdEncoding.EncodeToString(b) +} + +func mustDecodeLogSources(t *testing.T, encoded string) LogSourcesInfo { + t.Helper() + + b, err := base64.StdEncoding.DecodeString(encoded) + if err != nil { + t.Fatalf("failed to decode base64 log sources: %v", err) + } + + var cfg LogSourcesInfo + if err := json.Unmarshal(b, &cfg); err != nil { + t.Fatalf("failed to unmarshal log sources: %v", err) + } + return cfg +} From e3349bbed56298b83e99acb1cb503d98f3c09b00 Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Tue, 17 Mar 2026 21:27:12 +0530 Subject: [PATCH 5/7] Addressing review comments Signed-off-by: Manish Ranjan Mahanta --- internal/gcs-sidecar/handlers.go | 2 +- internal/oci/uvm.go | 8 +- internal/uvm/create_wcow.go | 16 +- internal/uvm/log_wcow.go | 2 +- internal/uvm/start.go | 2 +- internal/uvm/types.go | 4 +- internal/vm/vmutils/etw/default-sources.go | 2 +- .../vm/vmutils/etw/default-sources_test.go | 10 +- internal/vm/vmutils/etw/etw_map.go | 2 +- internal/vm/vmutils/etw/etw_map_test.go | 28 +- internal/vm/vmutils/etw/provider_map.go | 276 ++++++++++-------- internal/vm/vmutils/etw/provider_map_test.go | 57 +--- pkg/annotations/annotations.go | 8 +- 13 files changed, 199 insertions(+), 218 deletions(-) diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go index 9b35cd1a2b..03487372a6 100644 --- a/internal/gcs-sidecar/handlers.go +++ b/internal/gcs-sidecar/handlers.go @@ -500,7 +500,7 @@ func (b *Bridge) modifyServiceSettings(req *request) (err error) { // Todo: Add policy enforcement for modifying service settings modifyRequest, err := unmarshalModifyServiceSettings(req) if err != nil { - return err + return fmt.Errorf("failed to unmarshal modifyServiceSettings request: %w", err) } switch modifyRequest.PropertyType { diff --git a/internal/oci/uvm.go b/internal/oci/uvm.go index c579e477bd..5bfa68f7f0 100644 --- a/internal/oci/uvm.go +++ b/internal/oci/uvm.go @@ -419,13 +419,13 @@ func SpecToUVMCreateOpts(ctx context.Context, s *specs.Spec, id, owner string) ( if err := handleWCOWSecurityPolicy(ctx, s.Annotations, wopts); err != nil { return nil, err } - // If security policy is enable, wopts.DisableLogForwarding default value should be true (CWCOW should not allow log forwarding by default) + // If security policy is enable, wopts.LogForwardingEnabled default value should be false (CWCOW should not allow log forwarding by default) if wopts.SecurityPolicyEnabled { - wopts.DisableLogForwarding = true + wopts.LogForwardingEnabled = false } wopts.LogSources = ParseAnnotationsString(s.Annotations, annotations.LogSources, wopts.LogSources) - wopts.DisableLogForwarding = ParseAnnotationsBool(ctx, s.Annotations, annotations.DisableForwardLogs, wopts.DisableLogForwarding) - wopts.DisableDefaultLogSources = ParseAnnotationsBool(ctx, s.Annotations, annotations.DisableDefaultLogSources, wopts.DisableDefaultLogSources) + wopts.LogForwardingEnabled = ParseAnnotationsBool(ctx, s.Annotations, annotations.LogForwardingEnabled, wopts.LogForwardingEnabled) + wopts.DefaultLogSourcesEnabled = ParseAnnotationsBool(ctx, s.Annotations, annotations.DefaultLogSourcesEnabled, wopts.DefaultLogSourcesEnabled) return wopts, nil } diff --git a/internal/uvm/create_wcow.go b/internal/uvm/create_wcow.go index 41de890009..452d2686c1 100644 --- a/internal/uvm/create_wcow.go +++ b/internal/uvm/create_wcow.go @@ -72,8 +72,8 @@ type OptionsWCOW struct { OutputHandlerCreator vmutils.OutputHandlerCreator // Creates an [OutputHandler] that controls how output received over HVSocket from the UVM is handled. Defaults to parsing output as ETW Log events LogSources string // ETW providers to be set for the logging service - DisableLogForwarding bool // Whether to disable forwarding of logs to the host or not - DisableDefaultLogSources bool // Whether to disable using default log sources + LogForwardingEnabled bool // Whether to enable forwarding of logs to the host or not + DefaultLogSourcesEnabled bool // Whether to enable using default log sources } func defaultConfidentialWCOWOSBootFilesPath() string { @@ -113,8 +113,8 @@ func NewDefaultOptionsWCOW(id, owner string) *OptionsWCOW { }, }, OutputHandlerCreator: vmutils.ParseGCSLogrus, - DisableLogForwarding: false, // Default to true for WCOW, and set to false for CWCOW in internal/oci/uvm.go SpecToUVMCreateOpts - DisableDefaultLogSources: false, + LogForwardingEnabled: true, // Default to true for WCOW, and set to false for CWCOW in internal/oci/uvm.go SpecToUVMCreateOpts + DefaultLogSourcesEnabled: true, LogSources: "", } } @@ -293,7 +293,7 @@ func prepareCommonConfigDoc(ctx context.Context, uvm *UtilityVM, opts *OptionsWC } maps.Copy(doc.VirtualMachine.Devices.HvSocket.HvSocketConfig.ServiceTable, opts.AdditionalHyperVConfig) - if !opts.DisableLogForwarding { + if opts.LogForwardingEnabled { key := prot.WindowsLoggingHvsockServiceID.String() doc.VirtualMachine.Devices.HvSocket.HvSocketConfig.ServiceTable[key] = hcsschema.HvSocketServiceConfig{ AllowWildcardBinds: true, @@ -579,8 +579,8 @@ func CreateWCOW(ctx context.Context, opts *OptionsWCOW) (_ *UtilityVM, err error createOpts: opts, blockCIMMounts: make(map[string]*UVMMountedBlockCIMs), logSources: opts.LogSources, - forwardLogs: !opts.DisableLogForwarding, - disableDefaultLogSources: opts.DisableDefaultLogSources, + logForwardingEnabled: opts.LogForwardingEnabled, + defaultLogSourcesEnabled: opts.DefaultLogSourcesEnabled, } defer func() { @@ -620,7 +620,7 @@ func CreateWCOW(ctx context.Context, opts *OptionsWCOW) (_ *UtilityVM, err error return nil, fmt.Errorf("error while creating the compute system: %w", err) } - if !opts.DisableLogForwarding { + if opts.LogForwardingEnabled { // Create a socket that the executed program can send to. This is usually // used by Log Forward Service to send log data. uvm.outputHandler = opts.OutputHandlerCreator(opts.ID) diff --git a/internal/uvm/log_wcow.go b/internal/uvm/log_wcow.go index 55ffb7cdd3..1550afd10e 100644 --- a/internal/uvm/log_wcow.go +++ b/internal/uvm/log_wcow.go @@ -69,7 +69,7 @@ func (uvm *UtilityVM) SetLogSources(ctx context.Context) error { // For confidential WCOw, we skip the adding guids to the log sources as the sidecar-GCS will verify the // allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped. // For non-confidential WCOW, we include the GUIDs in the log sources as the hcsshim communicates directly with the inboxGCS. - settings := etw.UpdateLogSources(ctx, uvm.logSources, !uvm.disableDefaultLogSources, !uvm.HasConfidentialPolicy()) + settings := etw.UpdateLogSources(ctx, uvm.logSources, uvm.defaultLogSourcesEnabled, !uvm.HasConfidentialPolicy()) req := guestrequest.LogForwardServiceRPCRequest{ RPCType: guestrequest.RPCModifyServiceSettings, diff --git a/internal/uvm/start.go b/internal/uvm/start.go index c6ba805304..5534962a39 100644 --- a/internal/uvm/start.go +++ b/internal/uvm/start.go @@ -285,7 +285,7 @@ func (uvm *UtilityVM) Start(ctx context.Context) (err error) { } } - if uvm.OS() == "windows" && uvm.forwardLogs { + if uvm.OS() == "windows" && uvm.logForwardingEnabled { // If the UVM is Windows and log forwarding is enabled, set the log sources // and start the log forwarding service. if err := uvm.SetLogSources(ctx); err != nil { diff --git a/internal/uvm/types.go b/internal/uvm/types.go index 5857dbcfc0..0fad6f2f5a 100644 --- a/internal/uvm/types.go +++ b/internal/uvm/types.go @@ -144,8 +144,8 @@ type UtilityVM struct { blockCIMMounts map[string]*UVMMountedBlockCIMs blockCIMMountLock sync.Mutex - forwardLogs bool // Indicates whether to forward logs from the UVM to the host - disableDefaultLogSources bool // Specifies whether addition of default list of ETW providers should be disabled + logForwardingEnabled bool // Indicates whether to forward logs from the UVM to the host + defaultLogSourcesEnabled bool // Specifies whether addition of default list of ETW providers should be disabled logSources string // ETW providers to enable for log forwarding } diff --git a/internal/vm/vmutils/etw/default-sources.go b/internal/vm/vmutils/etw/default-sources.go index 1ee51b301a..ee8f79466f 100644 --- a/internal/vm/vmutils/etw/default-sources.go +++ b/internal/vm/vmutils/etw/default-sources.go @@ -1,6 +1,6 @@ package etw -// defaultLogSourcesInfo is the native Go representation of the default-logsources.json file. +// defaultLogSourcesInfo defines the list of trusted ETW providers var defaultLogSourcesInfo = LogSourcesInfo{ LogConfig: LogConfig{ Sources: []Source{ diff --git a/internal/vm/vmutils/etw/default-sources_test.go b/internal/vm/vmutils/etw/default-sources_test.go index a273f1de39..86d8108a19 100644 --- a/internal/vm/vmutils/etw/default-sources_test.go +++ b/internal/vm/vmutils/etw/default-sources_test.go @@ -6,12 +6,12 @@ import ( ) func TestDefaultSources_ETWProvidersExistInETWMap(t *testing.T) { - if len(etwNameToGuidMap) == 0 { - t.Fatal("etwNameToGuidMap is empty") + if len(etwNameToGUIDMap) == 0 { + t.Fatal("etwNameToGUIDMap is empty") } for si, src := range defaultLogSourcesInfo.LogConfig.Sources { - // Only ETW sources should be validated against etwNameToGuidMap. + // Only ETW sources should be validated against etwNameToGUIDMap. if !strings.EqualFold(src.Type, "ETW") { continue } @@ -22,9 +22,9 @@ func TestDefaultSources_ETWProvidersExistInETWMap(t *testing.T) { } key := strings.ToLower(p.ProviderName) - if _, ok := etwNameToGuidMap[key]; !ok { + if _, ok := etwNameToGUIDMap[key]; !ok { t.Fatalf( - "provider not found in etwNameToGuidMap: source index=%d provider index=%d provider=%q lookup key=%q", + "provider not found in etwNameToGUIDMap: source index=%d provider index=%d provider=%q lookup key=%q", si, pi, p.ProviderName, key, ) } diff --git a/internal/vm/vmutils/etw/etw_map.go b/internal/vm/vmutils/etw/etw_map.go index 6bd7f72764..13513e81d6 100644 --- a/internal/vm/vmutils/etw/etw_map.go +++ b/internal/vm/vmutils/etw/etw_map.go @@ -1,7 +1,7 @@ package etw // LOWERCASE ONLY keys for easier lookups and case-insensitive matching. -var etwNameToGuidMap = map[string]string{ +var etwNameToGUIDMap = map[string]string{ "microsoft.windows.containers.setup": "22267b1c-b979-5c81-9e24-0db386a62dd1", "microsoft.windows.containers.storage": "2551390d-5927-5c84-6f0a-027a7e78d38d", "microsoft.windows.containers.library": "67eb0417-9297-42ae-a1d9-98bfeb359059", diff --git a/internal/vm/vmutils/etw/etw_map_test.go b/internal/vm/vmutils/etw/etw_map_test.go index 2c78659242..eb1d3e23d8 100644 --- a/internal/vm/vmutils/etw/etw_map_test.go +++ b/internal/vm/vmutils/etw/etw_map_test.go @@ -5,12 +5,12 @@ import ( "testing" ) -func TestETWNameToGuidMap_AllKeysAndValuesAreLowercase(t *testing.T) { - if len(etwNameToGuidMap) == 0 { - t.Fatal("etwNameToGuidMap is empty") +func TestETWNameToGUIDMap_AllKeysAndValuesAreLowercase(t *testing.T) { + if len(etwNameToGUIDMap) == 0 { + t.Fatal("etwNameToGUIDMap is empty") } - for key, value := range etwNameToGuidMap { + for key, value := range etwNameToGUIDMap { if key != strings.ToLower(key) { t.Fatalf("map key is not lowercase: key=%q value=%q", key, value) } @@ -20,7 +20,7 @@ func TestETWNameToGuidMap_AllKeysAndValuesAreLowercase(t *testing.T) { } } -func isValidGuid(guid string) bool { +func isValidGUID(guid string) bool { // GUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (8-4-4-4-12 hex digits) if len(guid) != 36 { return false @@ -32,7 +32,7 @@ func isValidGuid(guid string) bool { return false } default: - if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f')) { + if (c < '0' || c > '9') && (c < 'a' || c > 'f') { return false } } @@ -40,24 +40,24 @@ func isValidGuid(guid string) bool { return true } -func TestETWNameToGuidMap_AllGuidsAreValid(t *testing.T) { - for key, guid := range etwNameToGuidMap { - if !isValidGuid(guid) { +func TestETWNameToGUIDMap_AllGUIDsAreValid(t *testing.T) { + for key, guid := range etwNameToGUIDMap { + if !isValidGUID(guid) { t.Fatalf("invalid GUID format: key=%q guid=%q", key, guid) } } } -func TestETWNameToGuidMap_KeysAreNonEmpty(t *testing.T) { - for key := range etwNameToGuidMap { +func TestETWNameToGUIDMap_KeysAreNonEmpty(t *testing.T) { + for key := range etwNameToGUIDMap { if strings.TrimSpace(key) == "" { - t.Fatal("found empty key in etwNameToGuidMap") + t.Fatal("found empty key in etwNameToGUIDMap") } } } -func TestETWNameToGuidMap_ValuesAreNonEmpty(t *testing.T) { - for key, value := range etwNameToGuidMap { +func TestETWNameToGUIDMap_ValuesAreNonEmpty(t *testing.T) { + for key, value := range etwNameToGUIDMap { if strings.TrimSpace(value) == "" { t.Fatalf("found empty value for key=%q", key) } diff --git a/internal/vm/vmutils/etw/provider_map.go b/internal/vm/vmutils/etw/provider_map.go index 2c03ce5f5e..924da34e30 100644 --- a/internal/vm/vmutils/etw/provider_map.go +++ b/internal/vm/vmutils/etw/provider_map.go @@ -4,9 +4,9 @@ import ( "context" "encoding/base64" "encoding/json" - "fmt" "strings" + "github.com/Microsoft/go-winio/pkg/guid" "github.com/Microsoft/hcsshim/internal/log" ) @@ -31,50 +31,162 @@ type EtwProvider struct { Keywords string `json:"keywords,omitempty"` } -// NormalizeGUID takes a GUID string in various formats and normalizes it to the standard 8-4-4-4-12 format with uppercase letters. It returns an error if the input string is not a valid GUID. -func normalizeGUID(in string) (string, error) { +// GetDefaultLogSources returns the default log sources configuration. +func GetDefaultLogSources() LogSourcesInfo { + return defaultLogSourcesInfo +} + +// GetProviderGUIDFromName returns the provider GUID for a given provider name. If the provider name is not found in the map, it returns an empty string. +func getProviderGUIDFromName(providerName string) string { + if guid, ok := etwNameToGUIDMap[strings.ToLower(providerName)]; ok { + return guid + } + return "" +} + +// providerKey returns a unique key for an EtwProvider, used for deduplication during merge. +// If both Name and GUID are present, key is "Name|GUID". If only GUID, key is GUID. Otherwise, key is Name. +func providerKey(provider EtwProvider) string { + if provider.ProviderGUID != "" { + if provider.ProviderName != "" { + return provider.ProviderName + "|" + provider.ProviderGUID + } + return provider.ProviderGUID + } + return provider.ProviderName +} + +// mergeProviders merges two slices of EtwProvider, with userProviders taking precedence over defaultProviders +// on key conflicts (same name, same GUID, or same name|GUID combination). +func mergeProviders(defaultProviders, userProviders []EtwProvider) []EtwProvider { + providerMap := make(map[string]EtwProvider) + for _, provider := range defaultProviders { + providerMap[providerKey(provider)] = provider + } + for _, provider := range userProviders { + providerMap[providerKey(provider)] = provider + } + + merged := make([]EtwProvider, 0, len(providerMap)) + for _, provider := range providerMap { + merged = append(merged, provider) + } + return merged +} + +// mergeLogSources merges userSources into resultSources. Sources with matching types have their +// providers merged; unmatched user sources are appended as new entries. +func mergeLogSources(resultSources []Source, userSources []Source) []Source { + for _, userSrc := range userSources { + merged := false + for i, resSrc := range resultSources { + if userSrc.Type == resSrc.Type { + resultSources[i].Providers = mergeProviders(resSrc.Providers, userSrc.Providers) + merged = true + break + } + } + if !merged { + resultSources = append(resultSources, userSrc) + } + } + return resultSources +} + +// decodeAndUnmarshalLogSources decodes a base64-encoded JSON string and unmarshals it into a LogSourcesInfo. +func decodeAndUnmarshalLogSources(ctx context.Context, base64EncodedJSONLogConfig string) (LogSourcesInfo, error) { + jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJSONLogConfig) + if err != nil { + log.G(ctx).Errorf("Error decoding base64 log config: %v", err) + return LogSourcesInfo{}, err + } + + var userLogSources LogSourcesInfo + if err := json.Unmarshal(jsonBytes, &userLogSources); err != nil { + log.G(ctx).Errorf("Error unmarshalling user log config: %v", err) + return LogSourcesInfo{}, err + } + return userLogSources, nil +} + +func trimGUID(in string) string { s := strings.TrimSpace(in) s = strings.TrimPrefix(s, "{") s = strings.TrimSuffix(s, "}") s = strings.TrimSpace(s) + return s +} - compact := strings.ReplaceAll(s, "-", "") - if len(compact) != 32 { - return "", fmt.Errorf("GUID %q has invalid length after normalization (%d, want 32 hex chars)", in, len(compact)) +// resolveGUIDsWithLookup normalizes and fills in provider GUIDs from the well-known ETW map +// for all providers across all sources. Providers with an invalid GUID are warned and skipped. +func resolveGUIDsWithLookup(ctx context.Context, sources []Source) []Source { + for i, src := range sources { + for j, provider := range src.Providers { + if provider.ProviderGUID != "" { + guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) + if err != nil { + log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) + continue + } + sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) + } + if provider.ProviderName != "" && provider.ProviderGUID == "" { + sources[i].Providers[j].ProviderGUID = getProviderGUIDFromName(provider.ProviderName) + } + } } + return sources +} - for i := 0; i < len(compact); i++ { - c := compact[i] - isHex := (c >= '0' && c <= '9') || - (c >= 'a' && c <= 'f') || - (c >= 'A' && c <= 'F') - if !isHex { - return "", fmt.Errorf("GUID %q contains non-hex character %q", in, c) +// stripRedundantGUIDs removes the GUID from providers where both Name and GUID are present and +// the GUID matches the well-known lookup by name. This ensures sidecar-GCS prefers name-based +// policy verification. Invalid GUIDs are warned and left as-is after normalization. +func stripRedundantGUIDs(ctx context.Context, sources []Source) []Source { + for i, src := range sources { + for j, provider := range src.Providers { + if provider.ProviderName == "" || provider.ProviderGUID == "" { + continue + } + guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) + if err != nil { + log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) + continue + } + if strings.EqualFold(guid.String(), getProviderGUIDFromName(provider.ProviderName)) { + sources[i].Providers[j].ProviderGUID = "" + } else { + sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) + } } } - - compact = strings.ToLower(compact) - return compact[0:8] + "-" + - compact[8:12] + "-" + - compact[12:16] + "-" + - compact[16:20] + "-" + - compact[20:32], nil + return sources } -// GetDefaultLogSources returns the default log sources configuration. -func GetDefaultLogSources() LogSourcesInfo { - return defaultLogSourcesInfo +// applyGUIDPolicy applies GUID resolution or stripping to all sources depending on the includeGUIDs flag. +// See resolveGUIDsWithLookup and stripRedundantGUIDs for the respective behaviors. +func applyGUIDPolicy(ctx context.Context, sources []Source, includeGUIDs bool) []Source { + if len(sources) == 0 { + return sources + } + if includeGUIDs { + return resolveGUIDsWithLookup(ctx, sources) + } + return stripRedundantGUIDs(ctx, sources) } -// GetProviderGUIDFromName returns the provider GUID for a given provider name. If the provider name is not found in the map, it returns an empty string. -func getProviderGUIDFromName(providerName string) string { - if guid, ok := etwNameToGuidMap[strings.ToLower(providerName)]; ok { - return guid +// marshalAndEncodeLogSources marshals the given LogSourcesInfo to JSON and encodes it as a base64 string. +// On error, it logs and returns the original fallback string. +func marshalAndEncodeLogSources(ctx context.Context, logCfg LogSourcesInfo, fallback string) (string, error) { + jsonBytes, err := json.Marshal(logCfg) + if err != nil { + log.G(ctx).Errorf("Error marshalling log config: %v", err) + return fallback, err } - return "" + return base64.StdEncoding.EncodeToString(jsonBytes), nil } -// UpdateLogSources updates the user provided log sources with the default log sources based on the configuration and returns the updated log sources as a base64 encoded JSON string. +// UpdateLogSources updates the user provided log sources with the default log sources based on the +// configuration and returns the updated log sources as a base64 encoded JSON string. // If there is an error in the process, it returns the original user provided log sources string. func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) string { var resultLogCfg LogSourcesInfo @@ -83,111 +195,17 @@ func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, us } if base64EncodedJSONLogConfig != "" { - jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJSONLogConfig) - if err != nil { - log.G(ctx).Errorf("Error decoding base64 log config: %v", err) - } else { - var userLogSources LogSourcesInfo - if err := json.Unmarshal(jsonBytes, &userLogSources); err != nil { - log.G(ctx).Errorf("Error unmarshalling user log config: %v", err) - } else { - // Merge user log sources with default log sources based on the type. If the type matches, - // we merge the providers. If there is a conflict in providers, we append them. - // If the type does not match, we add the user log source as a new source. - for _, userSrc := range userLogSources.LogConfig.Sources { - found := false - for i, defSrc := range resultLogCfg.LogConfig.Sources { - if userSrc.Type == defSrc.Type { - found = true - // Merge providers - providerMap := make(map[string]EtwProvider) - for _, provider := range defSrc.Providers { - key := provider.ProviderName - if provider.ProviderGUID != "" { - if key != "" { - key = provider.ProviderName + "|" + provider.ProviderGUID - } else { - key = provider.ProviderGUID - } - } - providerMap[key] = provider - } - for _, provider := range userSrc.Providers { - key := provider.ProviderName - if provider.ProviderGUID != "" { - if key != "" { - key = provider.ProviderName + "|" + provider.ProviderGUID - } else { - key = provider.ProviderGUID - } - } - providerMap[key] = provider - } - etwProviders := make([]EtwProvider, 0, len(providerMap)) - for _, provider := range providerMap { - etwProviders = append(etwProviders, provider) - } - resultLogCfg.LogConfig.Sources[i].Providers = etwProviders - break - } - } - if !found { - resultLogCfg.LogConfig.Sources = append(resultLogCfg.LogConfig.Sources, userSrc) - } - } - } + userLogSources, err := decodeAndUnmarshalLogSources(ctx, base64EncodedJSONLogConfig) + if err == nil { + resultLogCfg.LogConfig.Sources = mergeLogSources(resultLogCfg.LogConfig.Sources, userLogSources.LogConfig.Sources) } } - // Append GUIDs to the providers if includeGUIDs is true. We get the GUIDs from the ETW map based on the provider names. - // If a provider does not have a name and only has a GUID, we keep it as is. - if len(resultLogCfg.LogConfig.Sources) > 0 { - if includeGUIDs { - for i, src := range resultLogCfg.LogConfig.Sources { - for j, provider := range src.Providers { - if provider.ProviderGUID != "" { - guid, err := normalizeGUID(provider.ProviderGUID) - if err != nil { - log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) - } - resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid - } - if provider.ProviderName != "" && provider.ProviderGUID == "" { - resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = getProviderGUIDFromName(provider.ProviderName) - } - } - } - } else { - // If includeGUIDs is false, we still want to include GUIDs if that is the only identity present for a provider. - // Only when both Name and GUID is provided for a ETW provider, we check if the provided GUID is valid and remove - // it if we can fetch the same from our well known list of guids by using the name. This is because the sidecar-GCS - // prefers verification of log providers by name against the policy. - for i, src := range resultLogCfg.LogConfig.Sources { - for j, provider := range src.Providers { - if provider.ProviderName != "" && provider.ProviderGUID != "" { - guid, err := normalizeGUID(provider.ProviderGUID) - if err != nil { - log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) - continue - } - if strings.EqualFold(guid, getProviderGUIDFromName(provider.ProviderName)) { - resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" - } else { - resultLogCfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid - } - } - } - } - } + resultLogCfg.LogConfig.Sources = applyGUIDPolicy(ctx, resultLogCfg.LogConfig.Sources, includeGUIDs) - } - - jsonBytes, err := json.Marshal(resultLogCfg) + result, err := marshalAndEncodeLogSources(ctx, resultLogCfg, base64EncodedJSONLogConfig) if err != nil { - log.G(ctx).Errorf("Error marshalling log config: %v", err) return base64EncodedJSONLogConfig } - - encodedCfg := base64.StdEncoding.EncodeToString(jsonBytes) - return encodedCfg + return result } diff --git a/internal/vm/vmutils/etw/provider_map_test.go b/internal/vm/vmutils/etw/provider_map_test.go index 8e8230c4c4..410224ede4 100644 --- a/internal/vm/vmutils/etw/provider_map_test.go +++ b/internal/vm/vmutils/etw/provider_map_test.go @@ -7,55 +7,18 @@ import ( "reflect" "strings" "testing" -) -func TestNormalizeGUID(t *testing.T) { - tests := []struct { - input string - expected string - wantErr bool - }{ - // Valid GUIDs in various formats - {"01234567-89ab-cdef-0123-456789abcdef", "01234567-89ab-cdef-0123-456789abcdef", false}, - {"0123456789abcdef0123456789abcdef", "01234567-89ab-cdef-0123-456789abcdef", false}, - {"{01234567-89ab-cdef-0123-456789abcdef}", "01234567-89ab-cdef-0123-456789abcdef", false}, - {"{0123456789abcdef0123456789abcdef}", "01234567-89ab-cdef-0123-456789abcdef", false}, - {"01234567-89AB-CDEF-0123-456789ABCDEF", "01234567-89ab-cdef-0123-456789abcdef", false}, - {"{01234567-89AB-CDEF-0123-456789ABCDEF}", "01234567-89ab-cdef-0123-456789abcdef", false}, - // Invalid GUIDs - {"", "", true}, - {"01234567-89ab-cdef-0123-456789abcde", "", true}, // too short - {"01234567-89ab-cdef-0123-456789abcdef0", "", true}, // too long - {"01234567-89ab-cdef-0123-456789abcdeg", "", true}, // non-hex char - {"{01234567-89ab-cdef-0123-456789abcdeg}", "", true}, // non-hex char with braces - {"01234567-89ab-cdef-0123-456789abcde-", "", true}, // trailing dash - } - - for _, tt := range tests { - got, err := normalizeGUID(tt.input) - if tt.wantErr { - if err == nil { - t.Errorf("normalizeGUID(%q) expected error, got none", tt.input) - } - } else { - if err != nil { - t.Errorf("normalizeGUID(%q) unexpected error: %v", tt.input, err) - } - if got != tt.expected { - t.Errorf("normalizeGUID(%q) = %q, want %q", tt.input, got, tt.expected) - } - } - } -} + "github.com/Microsoft/go-winio/pkg/guid" +) func TestGetProviderGUIDFromName(t *testing.T) { - // These names should be present in the etwNameToGuidMap for the tests to pass. + // These names should be present in the etwNameToGUIDMap for the tests to pass. tests := []struct { name string expected string }{ - {"Microsoft.Windows.HyperV.Compute", etwNameToGuidMap["microsoft.windows.hyperv.compute"]}, - {"Microsoft.Windows.Containers.Setup", etwNameToGuidMap["microsoft.windows.containers.setup"]}, + {"Microsoft.Windows.HyperV.Compute", etwNameToGUIDMap["microsoft.windows.hyperv.compute"]}, + {"Microsoft.Windows.Containers.Setup", etwNameToGUIDMap["microsoft.windows.containers.setup"]}, {"nonexistent.provider", ""}, {"", ""}, } @@ -212,11 +175,11 @@ func applyExpectedGUIDBehavior(cfg *LogSourcesInfo, includeGUIDs bool) { for j, provider := range src.Providers { if includeGUIDs { if provider.ProviderGUID != "" { - guid, err := normalizeGUID(provider.ProviderGUID) + guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) if err != nil { cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" } else { - cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) } } if provider.ProviderName != "" && provider.ProviderGUID == "" { @@ -226,14 +189,14 @@ func applyExpectedGUIDBehavior(cfg *LogSourcesInfo, includeGUIDs bool) { } if provider.ProviderName != "" && provider.ProviderGUID != "" { - guid, err := normalizeGUID(provider.ProviderGUID) + guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) if err != nil { continue } - if strings.EqualFold(guid, getProviderGUIDFromName(provider.ProviderName)) { + if strings.EqualFold(guid.String(), getProviderGUIDFromName(provider.ProviderName)) { cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = "" } else { - cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = guid + cfg.LogConfig.Sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) } } } diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index 29be5f58c1..6cd6cfe9aa 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -470,11 +470,11 @@ const ( // "eyJsb2dDb25maWciOnsic291cmNlcyI6W3sidHlwZSI6IkVUVyIsInByb3ZpZGVycyI6W3sicHJvdmlkZXJHdWlkIjoiODBDRTUwREUtRDI2NC00NTgxLTk1MEQtQUJBREVFRTBEMzQwIiwicHJvdmlkZXJOYW1lIjoiTWljcm9zb2Z0LldpbmRvd3MuSHlwZXJWLkNvbXB1dGUiLCJsZXZlbCI6IkluZm9ybWF0aW9uIn1dfV19fQ==" LogSources = "io.microsoft.virtualmachine.forwardlogs.sources" - // Specifies whether to disable forwarding logs to the host or not. Defaults to false for (non-confidential) WCOW, meaning logs will be forwarded to the host if LogSources is set. And true for confidential containers, meaning logs will not be forwarded to the host by default. - DisableForwardLogs = "io.microsoft.virtualmachine.forwardlogs.disable" + // Specifies whether to enable forwarding logs to the host or not. Defaults to false for (non-confidential) WCOW, meaning logs will be forwarded to the host if LogSources is set. And true for confidential containers, meaning logs will not be forwarded to the host by default. + LogForwardingEnabled = "io.microsoft.virtualmachine.forwardlogs.enable" - // Specifies whether to disable default providers or not. Defaults to true. - DisableDefaultLogSources = "io.microsoft.virtualmachine.forwardlogs.defaultsources.disable" + // Specifies whether to enable default providers or not. Defaults to true. + DefaultLogSourcesEnabled = "io.microsoft.virtualmachine.forwardlogs.defaultsources.enable" ) // LCOW uVM annotations. From 1a25c18080cf7457c8e7d1b09249fcc7c2aeefe1 Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Wed, 18 Mar 2026 12:23:02 +0530 Subject: [PATCH 6/7] Erroring out instead of silent override, and bubbling up the error to the caller Signed-off-by: Manish Ranjan Mahanta --- internal/gcs-sidecar/handlers.go | 5 +- internal/uvm/log_wcow.go | 11 +- internal/vm/vmutils/etw/provider_map.go | 67 ++++--- internal/vm/vmutils/etw/provider_map_test.go | 188 ++++++++++++++++++- 4 files changed, 233 insertions(+), 38 deletions(-) diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go index 03487372a6..1b1e30d542 100644 --- a/internal/gcs-sidecar/handlers.go +++ b/internal/gcs-sidecar/handlers.go @@ -526,7 +526,10 @@ func (b *Bridge) modifyServiceSettings(req *request) (err error) { log.G(req.ctx).Tracef("Allowed log sources after policy enforcement: %v", allowedLogSources) // Update the allowed log sources in the settings. This will be forwarded to inbox GCS which expects the log sources in a JSON string format with GUIDs for providers included. - allowedLogSources = etw.UpdateLogSources(req.ctx, allowedLogSources, false, true) + allowedLogSources, err := etw.UpdateLogSources(allowedLogSources, false, true) + if err != nil { + return fmt.Errorf("failed to update log sources: %w", err) + } settings.Settings = allowedLogSources } default: diff --git a/internal/uvm/log_wcow.go b/internal/uvm/log_wcow.go index 1550afd10e..e5b588eb6f 100644 --- a/internal/uvm/log_wcow.go +++ b/internal/uvm/log_wcow.go @@ -4,6 +4,7 @@ package uvm import ( "context" + "fmt" "github.com/Microsoft/hcsshim/internal/gcs" "github.com/Microsoft/hcsshim/internal/gcs/prot" @@ -69,15 +70,17 @@ func (uvm *UtilityVM) SetLogSources(ctx context.Context) error { // For confidential WCOw, we skip the adding guids to the log sources as the sidecar-GCS will verify the // allowed log sources against policy and append the necessary GUIDs to the ones allowed. Rest are dropped. // For non-confidential WCOW, we include the GUIDs in the log sources as the hcsshim communicates directly with the inboxGCS. - settings := etw.UpdateLogSources(ctx, uvm.logSources, uvm.defaultLogSourcesEnabled, !uvm.HasConfidentialPolicy()) - + settings, err := etw.UpdateLogSources(uvm.logSources, uvm.defaultLogSourcesEnabled, !uvm.HasConfidentialPolicy()) + if err != nil { + return fmt.Errorf("failed to parse log sources: %w", err) + } req := guestrequest.LogForwardServiceRPCRequest{ RPCType: guestrequest.RPCModifyServiceSettings, Settings: settings, } - err := uvm.gc.ModifyServiceSettings(ctx, prot.LogForwardService, req) + err = uvm.gc.ModifyServiceSettings(ctx, prot.LogForwardService, req) if err != nil { - return err + return fmt.Errorf("failed to modify service settings: %w", err) } } return nil diff --git a/internal/vm/vmutils/etw/provider_map.go b/internal/vm/vmutils/etw/provider_map.go index 924da34e30..5b35206602 100644 --- a/internal/vm/vmutils/etw/provider_map.go +++ b/internal/vm/vmutils/etw/provider_map.go @@ -1,13 +1,12 @@ package etw import ( - "context" "encoding/base64" "encoding/json" + "fmt" "strings" "github.com/Microsoft/go-winio/pkg/guid" - "github.com/Microsoft/hcsshim/internal/log" ) // Log Sources JSON structure @@ -94,17 +93,15 @@ func mergeLogSources(resultSources []Source, userSources []Source) []Source { } // decodeAndUnmarshalLogSources decodes a base64-encoded JSON string and unmarshals it into a LogSourcesInfo. -func decodeAndUnmarshalLogSources(ctx context.Context, base64EncodedJSONLogConfig string) (LogSourcesInfo, error) { +func decodeAndUnmarshalLogSources(base64EncodedJSONLogConfig string) (LogSourcesInfo, error) { jsonBytes, err := base64.StdEncoding.DecodeString(base64EncodedJSONLogConfig) if err != nil { - log.G(ctx).Errorf("Error decoding base64 log config: %v", err) - return LogSourcesInfo{}, err + return LogSourcesInfo{}, fmt.Errorf("error decoding base64 log config: %w", err) } var userLogSources LogSourcesInfo if err := json.Unmarshal(jsonBytes, &userLogSources); err != nil { - log.G(ctx).Errorf("Error unmarshalling user log config: %v", err) - return LogSourcesInfo{}, err + return LogSourcesInfo{}, fmt.Errorf("error unmarshalling user log config: %w", err) } return userLogSources, nil } @@ -119,14 +116,13 @@ func trimGUID(in string) string { // resolveGUIDsWithLookup normalizes and fills in provider GUIDs from the well-known ETW map // for all providers across all sources. Providers with an invalid GUID are warned and skipped. -func resolveGUIDsWithLookup(ctx context.Context, sources []Source) []Source { +func resolveGUIDsWithLookup(sources []Source) ([]Source, error) { for i, src := range sources { for j, provider := range src.Providers { if provider.ProviderGUID != "" { guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) if err != nil { - log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) - continue + return nil, fmt.Errorf("invalid GUID %q for provider %q: %w", provider.ProviderGUID, provider.ProviderName, err) } sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) } @@ -135,13 +131,13 @@ func resolveGUIDsWithLookup(ctx context.Context, sources []Source) []Source { } } } - return sources + return sources, nil } // stripRedundantGUIDs removes the GUID from providers where both Name and GUID are present and // the GUID matches the well-known lookup by name. This ensures sidecar-GCS prefers name-based -// policy verification. Invalid GUIDs are warned and left as-is after normalization. -func stripRedundantGUIDs(ctx context.Context, sources []Source) []Source { +// policy verification. Invalid GUIDs are errored out. +func stripRedundantGUIDs(sources []Source) ([]Source, error) { for i, src := range sources { for j, provider := range src.Providers { if provider.ProviderName == "" || provider.ProviderGUID == "" { @@ -149,38 +145,41 @@ func stripRedundantGUIDs(ctx context.Context, sources []Source) []Source { } guid, err := guid.FromString(trimGUID(provider.ProviderGUID)) if err != nil { - log.G(ctx).Warningf("Skipping invalid GUID %q for provider %q: %v", provider.ProviderGUID, provider.ProviderName, err) - continue + return nil, fmt.Errorf("invalid GUID %q for provider %q: %w", provider.ProviderGUID, provider.ProviderName, err) } if strings.EqualFold(guid.String(), getProviderGUIDFromName(provider.ProviderName)) { sources[i].Providers[j].ProviderGUID = "" } else { + // If the GUID doesn't match the well-known GUID for the provider name, + // we keep it but ensure it's normalized to lowercase without braces. + // However, we remove the provider name to avoid incorrect policy matches + // in sidecar-GCS, since the GUID is the source of truth in this case. + sources[i].Providers[j].ProviderName = "" sources[i].Providers[j].ProviderGUID = strings.ToLower(guid.String()) } } } - return sources + return sources, nil } // applyGUIDPolicy applies GUID resolution or stripping to all sources depending on the includeGUIDs flag. // See resolveGUIDsWithLookup and stripRedundantGUIDs for the respective behaviors. -func applyGUIDPolicy(ctx context.Context, sources []Source, includeGUIDs bool) []Source { +func applyGUIDPolicy(sources []Source, includeGUIDs bool) ([]Source, error) { if len(sources) == 0 { - return sources + return sources, nil } if includeGUIDs { - return resolveGUIDsWithLookup(ctx, sources) + return resolveGUIDsWithLookup(sources) } - return stripRedundantGUIDs(ctx, sources) + return stripRedundantGUIDs(sources) } // marshalAndEncodeLogSources marshals the given LogSourcesInfo to JSON and encodes it as a base64 string. // On error, it logs and returns the original fallback string. -func marshalAndEncodeLogSources(ctx context.Context, logCfg LogSourcesInfo, fallback string) (string, error) { +func marshalAndEncodeLogSources(logCfg LogSourcesInfo) (string, error) { jsonBytes, err := json.Marshal(logCfg) if err != nil { - log.G(ctx).Errorf("Error marshalling log config: %v", err) - return fallback, err + return "", fmt.Errorf("error marshalling log config: %w", err) } return base64.StdEncoding.EncodeToString(jsonBytes), nil } @@ -188,24 +187,30 @@ func marshalAndEncodeLogSources(ctx context.Context, logCfg LogSourcesInfo, fall // UpdateLogSources updates the user provided log sources with the default log sources based on the // configuration and returns the updated log sources as a base64 encoded JSON string. // If there is an error in the process, it returns the original user provided log sources string. -func UpdateLogSources(ctx context.Context, base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) string { +func UpdateLogSources(base64EncodedJSONLogConfig string, useDefaultLogSources bool, includeGUIDs bool) (string, error) { var resultLogCfg LogSourcesInfo if useDefaultLogSources { resultLogCfg = defaultLogSourcesInfo } if base64EncodedJSONLogConfig != "" { - userLogSources, err := decodeAndUnmarshalLogSources(ctx, base64EncodedJSONLogConfig) - if err == nil { - resultLogCfg.LogConfig.Sources = mergeLogSources(resultLogCfg.LogConfig.Sources, userLogSources.LogConfig.Sources) + userLogSources, err := decodeAndUnmarshalLogSources(base64EncodedJSONLogConfig) + if err != nil { + return "", fmt.Errorf("failed to decode and unmarshal user log sources: %w", err) } + resultLogCfg.LogConfig.Sources = mergeLogSources(resultLogCfg.LogConfig.Sources, userLogSources.LogConfig.Sources) + } - resultLogCfg.LogConfig.Sources = applyGUIDPolicy(ctx, resultLogCfg.LogConfig.Sources, includeGUIDs) + var err error + resultLogCfg.LogConfig.Sources, err = applyGUIDPolicy(resultLogCfg.LogConfig.Sources, includeGUIDs) + if err != nil { + return "", fmt.Errorf("failed to apply GUID policy: %w", err) + } - result, err := marshalAndEncodeLogSources(ctx, resultLogCfg, base64EncodedJSONLogConfig) + result, err := marshalAndEncodeLogSources(resultLogCfg) if err != nil { - return base64EncodedJSONLogConfig + return "", fmt.Errorf("failed to marshal and encode log sources: %w", err) } - return result + return result, nil } diff --git a/internal/vm/vmutils/etw/provider_map_test.go b/internal/vm/vmutils/etw/provider_map_test.go index 410224ede4..039409d92b 100644 --- a/internal/vm/vmutils/etw/provider_map_test.go +++ b/internal/vm/vmutils/etw/provider_map_test.go @@ -1,7 +1,6 @@ package etw import ( - "context" "encoding/base64" "encoding/json" "reflect" @@ -108,7 +107,10 @@ func TestUpdateLogSources_Combinations(t *testing.T) { t.Run(tt.name, func(t *testing.T) { defaultLogSourcesInfo = cloneLogSourcesInfo(originalDefaults) - gotEncoded := UpdateLogSources(context.Background(), tt.base64Input, tt.useDefault, tt.includeGUIDs) + gotEncoded, err := UpdateLogSources(tt.base64Input, tt.useDefault, tt.includeGUIDs) + if err != nil { + t.Fatalf("UpdateLogSources returned error: %v", err) + } got := mustDecodeLogSources(t, gotEncoded) if !reflect.DeepEqual(got, tt.expectedLogCfg) { @@ -243,3 +245,185 @@ func mustDecodeLogSources(t *testing.T, encoded string) LogSourcesInfo { } return cfg } + +func TestUpdateLogSources_ErrorCases(t *testing.T) { + originalDefaults := cloneLogSourcesInfo(defaultLogSourcesInfo) + t.Cleanup(func() { + defaultLogSourcesInfo = cloneLogSourcesInfo(originalDefaults) + }) + + // Build a config with an invalid GUID to trigger applyGUIDPolicy errors. + invalidGUIDConfig := LogSourcesInfo{ + LogConfig: LogConfig{ + Sources: []Source{ + { + Type: "ETW", + Providers: []EtwProvider{ + { + ProviderName: "SomeProvider", + ProviderGUID: "not-a-valid-guid", + }, + }, + }, + }, + }, + } + invalidGUIDBase64 := mustEncodeLogSources(t, invalidGUIDConfig) + + // Build a config with an invalid GUID but no provider name (only GUID set), + // to trigger the resolveGUIDsWithLookup path specifically. + invalidGUIDOnlyConfig := LogSourcesInfo{ + LogConfig: LogConfig{ + Sources: []Source{ + { + Type: "ETW", + Providers: []EtwProvider{ + { + ProviderGUID: "zzz-invalid", + }, + }, + }, + }, + }, + } + invalidGUIDOnlyBase64 := mustEncodeLogSources(t, invalidGUIDOnlyConfig) + + tests := []struct { + name string + base64Input string + useDefault bool + includeGUIDs bool + errContains string + }{ + { + name: "invalid_base64_input", + base64Input: "not-valid-base64!@#$", + useDefault: false, + includeGUIDs: false, + errContains: "failed to decode and unmarshal user log sources", + }, + { + name: "valid_base64_invalid_json", + base64Input: base64.StdEncoding.EncodeToString([]byte("{{not json}}")), + useDefault: false, + includeGUIDs: false, + errContains: "failed to decode and unmarshal user log sources", + }, + { + name: "invalid_base64_with_defaults", + base64Input: "!!!bad-base64!!!", + useDefault: true, + includeGUIDs: false, + errContains: "failed to decode and unmarshal user log sources", + }, + { + name: "invalid_base64_with_defaults_and_guids", + base64Input: "???", + useDefault: true, + includeGUIDs: true, + errContains: "failed to decode and unmarshal user log sources", + }, + { + name: "valid_base64_malformed_json_structure", + base64Input: base64.StdEncoding.EncodeToString([]byte(`{"LogConfig": {"sources": "not_an_array"}}`)), + useDefault: false, + includeGUIDs: false, + errContains: "failed to decode and unmarshal user log sources", + }, + { + name: "invalid_guid_with_includeGUIDs_resolveGUIDsWithLookup", + base64Input: invalidGUIDBase64, + useDefault: false, + includeGUIDs: true, + errContains: "failed to apply GUID policy", + }, + { + name: "invalid_guid_without_includeGUIDs_stripRedundantGUIDs", + base64Input: invalidGUIDBase64, + useDefault: false, + includeGUIDs: false, + errContains: "failed to apply GUID policy", + }, + { + name: "invalid_guid_only_no_name_with_includeGUIDs", + base64Input: invalidGUIDOnlyBase64, + useDefault: false, + includeGUIDs: true, + errContains: "failed to apply GUID policy", + }, + { + name: "invalid_guid_with_defaults_and_includeGUIDs", + base64Input: invalidGUIDBase64, + useDefault: true, + includeGUIDs: true, + errContains: "failed to apply GUID policy", + }, + { + name: "invalid_guid_with_defaults_without_includeGUIDs", + base64Input: invalidGUIDBase64, + useDefault: true, + includeGUIDs: false, + errContains: "failed to apply GUID policy", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + defaultLogSourcesInfo = cloneLogSourcesInfo(originalDefaults) + + got, err := UpdateLogSources(tt.base64Input, tt.useDefault, tt.includeGUIDs) + if err == nil { + t.Fatalf("expected error containing %q, got nil (result: %q)", tt.errContains, got) + } + if !strings.Contains(err.Error(), tt.errContains) { + t.Fatalf("expected error containing %q, got: %v", tt.errContains, err) + } + if got != "" { + t.Fatalf("expected empty result on error, got %q", got) + } + }) + } +} + +func TestUpdateLogSources_ReturnsLowercaseProviderFields(t *testing.T) { + // Mixed-case input on purpose. + userCfg := LogSourcesInfo{ + LogConfig: LogConfig{ + Sources: []Source{ + { + Type: "ETW", + Providers: []EtwProvider{ + { + ProviderName: "Microsoft.Windows.HyperV.Compute", + }, + { + ProviderName: "Some.Mixed.Case.Provider", + ProviderGUID: "{6F9619FF-8B86-D011-B42D-00C04FC964FF}", + }, + }, + }, + }, + }, + } + + encoded := mustEncodeLogSources(t, userCfg) + + // useDefaultLogSources=false keeps assertion focused on this input only. + got, err := UpdateLogSources(encoded, false, true) + if err != nil { + t.Fatalf("UpdateLogSources returned unexpected error: %v", err) + } + + decoded := mustDecodeLogSources(t, got) + + for si, src := range decoded.LogConfig.Sources { + for pi, p := range src.Providers { + if p.ProviderName != "" && p.ProviderName != strings.ToLower(p.ProviderName) { + t.Fatalf("providerName is not lowercase at source[%d].providers[%d]: %q", si, pi, p.ProviderName) + } + if p.ProviderGUID != "" && p.ProviderGUID != strings.ToLower(p.ProviderGUID) { + t.Fatalf("providerGuid is not lowercase at source[%d].providers[%d]: %q", si, pi, p.ProviderGUID) + } + } + } +} From f430c989299c0c146fd50287fd098a072900364a Mon Sep 17 00:00:00 2001 From: Manish Ranjan Mahanta Date: Wed, 18 Mar 2026 20:00:00 +0530 Subject: [PATCH 7/7] Removing stale test Signed-off-by: Manish Ranjan Mahanta --- internal/vm/vmutils/etw/provider_map_test.go | 43 -------------------- 1 file changed, 43 deletions(-) diff --git a/internal/vm/vmutils/etw/provider_map_test.go b/internal/vm/vmutils/etw/provider_map_test.go index 039409d92b..4aa62d861c 100644 --- a/internal/vm/vmutils/etw/provider_map_test.go +++ b/internal/vm/vmutils/etw/provider_map_test.go @@ -384,46 +384,3 @@ func TestUpdateLogSources_ErrorCases(t *testing.T) { }) } } - -func TestUpdateLogSources_ReturnsLowercaseProviderFields(t *testing.T) { - // Mixed-case input on purpose. - userCfg := LogSourcesInfo{ - LogConfig: LogConfig{ - Sources: []Source{ - { - Type: "ETW", - Providers: []EtwProvider{ - { - ProviderName: "Microsoft.Windows.HyperV.Compute", - }, - { - ProviderName: "Some.Mixed.Case.Provider", - ProviderGUID: "{6F9619FF-8B86-D011-B42D-00C04FC964FF}", - }, - }, - }, - }, - }, - } - - encoded := mustEncodeLogSources(t, userCfg) - - // useDefaultLogSources=false keeps assertion focused on this input only. - got, err := UpdateLogSources(encoded, false, true) - if err != nil { - t.Fatalf("UpdateLogSources returned unexpected error: %v", err) - } - - decoded := mustDecodeLogSources(t, got) - - for si, src := range decoded.LogConfig.Sources { - for pi, p := range src.Providers { - if p.ProviderName != "" && p.ProviderName != strings.ToLower(p.ProviderName) { - t.Fatalf("providerName is not lowercase at source[%d].providers[%d]: %q", si, pi, p.ProviderName) - } - if p.ProviderGUID != "" && p.ProviderGUID != strings.ToLower(p.ProviderGUID) { - t.Fatalf("providerGuid is not lowercase at source[%d].providers[%d]: %q", si, pi, p.ProviderGUID) - } - } - } -}