C:\Windows\system32\ntdsperf.dll
fabio mi
Received From: (ALADIN) any->EventChannel
Rule: 60602 fired (level 9) -> "Windows application error event."
Portion of the log(s):
{"win":{"system":{"providerName":"Microsoft-Windows-Perflib","providerGuid":"{13b197bd-7cee-4b4e-8dd0-59314ce374ce}","eventID":"1023","version":"1","level":"2","task":"0","opcode":"0","keywords":"0x8000000000000000","systemTime":"2024-09-22T21:01:20.467431400Z","eventRecordID":"30063","processID":"3332","threadID":"5032","channel":"Application","computer":"ALADIN.zardo.local","severityValue":"ERROR","message":"\"Windows cannot load the extensible counter DLL \"C:\\Windows\\system32\\ntdsperf.dll\" (Win32 error code The specified module could not be found.).\""},"eventdata":{"library":"C:\\\\Windows\\\\system32\\\\ntdsperf.dll","win32Error":"126"}}}
win.system.providerName: Microsoft-Windows-Perflib
win.system.providerGuid: {13b197bd-7cee-4b4e-8dd0-59314ce374ce}
win.system.eventID: 1023
win.system.version: 1
win.system.level: 2
win.system.task: 0
win.system.opcode: 0
win.system.keywords: 0x8000000000000000
win.system.systemTime: 2024-09-22T21:01:20.467431400Z
win.system.eventRecordID: 30063
win.system.processID: 3332
win.system.threadID: 5032
win.system.channel: Application
win.system.computer: ALADIN.zardo.local
win.system.severityValue: ERROR
win.system.message: "Windows cannot load the extensible counter DLL "C:\Windows\system32\ntdsperf.dll" (Win32 error code The specified module could not be found.)."
win.eventdata.library: C:\\Windows\\system32\\ntdsperf.dll
win.eventdata.win32Error: 126
Henadence Anyam
For example, the following rule will not be alerted via email: <rule id="110005" level="9"> <if_sid>60602</if_sid> <options>no_email_alert</options> <description>Windows Application error event</description> </rule>
Let me know if you find this information helpful.