Hi,
I have no idea why Event ID 27(Microsoft-Windows-Kernel-Boot) misses after fast startup in Windows 11.
As I know, the Event ID 27 should've appeared in the Event Viewer after startup regardless of the type of startup.(normal boot(0), fast startup(1) or hibernation(2))
(And Windows 10 works well with sending Event ID 27 to Event Viewer after fast startup!)
I need this event to trigger some win32 API functions when boot up.
===========================================
[Systeminfo]:
Microsoft Windows 11 Pro
[01]: KB5006363
[02]: KB5008295
[03]: KB5005635
[04]: KB5005703
[05]: KB5006755
===========================================
1. Event Viewer should've shown Event ID 27 after boot up.
2. Besides, Microsoft-Windows-Kernel-Boot%4Operational.evtx shows Event ID 49 with each startup as follows:
System
Provider
[ Name] Microsoft-Windows-Kernel-Boot
[ Guid] {15ca44ff-4d7a-4baa-bba5-0998955e531e}EventID 49
Version 0
Level 2
Task 29
Opcode 0
Keywords 0x2000000000000000
TimeCreated
[ SystemTime] 2021-11-22T05:58:41.0222284Z
EventRecordID 50
Correlation
Execution
[ ProcessID] 4
[ ThreadID] 8Channel Microsoft-Windows-Kernel-Boot/Operational
Computer nick
Security
[ UserID] S-1-5-18
EventData
ImageName \EFI\Microsoft\Boot\CiPolicies\Active{CDD5CB55-DB68-4D71-AA38-3DF2B6473A52}.cip
SiPolicyStatus 3236495362
I want to receive the Event ID 27 after fast startup.
Thanks!
Best Regards,
Nick