Startup Item

The startup item kernel driver resource.

The startup item job resource.

The unique name of the startup item.

Entity:PROCESS
The startup item process resource.

The list of normalized identifiers that describe the startup items' properties when it is running. Use this field to capture extended information about the process, which may depend on the type of startup item. E.g., A Windows service that interacts with the desktop.

• 0: Unknown (UNKNOWN)
• 1: Interactive (INTERACTIVE)
• 2: Own Process (OWN_PROCESS)
• 3: Shared Process (SHARED_PROCESS)
• 99: Other (OTHER)

The list of run_modes, normalized to the captions of the run_mode_id values. In the case of 'Other', they are defined by the event source.

The run state of the startup item.

The run state ID of the startup item.

• 0: Unknown (UNKNOWN)
• 1: Stopped (STOPPED)
• 2: Start Pending (START_PENDING)
• 3: Stop Pending (STOP_PENDING)
• 4: Running (RUNNING)
• 5: Continue Pending (CONTINUE_PENDING)
• 6: Pause Pending (PAUSE_PENDING)
• 7: Paused (PAUSED)
• 8: Restart Pending (RESTART_PENDING)
• 99: Other (OTHER)

The start type of the startup item.

The start type ID of the startup item.

• 0: Unknown (UNKNOWN)
• 1: Auto (AUTO)
• 2: Boot (BOOT)
• 3: On Demand (ON_DEMAND)
• 4: Disabled (DISABLED)
• 5: All Logins (ALL_LOGINS)
• 6: Specific User Login (SPECIFIC_USER_LOGIN)
• 7: Scheduled (SCHEDULED)
• 8: System Changed (SYSTEM_CHANGED)
• 99: Other (OTHER)

The startup item type.

The startup item type identifier.

• 0: Unknown (UNKNOWN)
• 1: Kernel Mode Driver (KERNEL_MODE_DRIVER)
• 2: User Mode Driver (USER_MODE_DRIVER)
• 3: Service (SERVICE)
• 4: User Mode Application (USER_MODE_APPLICATION)
• 5: Autoload (AUTOLOAD)
• 6: System Extension (SYSTEM_EXTENSION)
• 7: Kernel Extension (KERNEL_EXTENSION)
• 8: Scheduled Job, Task (SCHEDULED_JOB,_TASK)
• 99: Other (OTHER)

The startup item Windows service resource.