Event ID 1001 in the Windows Application Log could potentially indicate a BlueScreen, but this may not always be the case with Windows 10/11. Windows generates LiveKernelEvent and Event Name: BlueScreen events for crashing drivers and Kernel components, but this does not necessarily mean there was a classic BSOD. This was discovered with the help of AI and information from Microsoft/Gemini. The discussion included helpful contributions from fellow members.
Read the entire ‘Understanding Windows Event ID 1001 and the BlueScreen Reference’ thread below:
Title – Windows event ID 1001 which mentions a "BlueScreen" but not really a BSOD
Hi All, here is an interesting tidbit I think all of us can benefit from.
Recently, one of our users saw the following Windows event via our CU4D events UI:
(continue in thread)
this is event ID 1001 from the Windows Application Log, and it does seem like it indicates Windows had a BSOD. The customer couldn’t find a correlated BSOD in our Blue Screen report or the Employee View, and thought we may have a data collection issue
So, after reviewing this issue (and with the help of AI) we reached the following conclusion – with Windows 10/11, when a driver or other Kernel component is crashing, Windows will generate the following event, which includes the LiveKernelEvnet event name:
Right after this LiveKernelEvnet, Windows will generate a bunch of 1001 events, all including the Event Name: BlueScreen refernece:
Per Microsoft / Gemini, this is how WER works, and this has nothing to do with the good old classic BSOD
hopefully you guys will find this useful
(thanks @member and @member!)
Continue reading and comment on the thread ‘Understanding Windows Event ID 1001 and the BlueScreen Reference’. Not a member? Join Here!
Categories: All Archives, ControlUp for Desktops