EventPeeker
Scan your Security and Sysmon logs·Detection guides
Event ID 11ErrorSystem

Windows Event ID 11Driver Error — Controller Reset

Logged by the disk or controller driver when it resets a device due to an error — typically accompanies Event ID 7.

Why It Matters

Controller resets cause I/O stalls and can lead to data corruption. Combined with Event ID 7, they indicate a failing disk, cable issue, or storage controller problem.

Key Fields

DeviceNameThe device that triggered the reset

Investigation Tips

  1. 1.Check physical connections (SATA/SAS cables) on physical hardware.
  2. 2.On VMs, escalate to the storage administrator to check the underlying storage array.
  3. 3.Replace the affected disk if both 7 and 11 are recurring.

Related Event IDs

7Disk bad block error

See Event ID 11 in your logs

Upload a Windows Event Log (.evtx) file — EventPeeker automatically detects driver error — controller reset patterns, maps findings to MITRE ATT&CK, and generates an AI triage report.

Analyze EVTX Logs Free →
← All detection guides·Analyze EVTX Logs Free →