EventPeeker
Scan your Security and Sysmon logs·Detection guides
Event ID 7ErrorSystem

Windows Event ID 7Disk Error — Bad Block

Logged by the disk driver when it detects an unrecoverable read or write error at a specific block location.

Why It Matters

Disk errors indicate failing storage hardware. Uncorrected disk errors lead to data corruption, file system damage, and eventual disk failure. On virtual machines, they can also indicate storage backend issues.

Key Fields

DeviceNameThe disk experiencing errors (e.g. \Device\Harddisk0\DR0)
EventDataThe I/O operation type and offset of the failing block

Investigation Tips

  1. 1.Run SMART diagnostics immediately: wmic diskdrive get status or vendor tools.
  2. 2.Multiple Event ID 7 entries across a short period indicate a rapidly failing disk — replace immediately.
  3. 3.Check the Volume Shadow Copy and backup status before the disk fails completely.

Related Event IDs

11Driver error on the device controller
153Disk IO retried — earlier warning before full 7 errors

See Event ID 7 in your logs

Upload a Windows Event Log (.evtx) file — EventPeeker automatically detects disk error — bad block patterns, maps findings to MITRE ATT&CK, and generates an AI triage report.

Analyze EVTX Logs Free →
← All detection guides·Analyze EVTX Logs Free →