Windows 7 / Getting Started

Understanding WER Data

To optimize the reporting process, the WER error data is divided into first- and second-level data. During first-level communication with the back-end servers, WER determines if more data is needed. If the server returns a request for more data, collection of the second-level data begins immediately. Simultaneously, a second-level consent dialog box is displayed.

First-Level Data

First-level data consists of up to 10 string parameters that identify a particular classification of the problem. This data is stored in the report manifest file, Report.wer, and is initially submitted to the Watson back-end servers. (The Report.wer file is not itself sent-only the parameters are sent.) The included parameters are used to identify a class of problems. For example, the parameters for a crash (Application Name, Application Version, Module Name, Module Version, Module Offset, AppTimeStamp, ModTimeStamp, and ExceptionCode) provide a unique way to accurately classify a crash. The parameters are the only data submitted to the Watson back-end during first-level communication.

Reports are stored in an archive as a folder structure on the system. Each report subfolder contains, at a minimum, the report manifest text file (Report.wer), which describes the contents of the error report. Although the Report.wer file is a simple text file, it is not meant to be human-readable or editable. Any files referenced by the report are also placed in this folder. The following major sections appear in most Report.wer files:

  • Version
  • Event Information
  • Signature
  • UI
  • State
  • Files
  • Response

Second-Level Data

Second-level data is additional data that may be needed to diagnose and resolve a particular bucket. Because Microsoft usually needs only a small sample of this verbose data, the secondlevel data is submitted only if the back-end server requests it and the user consents to sharing the data. Second-level data is split into two categories:

  • Safe data This is information that the developer feels is unlikely to contain any personal information, such as a small section of memory, a specific registry key, or a log file.
  • Other data This encompasses everything that is not safe data, which may or may not contain personal information.

You have the option to always send safe data automatically. Second-level data is specified by the back-end Watson servers and can include, but is not limited to, the following items:

  • Minidump file
  • Contents of the heap
  • Registry Keys
  • WMI queries
  • Miscellaneous files

More Info For more information about what information can be sent with WER, see the Windows Vista WER Privacy Statement at

Note Beginning with Windows Vista, WER generates minidump files and heap dump files; it does not generate user-mode process dump files. For information about how to generate user-mode process dump files, see Knowledge Base article 931673, "How to create a user-mode process dump file in Windows Vista," at

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 Desktop Maintenance
  2. Performance Monitoring
  3. Improvements to Performance Monitoring in Windows 7
  4. Using Performance Monitor
  5. Real-Time Performance Monitoring
  6. Performance Monitor Logging
  7. Creating a Data Collector Set
  8. Configuring a Data Collector Set
  9. Using Data Manager to View Performance Data
  10. Starting and Stopping Data Logging
  11. Viewing Performance Data
  12. Comparing Performance Monitor Logs
  13. Performance Monitor User Rights
  14. Remote Data Collection
  15. Using Windows PowerShell for Performance Monitoring
  16. Resource Monitor
  17. Overview Tab
  18. CPU Tab
  19. Memory Tab
  20. Disk Tab
  21. Network Tab
  22. Reliability Monitor
  23. How Reliability Monitor Works
  24. Windows Performance Tools Kit
  25. Event Monitoring
  26. Understanding the Windows Event Architecture
  27. Channels
  28. Improvements to Event Monitoring in Windows 7
  29. Using Event Viewer
  30. Understanding Views
  31. Viewing Event Logs
  32. Saving Event Logs
  33. Configuring Event Subscriptions
  34. Considerations for Workgroup Environments
  35. Creating a New Subscription
  36. Using the Windows Events Command-Line Utility for Event Monitoring
  37. Using Windows PowerShell for Event Monitoring
  38. Using Task Scheduler
  39. Improvements to Task Scheduler in Windows 7
  40. Understanding Tasks
  41. Understanding the Task Scheduler Architecture
  42. Understanding Task Scheduler Security
  43. Credentials Management
  44. Securing Running Tasks
  45. Understanding AT and Task Scheduler v1.0 Compatibility Modes
  46. Understanding the Task Scheduler Snap-in
  47. Understanding Default Tasks
  48. Creating Tasks
  49. Defining Triggers
  50. At Startup Trigger
  51. On Connection To AND Disconnect From User Session Triggers
  52. On Workstation Lock AND Unlock Triggers
  53. Defining Actions
  54. Defining Conditions
  55. Defining Settings
  56. Managing Tasks
  57. Viewing History
  58. Using SchTasks.exe for Creating and Managing Tasks
  59. Task Scheduler Events
  60. Troubleshooting Task Scheduler
  61. Tasks Won't Run If the Service Is Not Started
  62. The Task Will Run Only When a Certain User Is Logged On
  63. The Task Action Failed to Execute
  64. Interpreting Result and Return Codes
  65. Understanding the Windows System Assessment Tool
  66. Understanding WinSAT Assessment Tests
  67. Examining the WinSAT Features Assessment
  68. Running WinSAT from the Command Line
  69. Understanding WinSAT Command Exit Values
  70. Running WinSAT Using Performance Information and Tools
  71. System Capabilities Section
  72. OEM Upsell And Help Section
  73. Understanding Windows Error Reporting
  74. Overview of Windows Error Reporting
  75. How WER Works
  76. Store Management System
  77. ReportArchive Folder
  78. WER Service
  79. Understanding the Error Reporting Cycle
  80. Understanding WER Data
  81. Configuring WER Using Group Policy
  82. Configuring WER Using the Action Center