Can Windows Logging be turned off?

December 2, 2018 at 07:28:19
Specs: several
I've been using Windows 10 on this laptop for two years,
and as far as I recall, I've never made actual use of the
event logs. I have re-installed Windows a couple of times,
disabled some log files and deleted others, so the number
of log files on my computer is probably far less than would
be expected for a computer two years old.

In Event Viewer/Windows Logs I find:

Application....4,280 events
Security......30,740 events
Setup.................5 events
System.......29,047 events

In Applications and Services Logs:

Hewlett-Packard......1 event
isaAgentLog..........98 events
Microsoft/Windows.... roughly 130,000 events in 100 logs!

Do I need ANY of these?
Can they all be turned off? If so, how?
Can existing logs all be deleted? If so, how?

-- Jeff, in Minneapolis

message edited by Jeff Root


See More: Can Windows Logging be turned off?

Reply ↓  Report •

#1
December 2, 2018 at 09:48:43
You might be better off to use a batch file to clear all logs from time to time. See here:
https://winaero.com/blog/how-to-cle...

Then if you need to look at Events when diagnosing a problem they will be more manageable (see the most recent ones only). I have found the information useful at times for diagnosis but "Event error chasing" in its own right is probably pointless because most of them don't matter a fig.

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#2
December 4, 2018 at 00:36:31
I'm sure that you can simply disable the Windows logging service.

I'm even more sure that you shouldn't.


Reply ↓  Report •

#3
December 4, 2018 at 20:39:33
Tell me about why I shouldn't.

-- Jeff, in Minneapolis


Reply ↓  Report •

Related Solutions

#4
December 4, 2018 at 23:14:17
Better question: What do you hope to gain from disabling logging?

How To Ask Questions The Smart Way


Reply ↓  Report •

#5
December 5, 2018 at 00:02:29
1. It has no performance impact.

2. It uses minimal disk space.

3. Certain other services require Windows logging to be running.

4. Turning it off deprives you of useful information and is a potential security risk. It might lead to system crashes.

I'm sure that you have a good reason for wanting to disable this required Windows service - I'd be intrigued to know what it is.


Reply ↓  Report •

#6
December 5, 2018 at 13:44:00
I'm not concerned about performance or disk space.

I AM concerned that the drive is CONSTANTLY being written
to, without my informed consent. I have almost no idea what
is being recorded, or why. As I said, in the two years I've been
using this computer, I'm pretty sure I've never gotten any useful
information from any log. It clearly is not being recorded for MY
benefit.

What certain other services require Windows logging to be running?
I've tried disabling PreFetch, Superfetch, ReadyBoot, Disk Optimizer,
and various other things, but the drive is still CONSTANTLY being
written to.

How is turning off logging a security risk? Is it as big a risk as
allowing unknown programs to write unknown information to
unknown locations on my hard drive for unknown purposes
without informing me that they are doing so?

-- Jeff, in Minneapolis


Reply ↓  Report •

#7
December 5, 2018 at 14:30:03
You can stop the Event logging if you want to by switching it off in Services:

Type services.msc in the Run box (Windows key + R).

Locate "Windows Event Log" in the list on the right.
Double click it and hit the Stop button.
After it has stopped use the drop down in "Startup type" and set it to Disable.

The logs will remain but will no longer be added to. If you want to clear them out use the batch file I suggested in #1.

As said, I have found the logs useful for diagnosis at different times over the years.
They are not particularly sinister, only MS collecting error data for analysis.

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#8
December 6, 2018 at 11:05:00
If you believe that Windows is an unknown program writing unknown information to your hard disk, then you are probably using the wrong operating system.

Personally, I don't like my OS doing things without letting me see what it is doing. That's what the event logs are for - to keep a record of what is happening to your system. And, God forbid, somebody manages to break into your system the information they provide would be invaluable. More prosaically, they will let you track and deal with andy problems that your system is encountering.

message edited by ijack


Reply ↓  Report •

#9
December 12, 2018 at 12:29:08
While in the past I've declared your quest to keep your HDD 100% idle is doomed, it occurs to me I've never explained why. But first, direct quotes and responses.

Jeff Root: I have almost no idea what is being recorded, or why.
If only there was something to record the activities and the circumstances of a Windows PC. Some sort of log, keeping track of recent events.

Jeff Root: I'm pretty sure I've never gotten any useful information from any log.
Congratulations on never having anything unexplained (like disk access) or unexpected happen. You're living the Apple life on a Windows box.

Jeff Root: What certain other services require Windows logging to be running?
In certain situations, mostly involving the security log, Windows may consider itself compromised and BSOD if it can't log. So to answer your question, sometimes the kernel. I'd also expect a general performance hit as components and applications attempt to talk to a non-existent logger, but it may be imperceptible and I haven't seen have any evidence one way or the other.

Jeff Root: [T]he drive is still CONSTANTLY being written to.
Yeah, we'll get to that. I will note, however, that system logs report on activity, not inactivity. If logging is occurring, it generally is not done so when the system is otherwise idle.

Jeff Root: How is turning off logging a security risk?
In the event of a security breach, logs can provide evidence of the breach as well as a clearer picture of the compromise and / or nature of the breach. That's why it's SOP for malicious actors to delete logs or disable logging whenever they act.

Jeff Root: Is [disabling logging] as big a risk as allowing unknown programs to write [to the disk] without informing me that they are doing so?
It's sort of a apples / oranges comparison, but the former is possibly a sign of malicious intent, while the latter is the result of normal operation of your system. You should probably know what programs are running on your box, though.

So, I mentioned I'd get to why your HDD is doomed to activity, but you'll need to run a utility to do so. It's included with Windows, and it's called the Resource Monitor. Open it up, and go to the memory tab.

In the Physical Memory section, there's a chart? line? repurposed progress bar? listing how your RAM is divvied up. Hardware Reserved is normally uninteresting; it's just memory Windows has no direct control over. Free and Standby are even less interesting. Both are free memory, with Free having been zeroed out, ready for immediate use.

The sections I want to point out are the In Use and Modified categories. In Use is memory currently used by and filled with running programs backed by disk. Modified is memory currently used by programs not yet backed by disk.

What do I mean by "backed by disk?" Windows copies as much memory as it can to its page file(s), so that the In Use portion can be discarded and replaced with new data on demand. In theory, this halves the cost of paging in, since you've already done the work and I/O to page out. In your case, this means you'll get disk activity whenever Windows thinks the disk is idle enough and memory pages haven't been modified for long enough.

So how do you see what's causing disk activity? Easiest way is to use the Disk tab in Resource Monitor. It'll list both processes causing disk activity, as well as files being used. The process listing is the less useful of the two, as System will almost always be the most active. It holds all kernel activity, and manages memory mapped files for other processes.

How To Ask Questions The Smart Way


Reply ↓  Report •

#10
December 12, 2018 at 21:17:13
The very best you can do as far as making your processes and CPU idle at nearly 100% most of your idle time is to start with a completely clean install of Windows from a non-factory disk. Factory installs will never come close to that ideal. I keep MS Process Explorer installed on my computers in case of unusual activity to see what is happening and to add more detail to those of Task Manager. I severely limit installed programs to those I really use and keep nearly all from starting with Windows. This can achieve the idle approaching and occasionally dipping into the 100% idle range but if you watch it, Windows systems pop up at random times using small amounts of CPU, memory, and disk access across a number of processes. This is very normal and does not effect normal usage, performance, and safety as they are normal integral processes just keeping things running right. If this is all you are getting then you are running at optimal for Windows. Don't Mess With It!

If you worry about MS and what they are monitoring then switch to Linux instead or get a reality check for your paranoia because it is a little higher than normal.

Note: Microsoft does appear to have a slightly heavier hand on the pulse of Windows 10 than they had on XP or W7 but we do not in the long run have much choice except to leave Windows if it bothers us enough. I do not think Apple is any better and I do not see Google (Chromebook) keeping their sticky hands out of our pockets (especially after they get a market share). That leaves us putting up with MS or going Open Source with Linux (tempting).

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#11
December 13, 2018 at 06:45:15
My view of how operating systems, programs, and networking
should work is probably shaped largely by my experience with
Commodore computers, Apple IIe, MS-DOS, and Fidonet in the
1980's. None of them ever wrote to disk without informing the
user and asking for permission first. Ever. None of them ever
exposed user data to hacking by someone who didn't have
physical access to the computer. Ever. The systems I used
were fully secure, fully useable, and highly reliable without
antivirus, firewalls, or logging.

My first computer's operating system was so straightforward
that I actually "reverse engineered" something like 60% of it in
assembly language, figuring out exactly what each instruction
did, byte-by-byte. I could have done 100% of it if I had wanted
to spend the time working through routines for math operations,
drawing graphics, and disk access. I did, for example, completely
disassemble the routines that read the keyboard and printed the
typed characters in the appropriate locations onscreen.

Later on I also used Ubuntu through several versions. It required
enough dinking around to make it work that most of the time I
preferred to use Windows or DOS, which usually worked without
adjustments and obscure commands.

I'm sort of rolling two different concerns into one, because they
aren't really separate: Unnecessary disk access, and collection
of information about me by people I don't know. The latter tends
to involve the former, so they blend together. If any logging is
actually required for my computer to do the things I want it to,
I'm not aware of it. Yet an enormous amount of logging is done,
even after I have disabled many of the services that do logging.

I believe that I have been successful at eliminating all or almost
all network access by the operating system and programs without
my prior knowledge and consent. I don't have much hope that I
can do the same for disk access, but I want to keep trying.

-- Jeff, in Minneapolis


Reply ↓  Report •

#12
December 13, 2018 at 07:30:11
The 1980s is of little relevance - things have changed too dramatically since then. Not always for the better but that's what happens with progress.

As regards security then that is also down to progress. At one time there were just the bad guys, now we have both legal and illegal criminals.

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#13
December 13, 2018 at 07:49:26
I imagine that the 1950's is of even less relevance. Since I was
born in the 1950's, that means I'm pretty close to completely
irrelevant, right?

"Legal criminals." Is that Newspeak? :-)

-- Jeff, in Minneapolis


Reply ↓  Report •

#14
December 13, 2018 at 09:30:46
Yes, and I clearly died years ago.

No, legal criminals is "mespeak". The way I see it all massive businesses are legal criminals. Even the best of them lie through their teeth (they call it marketing - politicians call it righteousness). Scam artists are illegal, if you see what I mean.

Always pop back and let us know the outcome - thanks

message edited by Derek


Reply ↓  Report •

#15
December 13, 2018 at 09:38:22
You are living in a fantasy world. The Apple operating system and MS-DOS were completely open to anyone. Security was an unknown concept. And, yes, they wrote to the disk without asking you. If you had to OK every write to the disk of even insecure, primitive operating systems such as the ones you mention you would never get anything donme on the computer.

Next you'll be complaining that prograqmns write to RAM, or to the screen, without asking your permission.

It's ridiculous. You are complaining about the part of the operating system that does exactly what you want it to - tell you what is happening on your computer.


Reply ↓  Report •

#16
December 13, 2018 at 20:57:54
Yes, I learned assembly language in school so we could see that something as simple as multiplying two numbers required adding one number to itself a certain number of times while counting down those times until the count down reached zero. Then we needed to permanently save the result, print it, and clear the temporary locations (if I remember correctly). We had to do all of this on punch cards (1970's) with one line of instruction per card. This was an introduction to more advanced programming after learning Fortran for two terms in order to be able to think the way a computer thinks. I did take PL1/Plago in collage but did not go into programming though I feel that I do understand computers and their ways like few do who are not serious computer people (programmers, hackers, etc.).

This has very little to do with the modern operating system. Unless you have government or corporate secrets to keep or illegal stuff to keep secret you should not worry about anyone interested in your stuff, just do not keep critical personal information, bank and credit card stuff on your system. I doubt that you need to worry about MS or even Russia peaking at your list of last used programs, pictures, or porn sites you may have visited. Just run the system as clean as you reasonably can, scan/clean periodically, and live your life without that added stress you are piling on.

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

Ask Question