1

My Windows 10 desktop keeps writing on drive C. Even if the system is idle. With resmon I see that the system process writes continuously something like 200KB/s. That's 20GB a day. And prevents the drive from going in standby. With procmon I see that this is mainly related to .log, .evtx, .etl files. I understand that this is logging. I don't need it. I don't want it. It hogs resources. It consumes power. It wears out SSD. I want it gone. Is there a way?

I have disabled all non microsft services, and I disabled logging on all WFP events as suggested here: How to disable Windows 10 system log. But the problem persists.

arandy
  • 11
  • 3

1 Answers1

1

I've just posted this answer to the question you linked, and I'll post it here as well. I guess this would fall under "micromanaging every event", after you've disabled what you could.

If you want to disable specific event logging, go to Event Viewer and right-click on an event log you want to get rid of. Click Event Properties.

A new window should open - click XML view, where you'll be able to see the event's GUID. We'll try to find the event logging service in the registry based on this GUID. Not all events have this GUID, and we won't be able to find every GUID in the registry.

Event properties

After we have our GUID, we navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System in regedit, and we search for our GUID inside curved brackets.

If we find it, we can then proceed to change the Enabled and EnabledProperty keys:

"Enabled"=dword:0
"EnableProperty"=dword:0

Registry editing

P.S. Not sure what would happen if you were to play with eventvwr.exe and eventvwr.msc inside C:\WINDOWS\system32 (permissions, deleting those files, ...)

GChuf
  • 1,327