1

My Windows 10 desktop keeps writing on drive C. Even if the system is idle. With resmon I see that the system process writes continuously something like 200KB/s. That's 20GB a day. And prevents the drive from going in standby. With procmon I see that this is mainly related to .log, .evtx, .etl files. I understand that this is logging. I don't need it. I don't want it. It hogs resources. It consumes power. It wears out SSD. I want it gone. Is there a way?

I have disabled all non microsft services, and I disabled logging on all WFP events as suggested here: How to disable Windows 10 system log. But the problem persists.

arandy
  • 11
  • 3
  • 2
    Hi, and welcome to SuperUser. Unfortunately we are not super beings here. Although we can definitely help you with how to minimalise logs, we cannot see what logs are formed, by which programs and where they are stored. It would definitely help if you edit your question and tell us which log files you see being written to. Can you post the filenames and their locations of the logfiles you see being written? – LPChip Jul 07 '20 at 08:41
  • @LPChip There are too many, but they are all windows log. And I need no windows log. Never used them for anything in years. Is there a way to disable windows system logging completely. Instead of micromanaging event by event? – arandy Jul 07 '20 at 08:46
  • 20GB a day is really very very little. I manage around 1TB/day on many of the SSDs here. Some of them are 5 or 6 years old - they last a whole lot longer than people imagine, so long as you don't over-fill them. – Tetsujin Jul 07 '20 at 08:49
  • 2
    Also, if you don't feel like posting the logs, don't expect an answer. Just because it are windows logs does not mean its easy to help you. A log that fills up quickly means there is an underlying problem. The log tells us where to look, so we can translate it into which problem needs to be fixed. Also, look into the eventlog to get an overview of the most common logs. For example, a dying harddisk would give lots of log entries. – LPChip Jul 07 '20 at 08:59
  • 4
    @LPChip Look, I may be new here, but I think what I asked was very clear. I don't have a logged problem to fix. I want all logging turned off. Common sense dictates that there shoud be a way. A master switch of sort. But if there isn't just say so. It seems stupid, but I'll live with it. – arandy Jul 07 '20 at 09:06
  • OP wants to simply disable (some more) logging, if you don't know where to point him at, ask nicely for more information. – GChuf Jul 07 '20 at 09:14
  • @arandy my bad. I misunderstood you. Please forgive me. – LPChip Jul 07 '20 at 09:22

1 Answers1

1

I've just posted this answer to the question you linked, and I'll post it here as well. I guess this would fall under "micromanaging every event", after you've disabled what you could.

If you want to disable specific event logging, go to Event Viewer and right-click on an event log you want to get rid of. Click Event Properties.

A new window should open - click XML view, where you'll be able to see the event's GUID. We'll try to find the event logging service in the registry based on this GUID. Not all events have this GUID, and we won't be able to find every GUID in the registry.

Event properties

After we have our GUID, we navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System in regedit, and we search for our GUID inside curved brackets.

If we find it, we can then proceed to change the Enabled and EnabledProperty keys:

"Enabled"=dword:0
"EnableProperty"=dword:0

Registry editing

P.S. Not sure what would happen if you were to play with eventvwr.exe and eventvwr.msc inside C:\WINDOWS\system32 (permissions, deleting those files, ...)

GChuf
  • 1,151
  • 9
  • 21