Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Windows 7: Event Log Viewer
This section provides a tutorial example on how to review all event log entries with the Event Viewer on a Windows 7 system.
As part of the security review, you should also review Windows 7 system event log file. Investigate any log entries that are strange to you.
1. Go to "Control Panel\System and Security\Administrative Tools".
2. Double click on "Event Viewer". You see the "Event Viewer" screen shows up.
3. Click on the "Windows Logs" folder and the "Application" on the left side. You see a list of all events in the Application group.
4. Click on a log entry to review its detail information. For example, the "gupdate" event happened on 12/14/2013 has the following details:
Level: Information Date: 12/14/2013 Source: gupdate The description for Event ID 0 from source gupdate cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
This event tells me that "gupdate" ran into some trouble while trying check for Google update. The only Google product on my computer is Google Chrome. I can actually disable the "gupdate" service to avoid this issue. I can check Google Chrome updates myself.
5. Continue to review other event log entries in "Application", "Security", "Setup", and "System" groups to see if there are security related issues.
The picture below shows you the list of Windows 7 event log entries:
Table of Contents