Windows Security Tutorials - Herong's Tutorial Examples - Version 3.00, by Dr. Herong Yang
Windows 8: Event Log Viewer
This section provides a tutorial example on how to review all event log entries with the Event Viewer on a Windows 8 system.
As part of the security review, you should also review Windows 8 system event log file. Investigate any log entries that are strange to you.
1. Go to "Control Panel\System and Security\Administrative Tools".
2. Double click on "Event Viewer". You see the "Event Viewer" screen shows up.
3. Click on the "Windows Logs" folder and the "Application" on the left side. You see a list of all events in the Application group.
4. Click on a log entry to review its detail information. For example, the "User Profile Service" event happened on 12/27/2013 has the following details:
Level: Warning Time: 12/27/2013 12:56:33 AM Source: User Profile Service Windows detected your registry file is still in use by other applications or services. The file be unloaded now. The applications or services that hold your registry file may not function properly afterward. DETAIL: 15 user registry handles leaked from \Registry\5-1-5-21-... Process 960 (\Device\Harddisk\Volume5\Windows\System32\svchost.exe) has opened key \REGISTRY\5-1-5-21-... ...
Searching Internet, I see a Microsoft article at http://support.microsoft.com/kb/947238 on this warning and it says this behavior is by design. I don't believe it.
5. Continue to review other event log entries in "Application", "Security", "Setup", and "System" groups to see if there are security related issues.
The picture below shows you the list of Windows 8 event log entries:
Last update: 2013.
Table of Contents