Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Windows 8: Event Log Viewer
This section provides a tutorial example on how to review all event log entries with the Event Viewer on a Windows 8 system.
As part of the security review, you should also review Windows 8 system event log file. Investigate any log entries that are strange to you.
1. Go to "Control Panel\System and Security\Administrative Tools".
2. Double click on "Event Viewer". You see the "Event Viewer" screen shows up.
3. Click on the "Windows Logs" folder and the "Application" on the left side. You see a list of all events in the Application group.
4. Click on a log entry to review its detail information. For example, the "User Profile Service" event happened on 12/27/2013 has the following details:
Level: Warning Time: 12/27/2013 12:56:33 AM Source: User Profile Service Windows detected your registry file is still in use by other applications or services. The file be unloaded now. The applications or services that hold your registry file may not function properly afterward. DETAIL: 15 user registry handles leaked from \Registry\5-1-5-21-... Process 960 (\Device\Harddisk\Volume5\Windows\System32\svchost.exe) has opened key \REGISTRY\5-1-5-21-... ...
Searching Internet, I see a Microsoft article at http://support.microsoft.com/kb/947238 on this warning and it says this behavior is by design. I don't believe it.
5. Continue to review other event log entries in "Application", "Security", "Setup", and "System" groups to see if there are security related issues.
The picture below shows you the list of Windows 8 event log entries:
Table of Contents
About This Windows Security Book
►Windows 8: System Security Review
Windows 8: System Version Information
Windows 8: Create Restore Point
Windows 8: Uninstall Unwanted Programs
Windows 8: Disable System Services
Windows 8: Remove Startup Programs
Windows 8: Review Running Processes
Windows 8: Disk Folders and Files
Windows 8: Review Personal Downloads Folders
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal