Windows 10 2004 update ~ Blanks out event logs

StevenacMC 1 Reputation point
2020-09-11T15:32:43.493+00:00

updating to Windows 10 build 2004 clears out event logs in event viewer, resetting all records to "1" for all event log channels. I cannot find archived event logs anywhere, making auditing impossible. Nothing under windows.old either.

Thoughts?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,573 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Molly Lu 596 Reputation points
    2020-09-14T09:48:20.837+00:00

    Hi,

    Welcome to Microsoft Q&A.
    Try following steps to see if it can fix your issue:

    1. Press Windows key + R, Type Services.msc and press ENTER.
    2. Locate Windows Event log in the Services listed.
    3. Verify if the Status is started. If the Status column is blank, Right click on Windows Event log Service and select Start.
    4. Open Windows Event log Service, Select Dependencies. In Dependencies select the Windows Event Collector and click on ok to start the service.
    5. Also check the Dependencies in the Windows Event Collector and start the dependencies Services by clicking OK

    Best regards,
    Molly

    --------------------------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. StevenacMC 1 Reputation point
    2020-09-14T10:13:11.263+00:00

    Thank you for your answer. The Event Log Service is running fine. The OS upgrade has blanked out the event logs, thus why I have opened this request.

  3. warrenw 1 Reputation point Microsoft Employee
    2020-09-18T14:57:35.357+00:00

    Hello @StevenacMC

    Can you check this folder? Windows.old\windows\system32\config for the previous event logs?

    0 comments
  4. C. Fabian 1 Reputation point
    2022-05-25T11:51:01.75+00:00

    This Application and Security, and Setup event logs in my update of Windows 10 to 21H2 last night.

    The event service is running fine, and new log entries were created since the update.

    Can you check this folder? Windows.old\windows\system32\config

    The C:\windows.old folder does not exist on this system.

    This article [ https://learn.microsoft.com/en-us/answers/questions/383487/events-log-are-deleted-by-kb4562830-update.html ] mentions the event log can be cleared by a Feature update.
    Is this the intended behaviour, or an anomaly?
    This is definitely not ideal behaviour from a sysadmin & system security perspective!

    0 comments