Share via

What the heck is inserting thousands of NUL (^@) characters into my firewall logs?

Steve Breiner 6 Reputation points
2025-04-18T14:12:32.8933333+00:00

When starting a new firewall log or after pruning an existing log, something is inserting hundreds or thousands of NUL characters - all in a single consecutive string - into my enabled firewall logs. Consequently, editors or viewers treats the log as a binary file - sometimes making it difficult to visually scan for specific information. The phenomenon also bloats the file to ridiculously large sizes, then the actual log entries (after deleting the NULs string) may be only a few hundred lines.

Deleting the file, or deleting the NULs themselves from the log file has proven useless, as the logging mechanism eventually adds a new string of NULs, seemingly randomly, at some point in the file - at which point the file becomes a "binary" file instead of text. It's almost as if there is an improperly configured log entry being created by some event - but since the only result is the long string of NULs, there's no way to correct the problem or identify the errant process or logger.

Any thoughts on this? Is there some language coding that I can set the logfile to, in order to assure it will ingore NUL characters? Any log process that might be awry that's causings this? If so, how can I find out which one?

It's not a critical issue, as I can load the file into a binary capable editor for viewing or trimming, but it's quite annoying to have to keep switching editors for no discernable reason, when all I want to do is to scan the file in its entirety, without having to scroll through hundreds or thousands of lines of NULs.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
11,527 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Joseph Tran 75 Reputation points
    2025-05-01T17:40:03.9766667+00:00

    You can try this steps bellow :

    >> Check Your Log File Size Settings

    Open wf.msc > Properties > Logging tab:

    • Verify log file size is reasonable (4 MB or less).
    • Reduce it if it's much larger.

    Uncheck and recheck "Log dropped packets" or "Log successful connections" to reset the subsystem.

    >> Disable Pre-allocation (if possible)

    Windows Firewall itself doesn't expose pre-allocation behavior directly, but you can try:

    • Disable firewall logging (Netsh advfirewall) temporarily.
    • Delete pfirewall.log.
    • Re-enable logging — this forces Windows to recreate the file cleanly by using this script
    netsh advfirewall set currentprofile logging droppedconnections disable 

del %systemroot%\system32\LogFiles\Firewall\pfirewall.log 

netsh advfirewall set currentprofile logging droppedconnections enable

    you can check here for more details : https://woshub.com/configure-windows-firewall-logging/

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.