Threat Intel: Attack Vector: Disable Windows Event Logging


Adversaries may disable Windows event logging to limit the data available for detection and auditing purposes. Windows event logs capture user and system activities, including login attempts, process creation, and other critical events, which are essential for security tools and analysts to create effective detection mechanisms.

This script is designed to inspect various potential attack vectors that adversaries could employ to disable Windows Event Logging.


This script is designed to assess potential security vulnerabilities. If any of the tests fail, it may indicate a security risk. Review the script's output to identify and rectify any issues, and conduct an investigation into the source responsible for altering the affected parameter. Additional information may be required to address these concerns.

More information:

MITRE Attack:

MITRE Attack ID: T1562.002
Mitre CAR ID: CAR-2022-03-001