During installation and setup the PRTG routine creates a sub-category in Windows Event Log automatically, yet does not remove this .evtx file during any automatic or manual uninstallation process. And since Event Logs (.evtx files) are automatically run at Windows 11 start up alongside the Event Viewer and have critical system dependencies that have to run for Windows to run, the service cannot be stopped without manual intervention, rebooting, running a compromised startup with a lot of failures, etc. Yet even after doing all of that and manually force deleting the PRTG .evtx file inside the system folder for Event Viewer, it re-creates itself after a reboot. I've included a link to a PNG that demonstrates exactly what I am talking about inside Event Viewer. There is no method to remove this thing that I can find and honestly it is bugging the crap out of me now.
Article Comments
I was aware that the actual logs were created by Windows, but my theory was that it was added to Event Log after I created or edited a sensor in PRTG and there was an option somewhere in one of the tabs to record it all through Event Viewer or WMI so I could view the graphing that way or whatever. I know I didn't create that log myself, but I don't know and cannot remember if I allowed it to be created during initial install and setup or after I made a network sensor manually and started changing the default ones.
As for any remains of PRTG, no I cannot find anything in the filesystem or registry outside of the usual leftover key maybe. In fact I just ran another search of my entire drive and the only result returned for "PRTG" is the log file:
So there aren't even weird shadow copies or Windows 11 Nonsense copies hidden away since I use virtualization and the file virtualization security features. I even went into my WSL2 install and ran a full on find-with-grep for PRTG just to make sure and nope.
Oct, 2022 - Permalink
Hello,
getting completely rid of the event logging is a bit complex:
- Disable the Windows Event Log service, reboot
- Check and remove all references to a PRTG.evtx log in the registry
- Delete the PRTG.evtx log file itself, reboot
- Set the Event Log service back to normal ("automatic")
Nov, 2022 - Permalink
Hello,
the event log is created by Windows. PRTG cannot delete it as the Event Viewer locks those files.
With a full uninstall of PRTG I would however expect that it does not get re-created. Please check the Windows applications, is PRTG still listed anywhere?
Oct, 2022 - Permalink