What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Windows Event Log leftovers after uninstall

Votes:

0

During installation and setup the PRTG routine creates a sub-category in Windows Event Log automatically, yet does not remove this .evtx file during any automatic or manual uninstallation process. And since Event Logs (.evtx files) are automatically run at Windows 11 start up alongside the Event Viewer and have critical system dependencies that have to run for Windows to run, the service cannot be stopped without manual intervention, rebooting, running a compromised startup with a lot of failures, etc. Yet even after doing all of that and manually force deleting the PRTG .evtx file inside the system folder for Event Viewer, it re-creates itself after a reboot. I've included a link to a PNG that demonstrates exactly what I am talking about inside Event Viewer. There is no method to remove this thing that I can find and honestly it is bugging the crap out of me now.

https://imgur.com/a/QaZbaqb

eventviewer pleaseleavemyeventviewer uninstall

Created on Oct 24, 2022 7:36:01 PM

Last change on Oct 26, 2022 6:08:27 AM by Moritz Heller [Paessler Support]



3 Replies

Votes:

0

Hello,

the event log is created by Windows. PRTG cannot delete it as the Event Viewer locks those files.

With a full uninstall of PRTG I would however expect that it does not get re-created. Please check the Windows applications, is PRTG still listed anywhere?

Created on Oct 27, 2022 1:08:19 PM by Arne Seifert [Paessler Support]



Votes:

0

I was aware that the actual logs were created by Windows, but my theory was that it was added to Event Log after I created or edited a sensor in PRTG and there was an option somewhere in one of the tabs to record it all through Event Viewer or WMI so I could view the graphing that way or whatever. I know I didn't create that log myself, but I don't know and cannot remember if I allowed it to be created during initial install and setup or after I made a network sensor manually and started changing the default ones.

As for any remains of PRTG, no I cannot find anything in the filesystem or registry outside of the usual leftover key maybe. In fact I just ran another search of my entire drive and the only result returned for "PRTG" is the log file:

https://imgur.com/a/30HBo1D

So there aren't even weird shadow copies or Windows 11 Nonsense copies hidden away since I use virtualization and the file virtualization security features. I even went into my WSL2 install and ran a full on find-with-grep for PRTG just to make sure and nope.

Created on Oct 27, 2022 6:40:17 PM



Votes:

0

Hello,

getting completely rid of the event logging is a bit complex:

  • Disable the Windows Event Log service, reboot
  • Check and remove all references to a PRTG.evtx log in the registry
  • Delete the PRTG.evtx log file itself, reboot
  • Set the Event Log service back to normal ("automatic")

Created on Nov 9, 2022 10:26:28 AM by Arne Seifert [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.