EtwRTDefenderApiLogger.etl


  1. Posts : 426
    Windows 10 64-bit Ver 1909, OS build 18363.535
       #1

    EtwRTDefenderApiLogger.etl


    What is this process:

    Windows\System32\LogFiles\WMI\Rtbackup\EtwRTDefenderApiLogger.etl

    I see in resource manager this comes up sometimes and chews away at my HDD for a good 10 minutes. Very annoying as it loves to run while I'm trying to use my PC for other things.

    Can this be disabled?

    I don't even have defender enabled so I have no idea why this runs.
      My Computer


  2. Posts : 426
    Windows 10 64-bit Ver 1909, OS build 18363.535
    Thread Starter
       #2

    Nobody has any idea what this process is?
      My Computer

  3. Superfly's Avatar
    Posts : 3,272
       #3

    rivre said:
    Nobody has any idea what this process is?
    Uhmmm.. no, but WMI is a resource hog

    Windows Defender (like Internet Explorer before), if that is what it represents, is an embedded resource...so it writes to EventLog like all OS API's. Disable it.
      My Computer

  4. TairikuOkami's Avatar
    Posts : 4,138
    Home 2004 x64 10.0.19041.264
       #4

    Start - Run - perfmon - Data Collector Sets - Startup Event Trace Sessions - Check if it is present there.

    If it is, open it (double click) - Trace Sessions - un-check Enabled - OK - restart
    Attached Thumbnails Attached Thumbnails EtwRTDefenderApiLogger.etl-capture_05172019_215207.jpg  
      My Computer


  5. Posts : 426
    Windows 10 64-bit Ver 1909, OS build 18363.535
    Thread Starter
       #5

    Superfly said:
    Uhmmm.. no, but WMI is a resource hog

    Windows Defender (like Internet Explorer before), if that is what it represents, is an embedded resource...so it writes to EventLog like all OS API's. Disable it.

    How can I disable it from writing to event logs? I should have defender disabled as I use Kaspersky, but maybe there'a still a part of defender that's still running?
      My Computer


  6. Posts : 426
    Windows 10 64-bit Ver 1909, OS build 18363.535
    Thread Starter
       #6

    TairikuOkami said:
    Start - Run - perfmon - Data Collector Sets - Startup Event Trace Sessions - Check if it is present there.

    If it is, open it (double click) - Trace Sessions - un-check Enabled - OK - restart
    I checked. I have these two items listed there, and listed as enabled:

    - DefenderAPILogger
    - DefenderAuditLogger

    Are those the two things that are causing EtwRTDefenderApiLogger to go nuts? Is it safe to mark both of those as disabled?
      My Computer



  7. Posts : 426
    Windows 10 64-bit Ver 1909, OS build 18363.535
    Thread Starter
       #7

    I tried disabling those two listed above.

    DefenderAuditLogger allowed me to uncheck the "enabled' checkbox.

    DefenderAPILogger pops up a window saying "When attempting to commit the changes the following system error occurred: Access is Denied".
      My Computer


 

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:11.
Find Us




Windows 10 Forums