Hello @mibaup,
I went to the Event Viewer to check why my system shut down and won't turn on for a few minutes after the shut down. Then I noticed that under "Windows Logs" >"Security", I have more than 10,000 "Audit Success" logs. more than 10 per second.
Is this normal?
The Windows installation is clean, using the 20H2 Media Creation Tools from Microsoft website.
Run the command below in a CMD Prompt
to list the total entries for EACH log . . .
Code:
PowerShell Get-EventLog -List ^| Format-Table -AutoSize
Example output . . .
Code:
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>PowerShell Get-EventLog -List ^| Format-Table -AutoSize
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20,480 0 OverwriteAsNeeded 423 Application
512 7 OverwriteOlder 0 CaptureLibLog
20,480 0 OverwriteAsNeeded 0 HardwareEvents
20,480 0 OverwriteAsNeeded 0 Key Management Service
20,480 0 OverwriteAsNeeded 60 Security
20,480 0 OverwriteAsNeeded 277 System
15,360 0 OverwriteAsNeeded 891 Windows PowerShell
You could then run it AGAIN after about 5 minutes to see if there is a VAST difference in the totals. This should hopefully highlight any unusually drastic operations taking place, if ANY.
Just a thought.
The command in PowerShell [ if you prefer ] is . . .
Code:
Get-EventLog -List | Format-Table -AutoSize
I hope this helps.