The Windows Event Viewer shows a log of application and system messages – errors, information messages, and warnings. Scammers have used the Event Viewer to deceive people – event a properly functioning system will have error messages here.
In one infamous scam, a person claiming to be from Microsoft phones someone up and instructs them to open the Event Viewer. The person is sure to see error messages here, and the scammer will ask for the person’s credit card number to fix them.
As a rule of thumb, you can generally ignore all of the errors and warnings that appear in the Event Viewer – assuming your computer is working properly.
Launching the Event Viewer
To launch the Event Viewer, just type Event Viewer into your Start menu and press Enter. You can also launch the Event Viewer from the Administrative Tools folder.
Events are placed in different categories. For example, the Application log contains a log of application events and the System log contains a log of Windows system events.
You’re sure to see some errors and warnings in the Event Viewer, even if your computer is working fine.
The Event Viewer is designed to help system administrators keep tabs on their computers and troubleshoot problems. If there isn’t a problem with your computer, the errors in here are unlikely to be important. For example, you’ll often see errors that indicate a program crashed at a specific time, which may have been weeks ago.
Even warnings are often unimportant to the average user. If you’re trying to troubleshoot a problem with your server, these warnings may be helpful. If you’re not, they’re not particularly useful.
In theory, other applications are also supposed to log events to these logs. However, many applications don’t offer very useful event information.
Uses for the Event Viewer
At this point, you’re probably wondering why you should care about the Event Viewer. The Event Viewer can actually be helpful if you’re having a problem with your computer – for example, if your computer is blue-screening or randomly rebooting, the Event Viewer may provide more information about the cause. For example, an error event in the System log section may inform you which hardware driver crashed, which can help you pin down a buggy driver or a faulty hardware component. Just look for the error message associated with the time your computer froze or restarted – an error message about a computer freeze will be marked Critical.
You can also look up specific event IDs online – if you’re having a problem, they may help you find more information.
There are other cool uses for the Event Viewer, too. For example, Windows keeps track of your computer’s boot time and logs it to an event, so you can use the Event Viewer to find your PC’s exact boot time. If you’re running a server or other computer that should rarely shut down, you can enable shutdown event tracking – whenever someone shuts down or restarts the computer, they’ll have to provide a reason. You can view each shut down or system restart and its reason in the Event Viewer.
You can also use the Event Viewer in combination with the Task Scheduler – right-click any event and select Attach Task to This Event to associate a task with the event. Whenever the event occurs, you can have Windows automatically perform an action in response.
Also published on Medium.