And why, when you look, it’s full of errors.
In an ideal world, you’d never care about Event Viewer.
In an ideal world, software and hardware would always work. In a slightly less ideal world, we’d be able to rely on Event Viewer for clear and consistent information about our system.
Sadly, we do not live in an ideal or even slightly less than ideal world. While Event Viewer can be a source of excellent clues into system failures and behavior, it can also be a frustrating, incomprehensible mess.
And scammers leverage that confusing mess to their advantage.
Become a Patron of Ask Leo! and go ad-free!
Windows Event Viewer
The Windows Event Viewer allows you to view the contents of the event logs maintained by Windows. Event logs contain information about how your system is functioning. Event logs are a mess and are intended only for the very technically aware. Event logs are full of errors and warnings even on a properly functioning machine. Don’t let a scammer tell you otherwise.
What Event Viewer Does
Windows has an “event log”. Intended for software engineers and technicians, it’s a repository of information about how your system is running and what’s been happening.
The implementation is complex, but at the highest level, a log entry includes information like:
- The name of the application or Windows component.
- Whether the entry is informational, a warning, or an error.
- The time of the entry.
- Additional information about the entry.
Event Viewer is the application used to display the contents of the event log.
Running Event Viewer
There are several ways to run Event Viewer.
In Windows 10 and 11, click the Start button and start typing “event viewer”, and one of the results will, not surprisingly, be Event Viewer (as shown at the top of the page). Just click on that.
In all versions of Windows, you can also click on Start and then Run, or type the Windows Key + R, and then type eventvwr and click OK.
Depending on your version of Windows and additional software you have installed, there may be several logs visible.
If you click on the “>” in front of Windows Logs, you’ll find five Windows logs:
- Application: Applications running under Windows are supposed to log their events here, unless they’ve created their own Event Viewer log.
- Security: Windows logs a host of security-related events here.
- Setup: Presumably events logged by Windows (and perhaps other) setup programs.
- System: The operating system logs its events here.
- Forwarded Events: Events forwarded from other computers. (Typically empty on home and small-business installations.)
If you click on one of those five logs, you’ll see a window that includes several lines of logged information.
Each line corresponds to one event logged by the system. If you click on one of the lines, the information contained in that event will be displayed in the pane below.
Looking at the pane containing information about a specific error can sometimes garner useful information.
As one example, Windows Defender logs successful virus definition updates. Normally, you would never need to see it, so burying it in the event log is somewhat reasonable. However, if there’s ever a question, you can come here to see if that’s been happening as it should.
Event log confusion
As you look through individual entries, things quickly get disorganized and confusing.
- There are no real rules for what constitutes an error, warning, or informational event.
- There’s no consistency about the meaning of many of the fields associated with each event.
- Many entries are just numbers, meaningless to the casual observer.
- There are no enforced requirements that a component or application use the event log or how much information it should log if it does.
That’s really just the tip of the iceberg. The important take-away so far is this: there’s no consistency in what gets logged.
Chaos in the data
Unfortunately, less-than-helpful log entries are common. Frequently, entries are completely indecipherable to normal people, and often even to technical folks who aren’t familiar with the component logging the information.
What’s worse, it’s completely normal for the Event Log to contain errors.
I’ll say that again: it’s completely normal for the Event Viewer to show entries that are marked as “Error”, even on a completely healthy, normal system.
I’ll even go so far as to say that an event log without errors just doesn’t happen.
The bottom line is applications — including Windows itself — commonly log inconsistently, log things that are meaningless or misleading, or fail to log things correctly or at all.
As I said, it’s a mess . . . which is why scammers love it.
Scammers leverage confusion
Event Viewer has become a key component of the so-called “tech support scam”.
You get a phone call from someone telling you they’re from some important-sounding company or service you use, and that your computer is causing problems. Then they direct you to Event Viewer. They have you look at an event log and show you it has errors in it.
Because it does.
I said it earlier and I’ll say it again:
On a machine that’s working well, Event Viewer will still be full of errors and warnings.
The scammer knows this. The scammer also knows you don’t know this, and will instead believe that Event Viewer is confirming their claim that you need their help to “fix” your machine.
It’s a scam. Your machine is fine. The event log always has errors in it. Hang up on the scammer.
Is Event Viewer any good at all?
First, remember that the event log is meant for software engineers writing and debugging their software and technicians trying to diagnose what’s going on with your machine when it really does have a problem. For people who know what to look for (and more importantly, what to ignore), it contains valuable data.
Curious? Go ahead and browse around in Event Viewer; it doesn’t hurt to look.
Just don’t jump to conclusions, and don’t panic when you see lots of warnings or errors. Every properly functioning Windows computer will have them.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!