Event ID: 1100

The event logging service has shut down

The event logging service has shut down

This event generates every time Windows Event Log service has shut down.

It also generates during normal system shutdown. This event doesn’t generate during emergency system reset. If the event was generated due to a normal system shutdown it will be preceded by event ID 1074 in the System log.

This event can be a sign of malicious action if someone shut down the Windows Event Log service to cover their activity.

Auditing: Always

Volume: Low

PCI 3.2.1: 10.2.6

Microsoft Documentation

Event ID - 1100

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Other System Events"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows Vista Windows 2008 Windows 7 Windows 2008 R2 Windows 8 Windows 2012 Windows 8.1 Windows 2012 R2 Windows 10 Windows 2016 Windows 2019 Windows 2022

Tags:

Audit Success PCI-DSS

Audit Category:

System

Audit Subcategory:

Other System Events

LEFT/RIGHT arrow keys for navigation

Back to List