Share via

Event log "Windows Defender/Operational" moved from under Applications and Services Logs/Microsoft/Windows to directly under Applications and Services Logs

MikeW 0 Reputation points
Mar 13, 2025, 4:14 PM

Been doing some work collecting Event logs for Defender and noticed that the Windows Defender event log that normally sits under Applications and Services Logs/Microsoft/Windows has moved to sit directly under Applications and Services Logs

User's image

Windows Defender no longer exists under the Microsoft/Windows folder structure it maps to on all other systems.
In reading, the common theme is 'you can't move this folder' so kind of a surprise to find it sitting here.

Anyone know how to correct this?

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
11,068 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MikeW 0 Reputation points
    Mar 13, 2025, 4:56 PM

    So appears to be some registry moves. How or why this happened I can't speak to but looks like some keys were removed/moved Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC and Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/Operational

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.