Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it possible to prevent JRT from clearing Event Logs?


  • Please log in to reply
12 replies to this topic

#1 newkansan

newkansan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 16 December 2013 - 10:44 AM

Is it possible to prevent JRT from clearing the event logs?

 

What is the reason behind this feature?  Event Logs are often crucial for diagnosing Windows issues.  I'm not aware of any reason that the event logs should be cleared to help with junkware removal.  Please help me understand the reason for this feature, and if possible, provide away to disable it.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 16 December 2013 - 03:26 PM

JRT's disclaimer clearly states: "This software is provided "as is" without warranty of any kind. You may use this software at your own risk."

However, you can ask a question (leave a comment/suggestion) on Thisisu's JRT Blog.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 newkansan

newkansan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 16 December 2013 - 05:51 PM

Understood.  I'm aware of the "as is" limitation, but that doesn't mean I can't ask if there's an undocumented way to disable it.  I know the developer frequents these forums, and I wasn't aware of his blog, so thanks for pointing me there.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 16 December 2013 - 07:24 PM

You're welcome.

BTW, the developer is a member of the BC Malware Response Team and yes he does sometimes reply to JRT related topics.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 newkansan

newkansan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 17 December 2013 - 12:03 PM

Well, there's only 10 comments there and the most recent published comment on his blog is from December 2012.  I posted yesterday, but do not see my post there.  I don't know if he disabled or hid blog posts, but I'm not convinced he got my question.  Hopefully he comes across this post here.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 17 December 2013 - 01:05 PM

I posted a note for the developer in a private discussion thread with a link to this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 18 December 2013 - 04:17 PM

I too am interested to know.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 18 December 2013 - 05:41 PM

thisisu has been offline for a couple weeks so he probably hasn't seen my note yet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 18 December 2013 - 06:27 PM

No problem quietman7, just posted so that it's in "My Content" list. Don't want to miss the answer.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 01 January 2014 - 03:27 PM

thisisu replied today to a user in another topic with a similar question.

...Sorry for the very late response. I would like to continue having the program automatically clear the event viewer logs. I understand your reasoning for wanting to keep the logs there though and I would suggest that you review the event viewer logs and/or back them up prior to running the tool. I hope this answers your question....

Junkware Removal Tool Questions - Post #3
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 01 January 2014 - 06:12 PM

One should be aware that clearing the event logs can be considered as a suspicious activity, depending on the context.

 

For example, you use a corporate laptop. If the corporate IT security team finds out you cleared the event logs, they might think you try to cover up something.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 newkansan

newkansan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 January 2014 - 11:01 AM

Alright, I guess that settles it.  It would be nice to understand the reason why the author insists on clearing the event logs.  It makes no sense--I've never heard ot junkware even touching the event logs.  In fact, event log tampering is usually associated with a hacker wiping his tracks.  Does this tool do something that the author doesn't want users to know about?  Thanks for helping get a response from the author, Mod.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 PM

Posted 07 January 2014 - 11:29 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users