Question Disabling 'Winsock Network Events' will not stop new events from being logged ?

[The Guy From The Thing]

I don't know what to do; I enabled Winsock Network Events in Event Viewer to see what kind of events it logs, stupidly, and now whenever I Disable it, it continues to log events no matter what I do.

Pretty much every window I click (such as Chrome or Explorer), or even any other event folder in Event Viewer will generate Winsock Network Event logs, upward of 2,000. it makes sense why, considering my movement across the system, but it's frustrating because the log is LITERALLY DISABLED

I've tried reenabling and disabling, I've tried Disabling while being clicked off the event folder, I've cleared the logs constantly, restarted Event Viewer, restarted my PC several times, cleared the Winsock Catalogue with netsh command

My Windows 11 laptop doesn't suffer from this, if I enable and disable it, then it stops logging completely. but no matter what I try on my main Windows 10 system, it just won't stop even if it's set to Disabled.

I genuinely don't know what to do and I really think it's permanently bugged. I don't notice any crazy high CPU, network, or CPU usage from anything when clicking around the PC but I'm worried the events generating will screw something

I have a Samsung 970 EVO ssd, 32gb Corsair ram, b550 mobo, and a 5800x all new from February so it's not like my hardware is bad but I'm still frustrated.

 

[Ralston18]

Look for the Process

Run Task Manager

Do you see any references to Winsock?

= = = =

Run Process Explorer (Microsoft, free).

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Do you see any references to Winsock?

 

[The Guy From The Thing]

Look for the Process

Run Task Manager

Do you see any references to Winsock?

= = = =

Run Process Explorer (Microsoft, free).

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Do you see any references to Winsock?

well I turned my computer back on since I went to sleep and it doesn't seem to be logging anymore and actually does seem "Disabled"


I restarted the PC and still no new events; however, it does show up with the "(!) new events" when I'm viewing the log. even when I click out and click back in, nothing new is there


the log size doesn't get any bigger than the standard 68kb either, but the Modification Date for the log in Event Viewer (Local) keeps saying there's recent activity


idk, this seems better than events actually logging but it's still confusing. Task Manager has no winsock-related events running from what I can see

 

[Ralston18]

My next thought is to look in Task Scheduler.

Are there any "winsock" relevant rules or triggers to be found?

 

[The Guy From The Thing]

My next thought is to look in Task Scheduler.

Are there any "winsock" relevant rules or triggers to be found?

can't see any Task Scheduler folders by the name of "winsock", and none of the Network tasks seem to have winsock-related content in them. going through the Tasks alphabetically, there's nothing that says "Winsock" or anything


my friend's system does this as well; when he enabled and disabled Winsock Network Event, the events continued to log. this morning, they stopped for him as well and after he cleared the log, the "(!) New Events Available" appears even though nothing actually appears


the events don't seem to log anymore but it seems like the activity is still picked up and I guess it tries to log? idk, might be a bug on Windows 10


the reason I didn't want this Winsock Network Event log active is because I believe it's normal for Windows to make, receive, and abort a lot of connections (using Netstat -ano shows you that Windows is contacting to Microsoft centers all over the place), so that activity would constantly create events and random errors in the Winsock log


at least, its my understanding that Winsock Network Event is intended to trace the inner workings of these connections