[SOLVED] Delete old entries of the event-log with PowerShell or CMD? (Not all of them | With period of time condition)

Issue

Please take a look at these two threads :

how-to-clear-eventlog-with-powershell-or-wevtutil

delete-old-entries-of-the-event-log-with-powershell

Some days ago some body stole my password of wi-fi and connected to it.
After connect he hacked my windows 7 pc through home network.
Something is so strange for me.
After hack he deleted all wi-fi logs for two moths ago.
I never do that because i even did n’t know there is a wi-fi log in my pc.
Check here for wi-fi logs & it’s location
How is that possible because people say you can’t delete event logs in period of time by command.
Just tell me how could he do that?
Does he have GUI access to my pc?
I am so confused because of this action?

Solution

Almost anything is possible if you have administrator rights on a machine

There is no built-in function to delete only certain logs, but one example way to do this is simply export all logs except the ones you want, then replace the original log file with your filtered log. The built-in wevtutil can do this pretty easily:

# filter out events on 2022-05-11
# export to test.evtx
wevtutil epl Application test.evtx "/q:*[System[TimeCreated[@SystemTime<='2022-05-13T23:00:00.000Z' and @SystemTime>='2022-05-10T04:00:00.999Z']]]"

That aside – Windows 7 stopped receiving security patches in January of 2020, so consider upgrading your operating system for the future.

If you think that person could still have access to your computer, then your best action is to is to wipe it and start over. A computer repair service should be able to help you do this and keep your important files.

Answered By – Cpt.Whale

Answer Checked By – David Goodson (BugsFixing Volunteer)

Leave a Reply

Your email address will not be published.