Windows Event Log - Windows 11 Service

This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

This service also exists in Windows 10, 7, 8, Vista and XP.

Startup Type

Default Properties

Default Behavior

The Windows Event Log service is running as NT AUTHORITY\LocalService in a shared process of svchost.exe. Other services might run in the same process. If Windows Event Log fails to start, the error is logged. Windows 11 startup proceeds, but a message box is displayed informing you that the EventLog service has failed to start.

Dependencies

If Windows Event Log is stopped, the Windows Event Collector service fails to start and initialize.

Restore Default Startup Type for Windows Event Log

Automated Restore

1. Select your Windows 11 edition and release, and then click on the Download button below.

2. Save the RestoreWindowsEventLogWindows11.bat file to any folder on a local drive such as SSD or a hard disk.

3. Right-click the downloaded batch file and select Properties.

4. Check the Unblock checkbox and click OK.

5. Right-click the batch file again and select Run as administrator.

6. Restart the computer to save changes.

Note. Make sure that the wevtsvc.dll file exists in the %WinDir%\System32 folder. If this file is missing you can try to restore it from your Windows 11 installation media.