Screenshot of event viewer usb event log:
When I right click on other event logs, such as AMSI/Operational, I see the option 'disable/enable' but when I right click on the event log about a usb, boxed in red in the screenshot, I don't see any options to disable or enable the log. Furthermore, I'm curious where exactly - as in windows directory - these logs exist. I know that the .evtx event logs themselves exist in c:\windows\system32\winevt but I also want to learn more in depth where the actual location is for logs like the one boxed in red. My ultimate goal is to disable the event log associated with usb configuration and be able to delete them with cmd commands as well so that they don't reappear in the event viewer. I am aware that there is a delete button when I right click on the log, but it would be great if I can understand where in windows the actual log exists, so I could delete it with a cmd command or script. Any help is appreciated.