How to Exclude System Account From Event Log

Question

In some cases, for example, if an Antivirus running under the SYSTEM account generates multiple events and saturates the Windows logs, you might want to exclude the SYSTEM account from being shown in the Windows Event Logs or got monitored at all.

This article answers the question on how to exclude the SYSTEM account from logs.

Answer

You can do that in two ways:

• Set a filter for the SYSTEM account to not show in the event logs. Learn more in Windows Event Viewer — How to Filter Events ⸱ Microsoft 🤝
• Change the audit policy for the SYSTEM account to not get monitored. Learn more in Windows Event Viewer ⸱ Microsoft 🤝