Event ID 104 : Log was cleared (System) (System)
Ce que cet Event ID enregistre vraiment sur disque, les champs EventData à lire en premier et sa place dans un workflow de triage DFIR.
- Canal
- System
- Fournisseur
- Windows\System
- Notes de triage
- Service Control Manager's counterpart to Security 1102. Often missed by attackers who only clear Security.