How to determine system shutdown / startup in Event Viewer
Article ID: 292170
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR
Carbon Black App Control
Carbon Black EDR
Issue/Introduction
How to check when a Windows endpoint shutdown and started up
Environment
- Microsoft Windows: All Versions
Resolution
- Click Start > Run > eventvwr > OK.
- Navigate in Event Viewer > left hand pane > Windows Logs > System Logs
- Under Actions, select "Filter Current Log..."
- In the row that says <All Event IDs>, add the following in a comma separated list
- For startup: 6005, 41
- For shutdowns: 6006, 6008, 1074
Feedback
Yes
No
Powered by
