Bize Ulaşın / Contact Us

How to read Windows Update logs in Windows 10

18 / 08 / 2015 by Windows 10 Yorum yok / No Comments

How to read Windows Update logs in Windows 10

In Windows 10, Windows Update uses Event Tracing for Windows (ETW) to generate logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written.

But old WindowsUpdate.log file is still located under the Windows to inform users about the change. This is what you get when you open it.

Windows Update logs are now generated using ETW (Event Tracing for Windows).
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.
For more information, please visit

As it says the Windows PowerShell cmdlet is available to decode the ETL files and creates a readable log like old ones.

You can use Get-WindowsUpdateLog to decode your ETL files into a readable text log on your desktop.

Windows PowerShell
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
PS C:\Users\oshener> Get-WindowsUpdateLog

Converting C:\WINDOWS\logs\WindowsUpdate into C:\Users\oshener\Desktop\WindowsUpdate.log …

Directory: C:\Users\oshener\AppData\Local\Temp\WindowsUpdateLog

Mode LastWriteTime Length Name
—- ————- —— —-
d—– 18.08.2015 09:18 SymCache



DumpFile: C:\Users\oshener\AppData\Local\Temp\WindowsUpdateLog\wuetl.CSV.tmp.00015

The command completed successfully.

WindowsUpdate.log written to C:\Users\oshener\Desktop\WindowsUpdate.log



I still find the old format more readable.


2015.08.17 09:04:12.8429859 376 9968 Agent * START * Finding updates CallerId = WSAutoUpdate Id = 8
2015.08.17 09:04:12.8429870 376 9968 Agent Online = No; Ignore download priority = No
2015.08.17 09:04:12.8429876 376 9968 Agent Criteria = IsInstalled=0 AND AppCategoryIDs contains ’98bc0b52-5e5c-4097-b58e-e8e859e1829f'””
2015.08.17 09:04:12.8429940 376 9968 Agent ServiceID = {855E8A7C-ECB4-4CA3-B045-1DFA50104289} Third party service
2015.08.17 09:04:12.8429951 376 9968 Agent Search Scope = {Current User}
2015.08.17 09:04:12.8429989 376 9968 Agent Caller SID for Applicability: S-1-5-21-1060284298-1993962763-2146565907-17850
2015.08.17 09:04:13.5278809 376 9968 Agent Added update CD41D70D-EEB1-4A25-B231-60194AF6D5DB.1 to search result
2015.08.17 09:04:13.5278977 376 9968 Agent Found 1 updates and 6 categories in search; evaluated appl. rules of 26 out of 64 deployed entities
2015.08.17 09:04:13.5294059 376 9968 Agent * END * Finding updates CallerId = WSAutoUpdate Id = 8

Event Viewer – Windows Update Client

<Event xmlns=”>
  <Provider Name=”Microsoft-Windows-WindowsUpdateClient Guid=”{945A8954-C147-4ACD-923F-40C45405A658} />
  <TimeCreated SystemTime=”2015-08-17T06:04:15.446504000Z />
  <Correlation />
  <Execution ProcessID=”376 ThreadID=”3232 />
  <Security UserID=”S-1-5-18 />
  <Data Name=”updateGuid>{CD41D70D-EEB1-4A25-B231-60194AF6D5DB}</Data>
  <Data Name=”updateRevisionNumber>1</Data>
  <Data Name=”serviceGuid>{855E8A7C-ECB4-4CA3-B045-1DFA50104289}</Data>


Update & Security in Windows 10


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">


Kontrol / Control * Time limit is exhausted. Please reload CAPTCHA.