Windows Update Agent – Windows 10 – New logging format

ConfigMgr 2012 admins running Windows 10 should be learning a bit about what is going on with the Windows 10 Windows Updates Clients new logging feature, Event Tracing for Windows


This is how you use to read it, with the WindowsUpdate log:


This is how you read it now in Windows 10, from a binary encoded ETL file:


More info on Event Tracing for Windows (ETL):


There’s a PowerShell Applet called Get-WindowsUpdateLog that you can use to get a one-time snapshot of the current activity taking place, or to review historical activity. You can also use a command line tool, to manually decode the ETL file into human readable format using TRACEFMT