[1] Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by technical support scammers to trick the victim into thinking that their computer contains critical errors requiring immediate technical support.

[2] An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.

Windows Server 2003 added the AuthzInstallSecurityEventSource() API calls so that applications could register with the security-event logs, and write security-audit entries.

Event attributes are also much more detailed and show EventID, Level, Task, Opcode, and Keywords properties.

Using XPath as the query language allows viewing logs related only to a certain subsystem or an issue with only a certain component, archiving select events and sending traces on the fly to support technicians.