We are in a pilot phase of developing Windows 7 for our company and are moving from SRP to AppLocker. During our tests we wish to be able to view AppLocker events to ensure our rules are suitable, however we have a problem that our log file fills up too quickly and not many/if any errors would appear because any dll/exe etc loaded has been logged. We know we can increase the log size and filter however we wish to keep the log file to a decent size. If increasing the size is the best way forward then we will have to go that way Regards

It seems there is no way to do so. As you mentioned, you can change the log size as a workaround. Also, change the setting to "Archive the log when full, do not overwrite events". Besides, check the following two group policies and see if they helps: Local Computer Policy / Computer Configuration / Administrative templates / Windows Components / Event Log Service / Application / Backup log automatically when full Local Computer Policy / Computer Configuration / Administrative templates / Windows Components / Event Log Service / Application / Retain old events Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.