diff --git a/Windows/Defense Evasion/Indicator_Removal_on_Host.md b/Windows/Defense Evasion/Indicator_Removal_on_Host.md
index 5be6bba5..fcc2c881 100644
--- a/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
+++ b/Windows/Defense Evasion/Indicator_Removal_on_Host.md	
@@ -20,6 +20,10 @@ Clear Application logs
 
     wevtutil cl Application
 
+Stop event logs
+
+    Wevtutil.exe sl Security /e:false
+
 ## Fsutil
 
 Manages the update sequence number (USN) change journal, which provides a persistent log of all changes made to files on the volume.