There is known issue that ntevl probe does not display events generated by any unregistered publishers.
For example, the following error indicates that the provider is unregistered with the EventLog.
ntevl: getPublisherHandleandStoreinHash:EvtOpenPublisherMetadata failed with error:2
ntevl: (ProcessEvent) OpenPublisherMetadata failed for Publisher: "<unregistered publisher>"
This causes that customer is not able to get alert for the events which are written by some 3rd party vendor or in-house built applications.
Please enhance this feature.