diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/models/policy.ts b/x-pack/plugins/endpoint/public/applications/endpoint/models/policy.ts
index 668ddd71da38aa..5269ee72f4039d 100644
--- a/x-pack/plugins/endpoint/public/applications/endpoint/models/policy.ts
+++ b/x-pack/plugins/endpoint/public/applications/endpoint/models/policy.ts
@@ -15,17 +15,13 @@ export const generatePolicy = (): PolicyConfig => {
   return {
     windows: {
       events: {
-        api: true,
-        clr: true,
         dll_and_driver_load: true,
         dns: true,
         file: true,
         network: true,
-        powershell: true,
         process: true,
         registry: true,
         security: true,
-        wmi: true,
       },
       malware: {
         mode: ProtectionModes.prevent,
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/types.ts b/x-pack/plugins/endpoint/public/applications/endpoint/types.ts
index 56730cb792d37b..2942f74b60994b 100644
--- a/x-pack/plugins/endpoint/public/applications/endpoint/types.ts
+++ b/x-pack/plugins/endpoint/public/applications/endpoint/types.ts
@@ -120,17 +120,13 @@ export interface PolicyDetailsState {
 export interface PolicyConfig {
   windows: {
     events: {
-      api: boolean;
-      clr: boolean;
       dll_and_driver_load: boolean;
       dns: boolean;
       file: boolean;
       network: boolean;
-      powershell: boolean;
       process: boolean;
       registry: boolean;
       security: boolean;
-      wmi: boolean;
     };
     malware: MalwareFields;
     logging: {
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/windows.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/windows.tsx
index 2be2f1dab0bf0a..da675dc1e23938 100644
--- a/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/windows.tsx
+++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/windows.tsx
@@ -28,20 +28,6 @@ export const WindowsEvents = React.memo(() => {
     protectionField: keyof UIPolicyConfig['windows']['events'];
   }> = useMemo(
     () => [
-      {
-        name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.api', {
-          defaultMessage: 'API',
-        }),
-        os: OS.windows,
-        protectionField: 'api',
-      },
-      {
-        name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.clr', {
-          defaultMessage: 'CLR',
-        }),
-        os: OS.windows,
-        protectionField: 'clr',
-      },
       {
         name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.dllDriverLoad', {
           defaultMessage: 'DLL and Driver Load',
@@ -70,13 +56,6 @@ export const WindowsEvents = React.memo(() => {
         os: OS.windows,
         protectionField: 'network',
       },
-      {
-        name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.powershell', {
-          defaultMessage: 'Powershell',
-        }),
-        os: OS.windows,
-        protectionField: 'powershell',
-      },
       {
         name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.process', {
           defaultMessage: 'Process',
@@ -98,13 +77,6 @@ export const WindowsEvents = React.memo(() => {
         os: OS.windows,
         protectionField: 'security',
       },
-      {
-        name: i18n.translate('xpack.endpoint.policyDetailsConfig.windows.events.wmi', {
-          defaultMessage: 'WMI',
-        }),
-        os: OS.windows,
-        protectionField: 'wmi',
-      },
     ],
     []
   );