I
ItzTheRav
Guest
Is there a way to log process creation and process termination events only for a specific program? I know how to set Detailed Tracking under Audit Policy Configuration in the Group Policy Editor, and there I have selected to audit only process creation (4688) and termination (4689) events. I also know how to filter the events that are already in the Security event log to only show me events for a specific program. But is there a way to only log events for that specific program in the first place, and not log events for any other programs? As it is now, I get tons of events for other programs being logged and I'm not interested in them, and they're taking a lot of space and making debugging more onerous. Thanks.
Continue reading...
Continue reading...