Is there a way to log process creation and termination events only for a specific program?

  • Thread starter Thread starter ItzTheRav
  • Start date Start date
I

ItzTheRav

Guest
Is there a way to log process creation and process termination events only for a specific program? I know how to set Detailed Tracking under Audit Policy Configuration in the Group Policy Editor, and there I have selected to audit only process creation (4688) and termination (4689) events. I also know how to filter the events that are already in the Security event log to only show me events for a specific program. But is there a way to only log events for that specific program in the first place, and not log events for any other programs? As it is now, I get tons of events for other programs being logged and I'm not interested in them, and they're taking a lot of space and making debugging more onerous. Thanks.

Continue reading...
 
You must log in or register to reply here.

Similar threads

I
Logon Event (Event ID 4648). Events only log during a successful remote desktop in to the computer.
Replies
0
Views
4
ItsChefMatt
I
H
why are there very many rapidly occurring events in event log?
Replies
0
Views
10
hub-bubba
H
T
HP Pavilion PC is stuck in a loop of attempting auto-repair, failing, and restarting, with no way of using 'advanced (troubleshooting) options' due to
Replies
0
Views
3
Thing Y
T
H
why are there very many rapidly occurring events in event log?
Replies
0
Views
6
hub-bubba
H
M
Windows 10 Nothing running and System process is at 8-10%
Replies
0
Views
3
marcusob1
M
Back
Top