Alternatively, you can check on Fix: Event ID 4648 A Logon Was Attempted Using Credentials.
What is event ID 4688?
On a Windows computer, an event process is simply a running program. The Windows Event Viewer Windows event log provides an in-depth record of events concerning the system, security, and application stored on the windows operating system. Many processes will be started as part of the operation on a standard workstation or server throughout a working day. Consequently, malware frequently starts one or more processes as part of its operation. However, Event ID 4688 can log these malicious activities with process creation events. If their malware activities appear in log files, they can be detected and tracked using thread haunting. So, it starts a new process that contains information such as time, process name, parent process, source, level, computer, etc.
How do I enable the event ID 4688?
1. Via the Group policy
Event viewer on Windows will record all process creation logs on Windows. Furthermore, you can read more on Event viewer on Windows.
2. Enabling Event ID 4688 with local policy
Event ID 4688 is an advance window policy. Enabling the event process creation with the windows event viewer makes it more accessible. Also, users can protect themselves from malware with our guide on how to download Microsoft’s Malicious Software Removal Tool. Let us know how the procedure went for you in the comments area below.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
