![]() Operation – this is the name of the operation that is being logged, and there is an icon that matches up with one of the event types (registry, file, network, process).It’s also a great way to isolate a single process for monitoring, assuming that process doesn’t re-launch itself. This is very useful if you are trying to understand which svchost.exe process generated the event. PID – the process ID of the process that generated the event.This doesn’t show the full path to the file by default, but if you hover over the field you can see exactly which process it was. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |