Windows Security Log Event ID 592
Operating Systems Windows Server 2000
Windows XP
Windows Server 2003
CategoryProcess Tracking
Type Success
Corresponding events
in Windows 2008
and Vista
4688  
Discussions on Event ID 592
Monitoring Processes
Process Started question
Monitoring C:\Windows\system32\*.*

592: A new process has been created

On this page

This event allows you to monitor each program as it is executed. Image File Name identify) the executable. Prior to w2k, image file name did not include the path - just the file name itself.

New Process ID: allows you to link this event to other events such as object accesses. To determine when the program ended look for a subsequent event 593 with the same Process ID.

Creator Process ID:identifies the processes that started this process. Look for a preceding event 592 with a New Process ID that matches this Creator Process process ID.

Username and domain identify the user who started the process.

Logon ID can be used to find related object accessand other events that have the same Logon ID including the event 528 and 540 logon events.

  • New Process ID:
  • Image File Name:
  • Creator Process ID:
  • User Name:
  • Domain:
  • Logon ID:

Top 10 Windows Security Events to Monitor

New process has been created:
New Process ID:2167588800
Image File Name:\WINNT\system32\notepad.exe
Creator Process ID:2167187648
User Name:administrator
Domain:ELMW2
Logon ID:(0x0,0x804C2)

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log