A new process has been created
On this page
This event allows you to monitor each program as it is executed. Image File Name identify) the executable. Prior to w2k, image file name did not include the path - just the file name itself.
New Process ID: allows you to link this event to other events such as object accesses. To determine when the program ended look for a subsequent event 593 with the same Process ID.
Creator Process ID:identifies the processes that started this process. Look for a preceding event 592 with a New Process ID that matches this Creator Process process ID.
Username and domain identify the user who started the process.
Logon ID can be used to find related object accessand other events that have the same Logon ID including the event 528 and 540 logon events.
Free Security Log Quick Reference Chart
Top 10 Windows Security Events to Monitor
New process has been created:
New Process ID:2167588800
Image File Name:\WINNT\system32\notepad.exe
Creator Process ID:2167187648
Keep me up-to-date on the Windows Security Log.
*We will NOT share this
Go To Event ID: