Re: Audit failures from explorer.exe
From: Jan Bares (jan.bares_at_nospam.nospam)
Date: 03/07/05
- Next message: Shanthi: "Login/Logoff Information"
- Previous message: GeT CerTiFieD: "Anyone interested in getting Microsoft, CISCO or any other IT CertificationzzzZ...???"
- In reply to: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Next in thread: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Reply: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Mar 2005 09:46:42 +0100
Thank Steven,
does Event Comb support to filter out (don't show them) events from specific
process ID? So I can filter out 560 events created by explorer?
The problem is, that events doesn't contain name of executable, only process
ID, so any filtering after explorer was restarted will not help.
Jan
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ONjG5WnIFHA.236@TK2MSFTNGP14.phx.gbl...
> I have noticed the same thing and there is no way to selectively disable
> auditing of explorer.exe. You might find that using Event Comb can help to
> filter security log searches to find more specific information and events.
> Event Comb allows you to search based on text strings and event ID's.
- Next message: Shanthi: "Login/Logoff Information"
- Previous message: GeT CerTiFieD: "Anyone interested in getting Microsoft, CISCO or any other IT CertificationzzzZ...???"
- In reply to: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Next in thread: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Reply: Steven L Umbach: "Re: Audit failures from explorer.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
