M
monicod
Our customer is asking to monitor the following event ID in Windows 7 but from my search, I can find that some of them are not available in Windows 7 but only in later versions of Windows like W10 or Win2016. Please help check for a suitable link that I can use to justify the wrong requirement. I have seen some as below. Unless I am wrong, please help.
This is not applicable to Windows 7 as per this link (4688(S) A new process has been created. (Windows 10) - Windows security | Microsoft Docs it only is applicable to both later version of OS Windows 10 and Windows Server 2016.
This is also not applicable to Windows 7 as per the this link (5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10) - Windows security | Microsoft Docs) same result applies.
3. Event ID 2004 - Rule has been added (firewall)
4. Event ID 2005 -
Continue reading...
- Event ID 4688 - for Monitoring Process Creation (Services)
This is not applicable to Windows 7 as per this link (4688(S) A new process has been created. (Windows 10) - Windows security | Microsoft Docs it only is applicable to both later version of OS Windows 10 and Windows Server 2016.
- Event ID 5156 - Windows firewall network connection by process (firewall)
This is also not applicable to Windows 7 as per the this link (5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10) - Windows security | Microsoft Docs) same result applies.
3. Event ID 2004 - Rule has been added (firewall)
4. Event ID 2005 -
Continue reading...