Check or Attack Name: Process Audit

Process Auditing is not enabled. Process auditing records when processes are started and stopped. Auditing these events typically produces a large number of log entries, and is not normally enabled. These events appear in the Event Viewer Security Log.

Enable Process Tracking auditing.

To enable auditing, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the account from the list.
3. From the Policies menu, select Audit to display the Audit Policy dialog box.
4. Enable Process Tracking auditing on Success and Failure.