Share this article

Improve this guide

Event ID 4688: What Is It & How to Enable It

Check out the overview of the Event ID 4688

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Many processes on the Windows PC. Some can’t be trusted, while some are marked as trusted by the Security Identifier. Event ID 4688 is a process creation command written in Windows viewer as Event ID 4688.

Alternatively, you can check onFix: Event ID 4648 A Logon Was Attempted Using Credentials.

What is event ID 4688?

What is event ID 4688?

On a Windows computer, an event process is simply a running program. TheWindows Event ViewerWindows event logprovides an in-depth record of events concerning the system, security, and application stored on the windows operating system.

Many processes will be started as part of the operation on a standard workstation or server throughout a working day. Consequently, malware frequently starts one or more processes as part of its operation.

However, Event ID 4688 can log these malicious activities with process creation events. If their malware activities appear in log files, they can be detected and tracked using thread haunting.

So, it starts a new process that contains information such as time, process name, parent process, source, level, computer, etc.

How do I enable the event ID 4688?

How do I enable the event ID 4688?

1. Via the Group policy

Event viewer on Windows will record all process creation logs on Windows. Furthermore, you can read more onEvent viewer on Windows.

2. Enabling Event ID 4688 with local policy

Event ID 4688 is an advance window policy. Enabling the event process creation with the windows event viewer makes it more accessible.

Also, users can protect themselves from malware with our guide on how todownload Microsoft’s Malicious Software Removal Tool.

Let us know how the procedure went for you in the comments area below.

More about the topics:event log viewers

Henderson Jayden Harper

Windows Software Expert

Passionate about technology, Crypto, software, Windows, and everything computer-related, he spends most of his time developing new skills and learning more about the tech world.

He also enjoys gaming, writing, walking his dog, and reading and learning about new cultures. He also enjoys spending private time connecting with nature.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Henderson Jayden Harper

Windows Software Expert

Passionate about technology, Crypto, software, Windows, and everything computer-related, he spends most of his time developing new skills.