|
The following events are be logged by this feature with the Process Monitoring event category. |
Event ID |
Event Description |
Example |
10401 |
%2 instance(s) of process "%1" on host %4 are active, but %3 instance(s) is/are required. |
0 instance(s) of process "eventsentry_gui.exe" on host server14 are active, but 1 instance(s) is/are required. |
10402 |
%2 instances of process "%1" is/are currently active on host %3. |
1 instances of process "eventsentry_gui.exe" is/are currently active on host server14. |
10410 |
A new process is listening for incoming TCP connections:
Process Name: %1 (PID=%2) Local TCP Port: %3 Local Address: %4
Note: Connection requests may be blocked if a firewall is active. |
A new process is listening for incoming TCP connections:
Process Name: evilagent.exe (PID=20218) Local TCP Port: 2500 Local Address: 192.168.15.56 [myserver.mydomain.local]
Note: Connection requests may be blocked if a firewall is active.
|
10411 |
A process previously listening for incoming TCP connections is no longer actively listening on this port:
Process Name: %1 (PID=%2) Local TCP Port: %3 Local Address: %4 |
A process previously listening for incoming TCP connections is no longer actively listening on this port:
Process Name: evilagent.exe (PID=20218) Local TCP Port: 2500 Local Address: 192.168.15.56 [myserver.mydomain.local] |
