By monitoring 4688 events from the security event log and filtering on the process file size EventSentry can notify you if a large or small executable was launched. 1. Ensure that 4688 eventshttps://system32.eventsentry.com/security/event/4688 are being logged to the event log. See the link for more information on auditing requirements...
By monitoring 4688 events from the security event log and filtering on the process file size EventSentry can notify you if an unsigned executable a file without a digital signature was launched. 1. Ensure that 4688 eventshttps://system32.eventsentry.com/security/event/4688 are being logged to the event log. See the link for more inform...
