This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
4688 is normally logged in event Viewer when a new process is created. This is the number one event to be monitored on all systems in the domain.
It is enabled by setting the Audit: Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Detailed Tracking > Audit Process Creation.
It looks like the Events 4688 stopped after installing Windows 11 build 22H2, not sure yet.
Anyone else experienced this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 63%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Yes, same issue after upgrading windows event id 4688 stopped.
Did you get any solution for this ? I tried with audit disable and enable but no luck
Yes, same issue after upgrading windows event id 4688 stopped.
Did you get any solution for this ? I tried with audit disable and enable but no luck
KB5020044 Fixes Process Creation Audit Logging (Event ID 4688/1108 Issue
The 1108 events should stop after updating to 22621.900. The 4688 (Process creation event) entries appear correctly now.
From November 29, 2022—KB5020044 (OS Build 22621.900) Preview:
Improvements
"It addresses an issue that affects process creation. It fails to create security audits for it and other related audit events."
Uninstalled update 22H2 and event 4688 was logged again. So, definitely due to the update!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 34%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
I can back this up. Some other sources if devs want to check it out:
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10954
Several feedback hub reports found with keyword "4688"
With Feedback Hub App the problem reported to Microsoft....
