This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
4688 is normally logged in event Viewer when a new process is created. This is the number one event to be monitored on all systems in the domain.
It is enabled by setting the Audit: Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Detailed Tracking > Audit Process Creation.
It looks like the Events 4688 stopped after installing Windows 11 build 22H2, not sure yet.
Anyone else experienced this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 63%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Yes, same issue after upgrading windows event id 4688 stopped.
Did you get any solution for this ? I tried with audit disable and enable but no luck
Yes, same issue after upgrading windows event id 4688 stopped.
Did you get any solution for this ? I tried with audit disable and enable but no luck
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 97%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
KB5020044 Fixes Process Creation Audit Logging (Event ID 4688/1108 Issue
The 1108 events should stop after updating to 22621.900. The 4688 (Process creation event) entries appear correctly now.
From November 29, 2022—KB5020044 (OS Build 22621.900) Preview:
Improvements
"It addresses an issue that affects process creation. It fails to create security audits for it and other related audit events."
releasing-windows-11-build-22621-898-to-the-release-preview-channel
quote: We fixed an issue that affected process creation. It failed to create security audits for it and other related audit events.