This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello,
I am running SCOM 2019, and I setup an alert to e-mail me when a certain process is created. The alert is working, however the alert is incomplete. The Event Log shows the path where the executable was created (Ex. New Process Name=C:\Steam\Steam.exe). The e-mail that I get shows "New Process Name=C". How do I get it to show the full path so I can determine if this is a false alert?
Hi,
can you post a couple of screenshots, shwoing your subscription configuration. Are you using HTML enrichment?
Thanks and Regards,
Stoyan
Hello,
This is the alert response for the rule I created. I am monitoring an event that gets logged in the Security log, and I am looking for a specific word in the log. The log entry has a line that says "NewProcessName=C:\Steam\Steam.exe". This is what the e-mail shows: I tried HTML enrichment, and I get the same thing.
Alert: MSSD-Blocked Program Alert-Steam
Source: MyPC
Path: Not Present
Last modified by: System
Last modified time: 3/22/2022 4:43:09 PM Alert description: Event Description: A new process has been created.
Creator Subject:
Security ID: DOMAIN\User
Account Name: User
Account Domain: DOMAIN
Logon ID: 0xbbc6a
Target Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x3330
New Process Name: C
Token Elevation Type: %%1936
Mandatory Label: Mandatory Label\Medium Mandatory Level
Creator Process ID: 0x24c4
Creator Process Name: C
Process Command Line: