Share via

Log windows services startup

empleat 131 Reputation points
2022-08-30T13:44:28.027+00:00

Hello,

is there a way to log using Process Monitor windows services startup? In Event Viewer this was Event ID 7036, which is now deprecated since Windows 8! But there is also Event ID 4688, which logs started processes, I just don't know how to correlate it to specific service startup. Goal is: I want to monitor which services are starting on my system.

Thank you very much!

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,245 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Taylor 60,326 Reputation points
    2022-08-30T14:17:48.717+00:00

    Windows logs service startups in the System log. If you want to see what services then you really should just go look at the ones that are configured to auto start (or boot). In the event log you can find the start events for each of the services instead.

    If you want to use procmon then enable boot logging in the tool. AFAIK this should still work in current versions of Windows but I don't use it so I cannot say for sure.

    0 comments
  2. empleat 131 Reputation points
    2022-08-30T16:05:28.773+00:00

    Under which Event ID? I don't think it does anymore, I don't see there anything! Yeah I cltr+f by name of a service and it only logs when startup mode is changed, not when it actually starts/stops. Again start/stop events are deprecated since Windows 8 supposedly, and were under Event ID 7036.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.