Microsoft"Include command line in process creation events" -- this configuration should be done with caution if any workflow includes a password being entered in the command line. The event logs will stick around a lot longer than what will be cached in the RAM.
I don't see a recommendation to encrypt the event logs if you enable this.
Until this change, Microsoft had not set a recommendation for this audit setting, which allowed customers to enable it on an ad hoc basis when needed and when there is a plan to make use of that additional information. The concern had been exactly as Rick describes, that passwords are incorporated into command lines far too often. AFAIK, Windows includes no built-in feature to encrypt event logs as they are being written. The threat is mitigated somewhat by the restrictive default permissions on the Security event log.
