Forum Discussion

PeterJoInobits's avatar
PeterJoInobits
Brass Contributor
Apr 25, 2022

Missing information in Event ID 4688

Hi All

 

I have a situation at a customer where they have the Splunk agent installed on a Server 2016 Domain controller. They have enabled some advanced auditing and when retrieving Event ID 4688 which is the event that records process creation the event details are being truncated. The process name, creater path and command line are missing. 

 

It appears that the Splunk agent is using a deprecated API. Has anyone seen this issue and knows of a resolution/fix.. 

 

 

  • 790927245's avatar
    790927245
    Copper Contributor
    win11 更新22H2后出现这个问题,回退21H2后问题解决

Resources