Missing information in Event ID 4688

Brass Contributor

Hi All


I have a situation at a customer where they have the Splunk agent installed on a Server 2016 Domain controller. They have enabled some advanced auditing and when retrieving Event ID 4688 which is the event that records process creation the event details are being truncated. The process name, creater path and command line are missing. 


It appears that the Splunk agent is using a deprecated API. Has anyone seen this issue and knows of a resolution/fix.. 



1 Reply
win11 更新22H2后出现这个问题,回退21H2后问题解决