New security capabilities of Event Tracing for Windows
The Event Tracing for Windows has recently received nine improvements to facilitate better cybersecurity threat diagnosis. Specifically, the security-related events now have the Process ID and Process Start Key added to their event schema, which allows for the identification of their causal process. This means that users can use the Windows Event Viewer more effectively for security auditing and diagnostics. The events that have received improvements include, but are not limited to, scheduled task creation/deletion/updates, security audit log clearing, and service installation. By adding the initiating process to the event payload, the likelihood of misunderstanding the cause of each event is significantly reduced. These improvements are already available on all Windows versions. Additional instructions, screenshots, and examples can be found in the link.
The post New security capabilities of Event Tracing for Windows originally appeared on M365 Admin.
Published on:
Learn more
Related posts
Windows Server 2012/R2: Extended Security Updates
If you're still running Windows Server 2012, Windows Server R2 or Windows Embedded Server 2012 R2, you can now purchase up to an additional th...
Audit – New Stream Logs for Microsoft Purview Audit Standard Users
Microsoft Purview users, take note: The platform is expanding its access to cloud security activity events for Microsoft Stream. Previously, o...
Audit – New Microsoft Viva Engage Logs for Microsoft Purview Audit Standard Users
Microsoft Purview is introducing new features to expand cloud security events for Microsoft Viva Engage, previously known as Yammer. As part o...
Windows Server 2012 R2 has reached end of support
As of today, October 10, 2023, Windows Server 2012 R2 has reached the end of its support. This means that the October 2023 security update is ...
Microsoft Purview compliance portal: Audit – New Yammer / Viva Engage Logs for Microsoft Purview Audit Standard Users
Microsoft Purview is making changes to its Audit standard usage policy by enabling access to new cloud security events in Microsoft Viva Engag...
Microsoft Teams: Support joining a live event as an attendee for Teams Rooms on Windows
Microsoft Teams Rooms on Windows has recently added a feature that allows it to join a live event as an attendee. This enables users to watch ...
Windows Office Hours: September 28th, 2023
Windows Office Hours is a live chat-based event hosted by the Tech Community every third Thursday of the month to help IT admins with question...
Windows 365: Citrix HDX Plus for Windows 365 Enterprise
The latest update on Windows 365 offers administrators the ability to incorporate Citrix Cloud with Windows 365, which allows for improved Clo...
MS Ignite Security Highlights
In this episode, join Abbas Kudrati as he covers the latest security news and updates unveiled at the recent Microsoft Ignite event. With exci...