I just attended a seminar where they suggested to watch Windows event #592/4688 "A new process has been created". Is anyone monitoring this? Is there a way to watch for any new processes that have not been seen for x number of days? Some way to create a list of known processes? Any ideas would be great.
looks a function of ECAT