Windows 10: Is there a way to log process creation and termination events only for a specific program?

Is there a way to log process creation and process termination events only for a specific program? I know how to set Detailed Tracking under Audit Policy Configuration in the Group Policy Editor, and there I have selected to audit only process creation 4688 and termination 4689 events. I also know how to filter the events that are already in the Security event log to only show me events for a specific program. But is there a way to only log events for that specific program in the first place, and not log events for any other programs? As it is now, I get tons of events for other programs being logged and I'm not interested in them, and they're taking a lot of space and making debugging more onerous. Thanks.

:)

 

Processes with elevation terminated randomly?


Lately, I've been experiencing a weird and new problem: Programs I run with elevation (i.e. as Administrator) have been randomly terminated. I'm not sure why this is happening. Is this a new Windows 10 security feature?

Examples: I run Process Hacker with elevation to access all its features and allow for services to be stopped, processes to be killed, etc. But Process Hacker is one of the applications that is itself being terminated soow at seemingly random intervals. It will be running, tray icons and all, then suddenly be terminated. I won't know it has been killed until I move the mouse cursor over its tray icons, which disappear as soon as I do.

There are several other examples of programs I always run with elevation. They are all being terminated at the same time, but I'm not doing it. It's pissing me off.

Nothing jumps out at me in the event logs.

Any ideas?

 

Some programs won't start, but processes run in the background and can't be terminated.

I'm having trouble launching some programs (at the moment, they are Grand Theft Auto V, Payday 2, Skyrim, and Google Chrome). When I launch these programs, in some cases, they come with a launcher, which works (This is the case for Grand Theft Auto and
Skyrim), but then when the programs themselves try to launch, Windows pops up the standard "Program has stopped working" box, with the option to terminate or debug with Visual Studio. However, the process associated with the program is still running, according
to task manager, and, when I attempt to terminate the process, it says "Access is denied", and the only way to terminate the processes is to reboot. I can post system specs upon request.

 

Event ID 7036 not showing in Windows Event Log on Win10

It looks like 7036 event is missing from Windows desktop OS (starting from 8).
However you can monitor process termination:

1. Enable Audit Policy to audit process tracking:
   

1. Check for event 4689 in Security Event Log
   

Alternatively you may try this solution.

But in this case, you will get event 4546 not only when the service starts or stops, but whenever something is trying to access it (e.g. when Services applet is open).