#event-id-4111

Windows Event ID 4111 – Microsoft-Windows-Kernel-Process: Process Creation Auditing Event

Event ID 4111 tracks process creation events in Windows when advanced auditing is enabled. This security-focused event provides detailed information about new processes, including parent process details and command line arguments.