I am pretty sure if guest turned off all his security stuff and followed the directions he will get it. He is a smart cookie.
Is it necessary for it to function? because i won't use it from an admin account , i'm 99% of the time on SUA.
Admin rights are only needed for the creation of the service (see "sc create ..." in the install.bat) After the creation it is running "all the time", no matter in what account your are currently logged in. You don't have to launch the executable directly, the installed service is launching it.
You should see Exit Status: 0x0 for "normal" Process Terminations. If you kill a process with a process manager, you can see 0x1 For crashes of a process you might see 0x000000c5, or other exit status codes. It depends. As long as you can see 0x0, all is fine
Did a list for Exclusion.db: Spoiler Code: *audiodg.exe *services.exe *svchost.exe *winlogon.exe *LogonUI.exe *mobsync.exe *userinit.exe *SearchIndexer.exe *SearchProtocolHost.exe *spoolsv.exe *WmiPrvSE.exe *WUDFHost.exe *HeciServer.exe *IAStorDataMgrSvc.exe *jhi_service.exe *LMS.exe *nvvsvc.exe *nvtray.exe *nvxdsync.exe *RAVCpl64.exe *ramdiskws.exe *SbieSvc.exe *SbieCtrl.exe *DefenderDaemon.exe *Service.exe *ERPSvc.exe *EXERadar.exe *SecureFolders.exe *AppCheck.exe *AppCheckS.exe *AppCheckB.exe *AppGuardAgent.exe *AppGuardGUI.exe *LicQueryApp.exe *vmnat.exe *vmware-authd.exe *vmware-usbarbitrator64.exe *vmware-hostd.exe *vmware-tray.exe *vmnetdhcp.exe *wfcs.exe *wfc.exe *USBSafelyRemove.exe *WiFiGuard.exe *GoogleUpdate.exe *update_notifier.exe *EasyNetMonitor.exe *msoia.exe *IDMan.exe *IEMonitor.exe *IDMGrHlp.exe *PsnLite.exe *PSNGive.exe *XMouseButtonControl.exe *notepad++.exe I mean, they are logged every time I boot and some repeat over and over again. Any pros and cons for excluding them?
@novirusthanks Bugreport - Process Logger Service v1.3: In the logfiles i can see wrongly formatted dates of Process Creations: Code: [Process Creation] 04.03.2017 00:03:08 [Process Termination] 03.04.2017 00:03:14 Process Creations are showing 04.03.2017, but it should be logged with: 03.04.2017
Is there some way to set a cut off point for the log? It might fill up if this service is allowed to run all the time like I want it to do.
This may not be the answer to your question, but it keeps a log for every day and one can set DeleteLogsOlderThanNDays=n in Services>Config.ini One can't limit the size of the daily log.
Each day (00:00:00 - 23:59:59) = one log-file You can expect a file-size of 3mb up to 6mb for each day, it depends. If you plan to archive your logfiles, these files have a good compression ratio of ~1% (900mb of log-files =~ 15mb rar-archive)
The log is from April. It should show "03.04.2017" instead of "04.03.2017" (Process Creations) But Process Terminations are correctly logged: "03.04.2017" It was always showing: "day.month.year" for Process Creations and Process Termination in earlier versions. This has changed with v1.2 and newer versions
Month, day, year is how we do it the USA. To get those dates, it has to be looking at your system clock info, I would think.
@mood We'll fix it in the next hours,the datetime format (for creations and terminations) will be set to month.day.year same as most of the other service-only apps. @Mister X I would exclude processes not like *svchost.exe (that is unsecure as also 123svchost.exe will be excluded) but with the full path, i.e: C:\WINDOWS\System32\svchost.exe Or at least like *\svchost.exe
Now [Process Creations], [Process Terminations], [Service Event] and the filename of the log-file have a common datetime-format