In Windows, is there a log that records what programs were run/called?
While browsing the internet, viewing a static page with no ads, mouse clicks, keypresses, or miscellaneous plugins/addons/scripts running, I just saw a spontaneous CMD.exe console pop open and then immediately close in a flash, fast enough that I wasn't able to see anything in the window — and with no apparent triggering on my part.
I'm wondering if there is some type of Windows log that shows what programs have been run/called/activated? I'd like to see what was happening behind the scenes when this console window flashed, and hopefully determine it wasn't something rogue.
For reference, I'm running Windows 7 Ultimate x64.
Best Answer
You will not be able to check what ran, but you can prepare for the next time. If you open
secpol.msc
you can go tolocal policies/audit policy
. ActivateSuccess
(and maybe alsoFailure
) onAudit process tracking
and you will get an event log entry in the security event log every time a process starts or ends. Unfortunately you'll see the process that ran but not the command line it was started with.If you activate the auditing, a lot of logs might get generated, so you should adjust the size of the security event log.
You can access the logs with
eventvwr.msc
, Windows protocols, Security.