Tracking Programs that Come and Go on Your PC
By Leo Notenboom
Windows is constantly starting and stopping programs as part of its normal operations. You can see exactly what programs are being run using a Windows technique called process auditing.
Programs do seem to come and go at times. When you’re diagnosing performance or security issues, understanding what’s coming and going can be important. Sometimes, it can just explain a flashing item in the task bar.
Fortunately, there is a fairly simple way to trace what’s happening.
Auditing
Windows includes several auditing options, which can collect a list of activities over time. You can then view these in the Event Viewer. One of those auditing options is tracking every time that a program starts.
Now, let’s be clear about something: even on a machine that appears to be doing absolutely nothing, Windows and the applications on it may be very busy. In other words, there may be a lot of programs that are more or less constantly coming and going, starting and stopping, and just generally doing whatever it is that they do.
As a result, process tracking with the auditing tools can slow your machine down a lot. You won’t want to have it on all the time.
But it can be a very useful tool to turn on for “a while” just to see what’s happening.
This excerpt appears with permission from Leo Notenboom.
