The system activity dialogs provides insight into various system activities that can help with:
•Observing application activity
•Troubleshooting
•Reveal suspicious behavior
All information shown in the system activity dialog is also available in EventSentry.
|
The System Activity dialog requires administrative privileges in order to show some activity, whereas the EventSentray utility only runs with user-level privileges. As such, when viewing the System Activity dialog, EventSentray will prompt the user to restart the EventSentray utility with administrative permissions. |
Clicking the Stop/Start button will toggle monitoring and freeze all output; activity will not be captured/cached after clicking on the "Stop" button.
Activity
Shows process (start/stop) and service/driver activity on the local system. Please note that Detailed Tracking for event ids 4688 and 4689 needs to be enabled to show process activity. No other functionality of the system activity dialog requires auditing to be enabled.
Changes
Shows changes to scheduled tasks, services, drivers and files in the %SYSTEMROOT%, including subfolders.
Status
Shows all processes which are currently listening for incoming TCP connections. Output can be sorted by clicking on columns.