I would like to change auditing settings for a process. But, when I am getting the following error.. (even when run from the Administrator account).
What could be the reason and how to solve it.
Asked
Active
Viewed 632 times
1 Answers
1
What could be the reason and how to solve it.
It's an Anti Virus program. They are usually heavily protected even from the Administrator account.
In this case it is run by the SYSTEM account.
avwebg7.exe runs as a background Windows service called 'AntiVirWebService' (Avira Web Protection).
This service runs as the SYSTEM account with extensive privileges on the local computer, and acts as the computer on the network. Avira Web Protection runs as a program that can be started by the Service Controller and that obeys the service control protocol.
Source What is avwebg7.exe?
Is there any way to know, when the process starts or ends?
You can enable "Process Tracking Events" in the Windows Security Event Log.
See my answer How to identify terminated Windows process if I still have its PID? for instructions on how to do this.
DavidPostill
- 162,382