There is some process or application which starts up at random time, days could pass by, till it pops up. It appears only in the taskbar has an icon which looks like a sun and quickly disappears. I suspect it to be something fishy and want to figure out what it could be.
So far I tried increasing the logging level from windows log management, but did not found anything unusual.
Do you have any suggestions how to hunt that thing down?
I'm running on windows 10.
For a quick and easy review you can use ExecutedProgramList . Although it's easy to use, it's are not as detailed as the second option (see below) e.g. it won't give you a complete list of programs that have been executed. Alternatively you could use ProcessMonitor.
If you want to be more thorough you can use Process Tracking Events
If you haven't done so already you need to enable Process Tracking Events in the Windows Security Event Log to start future logging (so you'll have to wait until the pop up comes up the next time).
How to enable Audit Process Creation
Run gpedit.msc
Select "Windows Settings" > "Security Settings" > "Local Policies" > "Audit Policy"
Right click "Audit process tracking" and select "Properties"
Check "Success" and click "OK"
How to use Audit Process Creation
Once the Process Tracking Events are enabled you can use all process creations and deletions (and failed attempts at same) will appear in the Security log.
To view them, run Event Viewer. In the navigation pane expand the "Windows Logs" sub-tree and click "Security". All the security events will be displayed.
Alternatively the following Powershell commands to examine the events:
Process Start:
Get-EventLog Security | Where-Object {$_.EventID -eq 4688} | Format-List
Process Stop:
Get-EventLog Security | Where-Object {$_.EventID -eq 4689} | Format-List
Thanks to DavidPostill you'll find a much more detailed answer here on superuser.
