Greetings Everyone,
I've been trying to determine, via the Event Viewer in Windows 10, if a program was intentionally force quit through the taskmanager rather than a software error.
When I replicate the sequence, I'm unable to directly see an instance of taskmanager.
However, when repeating the sequence I do see, under security, an event that appears during force quit that matches an event at the time of the original incident.
Is anyone able to read the events below and tell me if the data indicate a force quit rather than a program error? I'm including the original instance, then my replicated sequence.
For instance, I know that S-1-5-18 is a special account used by the operating system.
Or do these security events only indicate that a program terminated, and for all intents and purposes would also occur if an error closed the program, not an intentional force quit?
Thank you for any insight,
R
I've been trying to determine, via the Event Viewer in Windows 10, if a program was intentionally force quit through the taskmanager rather than a software error.
When I replicate the sequence, I'm unable to directly see an instance of taskmanager.
However, when repeating the sequence I do see, under security, an event that appears during force quit that matches an event at the time of the original incident.
Is anyone able to read the events below and tell me if the data indicate a force quit rather than a program error? I'm including the original instance, then my replicated sequence.
For instance, I know that S-1-5-18 is a special account used by the operating system.
Or do these security events only indicate that a program terminated, and for all intents and purposes would also occur if an error closed the program, not an intentional force quit?
Thank you for any insight,
R
Facebook
Twitter
Instagram