Lightweight real-time process monitoring tool using Windows Security Event Logs (Event ID 4688)
Silent Process Monitor PRO is a Windows-based security tool designed to monitor and analyze process creation in real time.
Built with VB.NET, it leverages the Windows Security Event Log to capture low-level process activity, making it useful for:
- 🔐 Security monitoring
- 🧪 Malware analysis
- 🛡️ Blue team operations
- 📊 Process behavior tracking
-
🔍 Real-time process monitoring (Event ID 4688)
-
🎯 Multiple monitoring modes:
- Specific process tracking
- Full system monitoring
- Taskbar (Explorer-based) processes
-
🧾 Detailed output:
- Process path
- Command-line arguments
- Parent process
-
📁 Persistent logging (
monitor.log) -
🧠 Smart filtering to reduce noise
- Language: VB.NET
- API:
System.Diagnostics.EventLog - Event Source: Windows Security Log
- Event ID:
4688(Process Creation)
Run the executable as AdministratorThen choose:
[1] Monitor specific process
[2] Monitor all processes
[3] Monitor taskbar processes
[2026-01-01 12:00:00] New Process
Process : C:\Windows\System32\cmd.exe
Command : cmd.exe /c whoami
Parent : explorer.exe
--------------------------------------------------
- Windows OS
- Administrator privileges
- Enabled auditing for process creation
- Run:
secpol.msc - Navigate to:
Security Settings → Advanced Audit Policy → Detailed Tracking - Enable: ✅ Audit Process Creation
- Malware detection & analysis
- Monitoring suspicious command execution
- Incident response / DFIR
- Learning Windows internals
- GUI version (WinForms / WPF)
- Real-time alerts (suspicious activity)
- Export logs (JSON / CSV)
- Process tree visualization
- Detection rules engine
Contributions, ideas, and improvements are welcome!
Feel free to:
- Fork the repo
- Submit pull requests
- Open issues
MIT License — free to use, modify, and distribute.
Full-stack developer focused on:
- .NET applications
- Cybersecurity
- Malware analysis
- Penetration testing
If you like this project, consider giving it a ⭐ on GitHub!