This security policy setting allows you to generate audit events when an attempt is made to end a process.
Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated when a process ends.
This policy setting may help you understand how the computer is used and to track user activity.

Event volume: Varies, depending on how the computer is used

If this policy setting is configured, the following event is generated. The event appears on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

• 4689: A process has exited.