Windows Application Crashes
Application crashes may warrant investigation to determine if the crash is malicious or benign. Categories of crashes include Blue Screen of Death (BSOD), Windows Error Reporting (WER), Application Crash and Application Hang events. If the organization is actively using the Microsoft Enhanced Mitigation Experience Toolkit (EMET), then EMET logs can also be collected.
Application Crashed Event Source - Application Error - Event Log - Application
Event Source - Application Hang - Event Log - Application
Event Source - Microsoft-Windows-WER-SystemErrorReporting - Event Log - System
Last modified September 14, 2021