Event ID: 4660An object was deleted
An object was deleted. Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Object: Object Server: %5 Handle ID: %6 Process Information: Process ID: %7 Process Name: %8 Transaction ID: %9
It's not recommended to audit the "Kernel Object" subcategory.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /category:"Object Access"
LEFT/RIGHT arrow keys for navigationBack to List