Even though I am monitoring services, I am sometimes not being notified when a service is restarted. I did make sure that the service is not excluded.

Article ID: 109
Category: Service Monitoring
Created: 2006-11-01

EventSentry monitors the service status of all services at pre-defined intervals, every 20 seconds by default. If a particular service restarts itself within 20 seconds, then it is possible that EventSentry never sees this status change of the service. You can decrease the monitoring interval to as low as 10 seconds, but shorter intervals are not currently possible.

If it is critical that you know when a service stops and restarts, then you can also track process creation and destruction by monitoring Detailed Tracking events from the security event log. Events of significance usually have event ID 592 and 593.