Nicole,
Thanks for responding. I am new to LEM and getting to grips with its features. I am curious if it is possible to filter out these events through the appliance policy, like the kb article instructs for Windows noise events in this link? http://knowledgebase.solarwinds.com/kb/questions/2834/__fav This policy wouldbe applied to the appliance, vs the individual node though, so if my suggestion is possible, it is limited in the scope of filtering these events from one specific node.
In my example, the workstation did have a problem with the windows search indexing service, hence the repeated process start/stop events, which did identify the workstation had an issue previously unseen, so there is merit in receiving all events. Also the Group Policy is set to enforce process audit events to the security log, so the logging of these events cannot be turned off at Operating System level for this individual workstation.
-Garreth