$XML = @'<ViewerConfig> <QueryConfig> <QueryParams> <UserQuery />

1.     $XML = @'
2. <ViewerConfig>
3.     <QueryConfig>
4.         <QueryParams>
5.             <UserQuery />
6.         </QueryParams>
7.         <QueryNode>
8.             <Name>Process Creation</Name>
9.             <Description>Process Creation and Command-line Auditing Events</Description>
10.             <QueryList>
11.                 <Query Id="0" Path="Security">
12.                     <Select Path="Security">*[System[(EventID=4688)]]</Select>
13.                 </Query>
14.             </QueryList>
15.         </QueryNode>
16.     </QueryConfig>
17. </ViewerConfig>
18. '@
19.     if (-not (Test-Path -Path "$env:ProgramData\Microsoft\Event Viewer\Views"))
20.     {
21.         New-Item -Path "$env:ProgramData\Microsoft\Event Viewer\Views" -ItemType Directory -Force
22.     }
23.     # Saving ProcessCreation.xml in UTF-8 encoding
24.     # Сохраняем ProcessCreation.xml в кодировке UTF-8
25.     Set-Content -Path "$env:ProgramData\Microsoft\Event Viewer\Views\ProcessCreation.xml" -Value (New-Object -TypeName System.Text.UTF8Encoding).GetBytes($XML) -Encoding Byte -Force
26.