No announcements
Found 50 threads
-
0 VotesWindows 2008 R2: Error 255 - Unable to attach to \device\namepipe
I know Windows 2008 R2 is out of support, but we got a few left and I'm trying to use Sysmon to capture DNS queries. I install sysmon and see error 255: ID: ...Unanswered | 4 Replies | 160 Views | Created by Robert Spinelli - Thursday, June 25, 2020 10:23 PM | Last reply by Robert Spinelli - Friday, June 26, 2020 11:40 AM
-
0 Votes
SysMon DNS Queries Occur from ipconfig
Hello, We are seeing that some processes are logging DNS queries when we believe they should not be. We have validated the logs exist with on the endpoint and we ...Answered | 3 Replies | 250 Views | Created by nicpenning - Wednesday, June 17, 2020 5:24 PM | Last reply by markc(msft) - Wednesday, June 24, 2020 9:29 AM -
0 Votes
Sysmon - problem copy directory between servers
Hello Everyone I have some specific problem. When I try copy catologues between servers with sysmon 11.0, especialy if these catalogs (even if empty) are very branched out, copy ...Unanswered | 1 Replies | 163 Views | Created by noqnick - Monday, June 22, 2020 10:16 AM | Last reply by markc(msft) - Wednesday, June 24, 2020 9:01 AM -
0 Votes
Symon and File Share issues
We have installed sysmon onto several servers and we have found an issue that is very odd. When you connect to a server which has sysmon installed on a file share and you try and edit a text file and ...Unanswered | 1 Replies | 218 Views | Created by JTGadmin - Friday, June 12, 2020 3:58 PM | Last reply by markc(msft) - Friday, June 19, 2020 8:10 AM -
0 Votes
Sysmondrv can be used permanently running on windows servers as a Cyber Attack utility?
I´m using sysmondrv running permanently in the windows servers with the intnetion that help to Security Officer to detect possible attacks but in some cases the tool produce a blue screen. Is ...Unanswered | 1 Replies | 142 Views | Created by wolf ste - Wednesday, June 17, 2020 7:23 PM | Last reply by markc(msft) - Friday, June 19, 2020 8:00 AM -
1 Votes
Sysmon v.11, possible to log File Delete events without Archiving deleted assets
subject says it all, would it be possible to configure Sysmon v.11 to log 'File Delete' Events without Archiving the deleted file assets? -
0 Votes
Feature Request Sysmon- To log registry querying event for non-existent keys
Malwares attempt to detect virtualization/sandbox environment(Mitre ID T1497) by finding the existence of specific registry entries that indicate the existence of ...Unanswered | 1 Replies | 193 Views | Created by Bhabu - Wednesday, June 3, 2020 7:18 PM | Last reply by markc(msft) - Friday, June 5, 2020 10:33 AM -
0 Votes
SysMon DNS Query Results are truncated
Hello, I have found that the DNS Query Results from SysMon could be truncated. See the example below: QueryResults: type: 5 ...Unanswered | 2 Replies | 179 Views | Created by nicpenning - Monday, May 11, 2020 10:40 PM | Last reply by nicpenning - Tuesday, May 12, 2020 2:55 PM -
0 Votes
Sysmon Process Created - Event Log Contains "?" for ParentImage
Hello, I have found that some Process Create events fail to obtain the ParentImage and the event log contains ? for the data. Is there a reason for why this might ...Unanswered | 6 Replies | 313 Views | Created by nicpenning - Friday, March 13, 2020 3:21 AM | Last reply by nicpenning - Monday, May 11, 2020 10:20 PM -
0 Votes
Sysmon 11.0 - Reoccurring BSOD - Minidumps suggest Onedrive
After recently updating Sysmon 10.0.0.2 to 11.0 to a small test group of workstations, I'm having reports of BSOD occurring every 30 minutes to every several hours. After rolling back sysmon, the ...Unanswered | 3 Replies | 267 Views | Created by JazzHands2000 - Thursday, May 7, 2020 9:13 AM | Last reply by markc(msft) - Monday, May 11, 2020 1:03 PM -
0 Votes
Sysmon 22 Dns Query cached query logged
Hi All, I am trying to get dns queries cached or not successfully or failed. Sysmon's new version tells to get this log but I couldn't get cached queries. i ...Unanswered | 1 Replies | 168 Views | Created by can kaya - Saturday, March 28, 2020 1:30 PM | Last reply by markc(msft) - Monday, April 27, 2020 3:22 PM -
0 Votes
Phantom Task running
Hi All In the past I have used task scheduler for some testing but have not used it for a very long time Suddenly the other day one started firing part of the exe ...Unanswered | 4 Replies | 199 Views | Created by Minieggs1999 - Thursday, April 16, 2020 1:37 PM | Last reply by markc(msft) - Monday, April 27, 2020 2:44 PM -
1 Votes
Why do Windows NTP queries use port 123 for both source and destination?
I recently went through a lot of trouble trying to figure out why the time was not updating on my Windows PCs at ...Unanswered | 7 Replies | 178 Views | Created by lukpac - Friday, April 3, 2020 7:13 PM | Last reply by mariora_ - Saturday, April 4, 2020 7:02 PM -
3 Votes
Livekd strange error.
Hello, I have Win 10 x64 Pro with Hyper-V running on it. I have successfully been using the Hyper-V for virtual machines, and all is good. But when I try to use livekd (with ...Proposed | 7 Replies | 1456 Views | Created by BeeBee89 - Tuesday, June 12, 2018 8:04 PM | Last reply by markc(msft) - Wednesday, March 18, 2020 1:11 PM -
0 Votes
Sysmon Process Created - Event Log Contains "%%" instead of "%" in CommandLine
Hello, Me again on some SysMon inquiries! I have noticed that the windows event log data will have two % signs instead of 1 for the ...Unanswered | 2 Replies | 140 Views | Created by nicpenning - Monday, March 16, 2020 5:19 PM | Last reply by nicpenning - Monday, March 16, 2020 9:17 PM -
1 Votes
How to login a user (so that a program runs ) automatically after reboot.
We have a server - running server 2016 OS. We have a user account domain1\user1 - who can login. When they login a program is setup to run ...Unanswered | 5 Replies | 253 Views | Created by goofygdog2 - Monday, March 9, 2020 7:40 PM | Last reply by mariora_ - Tuesday, March 10, 2020 6:29 PM -
0 Votes
jump list spacing
Windows 10 question: I found how to increase the number of files shown on the list of recent files when you right click the task bar for a program that is running (jump ...Unanswered | 1 Replies | 374 Views | Created by JamesGiordano - Sunday, December 22, 2019 7:35 PM | Last reply by mariora_ - Tuesday, December 31, 2019 4:34 PM -
1 Votes
Sysmon 10.X gets W3Clogging with advanced loggning to fail on start if sysmon is running.
After we have upgraded to sysmon 10.X on servers running Windows 2012, 2016 and the advanced loggning enabled in the IIS. The W3CLogging service is not able to start if sysmon is started before the ...Answered | 12 Replies | 834 Views | Created by Lars_G - Wednesday, November 27, 2019 9:40 AM | Last reply by Lars_G - Wednesday, December 11, 2019 8:35 PM -
1 Votes
Non existent process
Hi, When TCPView is ran on a Windows 2012 R2 Domain Controller the results shows: Process : Non-Existent Protocol : UDP PID ...Unanswered | 2 Replies | 357 Views | Created by Rajidass - Tuesday, October 15, 2019 2:51 PM | Last reply by Luigi Bruno - Wednesday, October 16, 2019 7:17 AM -
0 Votes
Application abrupty terminated by Kernelbase.dll
I have application developed with multithreaded code. When I run application with 62 threads after 20 minutes of run application is terminated abruptly. After analyzing data I found below error in ...Unanswered | 1 Replies | 384 Views | Created by Yogesh Bafana - Tuesday, October 8, 2019 6:41 PM | Last reply by mariora_ - Wednesday, October 9, 2019 7:25 AM - Items 1 to 20 of 50 Next ›
No announcements
