none
[Sysmon] Error message: Registry rule version 4.00 (binary 1.01) is incompatible with Sysmon rule version 4.23 (binary 9.20). Please rebuild your manifest with Sysmon schema 4.23. RRS feed

  • Question

  • Hi,

    We are using Sysmon 10.42 and a config with schema version 4.23. 

    On one host I receive this error message:

    Registry rule version 4.00 (binary 1.01) is incompatible with Sysmon rule version 4.23 (binary 9.20). Please rebuild your manifest with Sysmon schema 4.23.

    followed by

    Failed to initialize the rule engine with data. Exit process - Last error: The data is invalid.

    I've compared hashes of the executable and the config file, and they are equal to the other installations.

    Tuesday, June 2, 2020 10:35 AM

All replies

  • Hi Joe

    could you ping me offline at syssite@microsoft.com and send me a screenshot of the registry Rules value at

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonDrv\Parameters\ ie

    MarkC(MSFT)


    Tuesday, June 2, 2020 2:23 PM
  • Hi Mark,

    I've sent you a screenshot.

    Thanks.

    Thursday, June 4, 2020 9:51 AM