Sysmon: RegistryEvent - 14: value rename not getting logged RRS feed

  • Question

  • Hi all,

    When I rename a key, I get the log entry for it.  But when I rename a value... no log entry.  The documentation says:

    Event ID 14: RegistryEvent (Key and Value Rename)

    Registry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.

    Is that documentation obsolete perhaps?  Same result on Win7 or Win10.

    EDIT: Forgot to mention I'm using RegEdit to test this.


    • Edited by Dave Schob Saturday, March 28, 2020 12:59 AM
    Saturday, March 28, 2020 12:55 AM