SYSMON is having lock over the DLL file RRS feed

  • Question

  • We are using SYSMON in our environment to capture logs from our systems. I am Antivirus administrator and I found that in few devices antivirus definition in not updating on regular basis so as work around we use to restart the systems to update the same.

    To deep dive the I install process explore and found that SYSMON is having lock over the DLL file which prevent DLL file from auto deleting which results fail of antivirus definition update. for the testing purpose we removed sysmon from one of the machine and tried to run definition update, and post removal of sysmon AV definition update done successful.

    As I told that we are using sysmon to capture logs from the systems I can not remove sysmon Hence Please suggest solution on this issue so that we can meet out both the gole of SYSMON and AV  

    Wednesday, August 26, 2020 5:36 AM

All replies