none
Sysmon Service Keeps Crashing

    Question

  • We are running Symon 8.0.4 and there are numerous PCs on our network where the sysmon service stops after a few weeks of running without any problems. When you attempt to start the service APP crash is generated but the service never starts. An uninstall (-u) of the service and a reinstall fixes the issue. 

    The crash report is below. Has anyone seen this issue before.

    Version=1
    EventType=APPCRASH
    EventTime=132022304515631891
    ReportType=2
    Consent=1
    ReportIdentifier=60b8ebca-7589-11e9-b3a1-88787325f80e
    IntegratorReportIdentifier=60b8ebc9-7589-11e9-b3a1-88787325f80e
    Response.type=4
    Sig[0].Name=Application Name
    Sig[0].Value=sysmon_v804_64.exe
    Sig[1].Name=Application Version
    Sig[1].Value=8.4.0.0
    Sig[2].Name=Application Timestamp
    Sig[2].Value=5c192fa8
    Sig[3].Name=Fault Module Name
    Sig[3].Value=sysmon_v804_64.exe
    Sig[4].Name=Fault Module Version
    Sig[4].Value=8.4.0.0
    Sig[5].Name=Fault Module Timestamp
    Sig[5].Value=5c192fa8
    Sig[6].Name=Exception Code
    Sig[6].Value=c00000fd
    Sig[7].Name=Exception Offset
    Sig[7].Value=0000000000056f29
    DynamicSig[1].Name=OS Version
    DynamicSig[1].Value=6.1.7601.2.1.0.256.48
    DynamicSig[2].Name=Locale ID
    DynamicSig[2].Value=1033
    DynamicSig[22].Name=Additional Information 1
    DynamicSig[22].Value=8096
    DynamicSig[23].Name=Additional Information 2
    DynamicSig[23].Value=8096214484371f2e6be0417f4a011048
    DynamicSig[24].Name=Additional Information 3
    DynamicSig[24].Value=273d
    DynamicSig[25].Name=Additional Information 4
    DynamicSig[25].Value=273dabf1a0ee799b55b6a3913fc703ba
    UI[2]=C:\windows\sysmon_v804_64.exe
    UI[5]=Check online for a solution (recommended)
    UI[6]=Check for a solution later (recommended)
    UI[7]=Close
    UI[8]=System activity monitor stopped working and was closed
    UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
    UI[10]=&Close
    LoadedModule[0]=C:\windows\sysmon_v804_64.exe
    LoadedModule[1]=C:\windows\SYSTEM32\ntdll.dll
    LoadedModule[2]=C:\windows\system32\kernel32.dll
    LoadedModule[3]=C:\windows\system32\KERNELBASE.dll
    LoadedModule[4]=C:\windows\system32\USERENV.dll
    LoadedModule[5]=C:\windows\system32\msvcrt.dll
    LoadedModule[6]=C:\windows\system32\RPCRT4.dll
    LoadedModule[7]=C:\windows\system32\profapi.dll
    LoadedModule[8]=C:\windows\system32\VERSION.dll
    LoadedModule[9]=C:\windows\system32\NETAPI32.dll
    LoadedModule[10]=C:\windows\system32\netutils.dll
    LoadedModule[11]=C:\windows\system32\srvcli.dll
    LoadedModule[12]=C:\windows\system32\wkscli.dll
    LoadedModule[13]=C:\windows\system32\BROWCLI.DLL
    LoadedModule[14]=C:\windows\system32\WS2_32.dll
    LoadedModule[15]=C:\windows\system32\NSI.dll
    LoadedModule[16]=C:\windows\system32\MPR.dll
    LoadedModule[17]=C:\windows\system32\WTSAPI32.dll
    LoadedModule[18]=C:\windows\system32\ole32.dll
    LoadedModule[19]=C:\windows\system32\GDI32.dll
    LoadedModule[20]=C:\windows\system32\USER32.dll
    LoadedModule[21]=C:\windows\system32\LPK.dll
    LoadedModule[22]=C:\windows\system32\USP10.dll
    LoadedModule[23]=C:\windows\system32\COMDLG32.dll
    LoadedModule[24]=C:\windows\system32\SHLWAPI.dll
    LoadedModule[25]=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll
    LoadedModule[26]=C:\windows\system32\ADVAPI32.dll
    LoadedModule[27]=C:\windows\SYSTEM32\sechost.dll
    LoadedModule[28]=C:\windows\system32\SHELL32.dll
    LoadedModule[29]=C:\windows\system32\OLEAUT32.dll
    LoadedModule[30]=C:\windows\system32\CRYPT32.dll
    LoadedModule[31]=C:\windows\system32\MSASN1.dll
    LoadedModule[32]=C:\windows\system32\Secur32.dll
    LoadedModule[33]=C:\windows\system32\SSPICLI.DLL
    LoadedModule[34]=C:\windows\system32\IMM32.DLL
    LoadedModule[35]=C:\windows\system32\MSCTF.dll
    LoadedModule[36]=C:\windows\system32\CRYPTBASE.dll
    LoadedModule[37]=C:\windows\system32\CLBCatQ.DLL
    LoadedModule[38]=C:\windows\system32\wbem\wbemprox.dll
    LoadedModule[39]=C:\windows\system32\wbemcomn2.DLL
    LoadedModule[40]=C:\windows\system32\bcrypt.dll
    LoadedModule[41]=C:\windows\system32\CRYPTSP.dll
    LoadedModule[42]=C:\windows\system32\rsaenh.dll
    LoadedModule[43]=C:\windows\system32\RpcRtRemote.dll
    LoadedModule[44]=C:\windows\system32\wbem\wbemsvc.dll
    LoadedModule[45]=C:\windows\system32\wbem\fastprox.dll
    LoadedModule[46]=C:\windows\system32\NTDSAPI.dll
    FriendlyEventName=Stopped working
    ConsentKey=APPCRASH
    AppName=System activity monitor
    AppPath=C:\windows\sysmon_v804_64.exe

    Monday, May 13, 2019 3:00 PM

All replies