Sysmon filter for file read RRS feed

  • Question

  • Hi Everybody,

    Do you know if it is possible to check monitor file open/read, in addition to the file create that already exists?  I'd like to be able to watch processes (like chrome.exe) opening sensitive data (in a specific location, or specific file extension).

    It looks like it is possible with procmon, but I'm not seeing a way to do it with sysmon.



    Friday, August 2, 2019 6:31 PM