No announcements
-
0 VotesSysmon v10.1 exclude/include precedence not being honored
Upgraded hosts to Sysmon v10.1 and I'm seeing a case where an exclude rule is being overridden by an include rule although the docs say it should be vice versa. Was working properly with ...Unanswered | 1 Replies | 163 Views | Created by Haam3r - Thursday, June 27, 2019 1:08 PM | Last reply by Haam3r - Thursday, June 27, 2019 2:08 PM
-
0 Votes
On Windows7,blue screen when uninstalling sysmon!
when I try to uninstall the latest sysmon version(dnsquery version) with "sysmon.exe -u", My windows7 machine got blue screen! This appears on many my windows7 testing machines! It ...Unanswered | 5 Replies | 244 Views | Created by Mr.jeffy - Monday, June 17, 2019 12:05 PM | Last reply by Mr.jeffy - Wednesday, June 19, 2019 3:18 AM -
0 Votes
sysmon dnsquery not getting logged on my windows 7 machine
testing the new Sysmon V10 and the dns queries (Event id 22) is not getting logged. Anybody know why ? TKJUnanswered | 2 Replies | 272 Views | Created by tk_j - Wednesday, June 12, 2019 8:08 PM | Last reply by markc(msft) - Monday, June 17, 2019 8:15 AM -
3 Votes
Two dbgview executables, why?
Extracted the sysinternals but it seems there are two dbgview executables. Can someone please explain why. 7zip auto renamed the larger ...Proposed | 6 Replies | 369 Views | Created by MikMikMikMik - Wednesday, May 1, 2019 9:19 AM | Last reply by markc(msft) - Wednesday, June 12, 2019 11:39 AM -
1 Votes
Sysmon - Event filtering with & symbol error
I'm using the very latest Sysmon v9.0. I've tried using & and the filter is not filtering it correctly But, if I use & I'm receieving this ...Unanswered | 2 Replies | 219 Views | Created by StephenS147 - Tuesday, May 28, 2019 9:14 PM | Last reply by StephenS147 - Wednesday, June 12, 2019 11:34 AM -
0 Votes
Zoomit 4.5 pointer size
Hi everyone, I have a problem with Zoomit's pointer size, quite likely caused by me. Due to sight impairment I use this utility daily, thus I may have pressed ...Discussion | 1 Replies | 236 Views | Created by Ereborn - Thursday, May 23, 2019 9:36 AM | Last reply by markc(msft) - Wednesday, June 12, 2019 10:41 AM -
0 Votes
Autologon Encryption ciphers?
We are using Windows 10, 1703. Autologon says the password is encrypted when saved, but I can't find just what this means. I find older discussions about LSA Secrets, but mostly under XP/2K. ...Answered | 1 Replies | 230 Views | Created by Matt Hunt at Omni Air International - Thursday, May 30, 2019 9:41 PM | Last reply by mariora_ - Monday, June 10, 2019 12:32 PM -
0 Votes
handle.exe case sensitivity bug in drive letter
handle.exe C:\Windows\System32\es.dll Nthandle v4.21 - Handle viewer Copyright (C) 1997-2018 Mark Russinovich Sysinternals ...Unanswered | 0 Replies | 203 Views | Created by Dwayne Need [MSFT] - Wednesday, May 29, 2019 3:55 PM -
0 Votes
whois package missing mkpasswd.exe
Hey, I noticed that some distributions bundle the mkpasswd hashing utility within the whois package. This happens, for example, with the Debian whois ... -
0 Votes
Sysmon Service Keeps Crashing
We are running Symon 8.0.4 and there are numerous PCs on our network where the sysmon service stops after a few weeks of running without any problems. When you attempt to start the service APP crash ...Unanswered | 3 Replies | 350 Views | Created by TresMushat - Monday, May 13, 2019 3:00 PM | Last reply by markc(msft) - Tuesday, May 14, 2019 3:17 PM -
3 Votes
decoding deleted messages
I would like to know how to decode deleted messagesUnanswered | 1 Replies | 344 Views | Created by layshaw - Friday, March 1, 2019 6:40 PM | Last reply by André Renato Furtado - Friday, April 26, 2019 3:15 AM -
3 Votes
my RAM use a lot of space without reason!!
Hello. my RAM use a lot of space without reason. i cannot found which one of my programs is using this ...Unanswered | 1 Replies | 278 Views | Created by R98rayan - Friday, April 19, 2019 1:29 AM | Last reply by André Renato Furtado - Friday, April 26, 2019 3:03 AM -
0 Votes
Last night a Procdump saved my life...
So, I have a fun Procdump question. Procdump must have some sort of miraculous qualities about it when it watches process's that crash. Why do i say ... -
0 Votes
procdump fails to write dump file (0x80070057)
Hi, i am trying to configure procdump to run in crash mode. i have noticed that when application crash the dump file did not create and got the error below: Does ...Discussion | 1 Replies | 397 Views | Created by procdump fails to write dump file (0x80070057) - Tuesday, April 16, 2019 1:46 PM | Last reply by markc(msft) - Thursday, April 18, 2019 11:51 AM -
0 Votes
WmiEventConsumer doesn't log ScriptText
$ASEventConsumer = ([wmiclass]"\\.\root\subscription:ActiveScriptEventConsumer").CreateInstance( ) PS C:\WINDOWS\system32> $ASEventConsumer.Name = ...Unanswered | 1 Replies | 239 Views | Created by gportnoy - Friday, April 12, 2019 4:34 PM | Last reply by gportnoy - Wednesday, April 17, 2019 3:33 PM -
0 Votes
Different filtering capabilities in ProcessCreate vs ProcessTerminate
I am trying to filter a few processes based on CommandLine and ParentCommandLine. Noticed a strange behavior where this is supported in the ProcessCreate config blob, but when copy/pasting the same ...Unanswered | 2 Replies | 263 Views | Created by gportnoy - Monday, April 1, 2019 3:24 PM | Last reply by gportnoy - Friday, April 12, 2019 4:14 PM -
0 Votes
Check whether a console process has set SetConsoleCtrlHandler?
Is there a way to check whether a console process has set SetConsoleCtrlHandler? On Linux (similarly on UNIX), /proc/<pid>/status shows e.g. what signals would be blocked, caught, etc. in Sig* ...Unanswered | 1 Replies | 227 Views | Created by yong321 - Monday, April 8, 2019 3:59 PM | Last reply by yong321 - Monday, April 8, 2019 4:17 PM -
0 Votes
SDelete fails to delete files less than 1kb because no cluster has been allocated for it.
Please add support for deleting files less than 1kb. This is not normally an issue but since enabling compression some files are less than 1kb and SDelete can't find them. Error: Could not determine ... -
0 Votes
Sysmon 9.0 configuration issue
sysmon64 -c System Monitor v9.0 - System activity monitor Copyright (C) 2014-2019 Mark Russinovich and Thomas ...Unanswered | 1 Replies | 664 Views | Created by dmorenop - Thursday, March 14, 2019 4:53 PM | Last reply by markc(msft) - Monday, April 1, 2019 9:17 AM -
0 Votes
Rammap - Mapped File Details
Hello. I want to know which programs use most of "active" "mapped file" in RamMap. Thanks !
No announcements
