Crash: Sysmon v13.00 + sysmonconfig-export.xml #136
Comments
|
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
-->There is a bug in the public version of Sysmon, with a working configuration it’s only logging Event ID 1,4,5,16 and 25.I’ve notified the Sysinternals team and they are looking into it. From: BBK <[email protected]>Date: Monday, 11 January 2021 at 20:35To: SwiftOnSecurity/sysmon-config <[email protected]>Cc: Subscribed <[email protected]>Subject: [SwiftOnSecurity/sysmon-config] Crash: Sysmon v13.00 + sysmonconfig-export.xml (#136)When running the latest version of sysmon in conjunction with the config file, the program crashes (e.g. "Sysmon.exe -accepteula -i sysmonconfig-export.xml"). However, when installing it without the config file, it seems to run fine (e.g. "Sysmon.exe -accepteula -i").The message I receive is the following.System activity monitor has stopped workingA problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.[Debug] [Close program]If I run Debug, I get a Visual Studio Just-In-Time Debugger window that informs me that "an unhandled win32 exception occurred in Sysmon.exe"Unhandled exception at 0x00007FF7E9BB0D53 in Sysmon.exe: An invalid parameter was passed to a function that considers invalid parameters fatal.I'm afraid I'm not very framiliar with debugging, and I know the above probably isn't very useful, but I hope it helps.—You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I'm having the same issue, but only on windows server 2012 and 2016. I have not tried on 2019. Windows 10 will load the config fine. I have not tried on Win7. sysmon13 does install fine but then loading the config, or installing directly with the config, crashes sysmon. on applying config sysmon does say config is valid. |
|
Issue solved with Sysmon 13.01 |
|
Issues seems to be resolved here. I'm not sure if this is the best place to ask, but I have two questions related to new sysmon versions and this config that I'm hoping someone can answer.
|
|
https://web.archive.org/web/20210729123029/http://download.sysinternals.com/files/sysmon.zip - v13.23 works fine. v13.33 and later crashes on my ws2012r2 |
When running the latest version of sysmon in conjunction with the config file, the program crashes (e.g. "Sysmon.exe -accepteula -i sysmonconfig-export.xml"). However, when installing it without the config file, it seems to run fine (e.g. "Sysmon.exe -accepteula -i").
The message I receive is the following.
If I run Debug, I get a Visual Studio Just-In-Time Debugger window that informs me that "an unhandled win32 exception occurred in Sysmon.exe"
I'm afraid I'm not very framiliar with debugging, and I know the above probably isn't very useful, but I hope it helps.
The text was updated successfully, but these errors were encountered: