Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Internals
  New Posts New Posts RSS Feed - Sysmon 6.x corrupts event log
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Sysmon 6.x corrupts event log

 Post Reply Post Reply
Author
Message
layne_ok View Drop Down
Newbie
Newbie
Avatar

Joined: 25 September 2014
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote layne_ok Quote  Post ReplyReply Direct Link To This Post Topic: Sysmon 6.x corrupts event log
    Posted: 17 February 2017 at 5:24pm
Sysmon 6.x and previous versions corrupt the event log, if a powershell command line it too long.  

==================================

Hashes: 繷꒰᭳墑
ParentProcessGuid: {162c2000-0009-162c-0900-000000000100}
ParentProcessId: 4718592
ParentImage: igh
ParentCommandLine: MD5=8DEF11DA4455530041FE3905E66C0017,SHA256=


Marvin Green
Back to Top
TenOf11 View Drop Down
Newbie
Newbie


Joined: 18 July 2012
Location: United States
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote TenOf11 Quote  Post ReplyReply Direct Link To This Post Posted: 13 April 2017 at 3:22am
Interesting. Do you know how long the PowerShell command was that corrupted it?
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.