Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Miscellaneous Utilities
  New Posts New Posts RSS Feed - Sysmon - Image Load events problem
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Forum LockedSysmon - Image Load events problem

 Post Reply Post Reply
Author
Message
MikeM1981 View Drop Down
Newbie
Newbie


Joined: 18 January 2018
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote MikeM1981 Quote  Post ReplyReply Direct Link To This Post Topic: Sysmon - Image Load events problem
    Posted: 19 January 2018 at 8:11am
Hi did anyone expirenced problems after Sysmon upgrade to v 7.01?
We've noticed that for image load sudenly almost all dlls from C:\Windows started to apear as unsigned. 
It created a lot of events, this event was changed in version 7 so maybe there's a bug?
We've performed rollback to 6.2 version and it looks ok.

Best regards
Mike
Back to Top
Thomas_Powers View Drop Down
Newbie
Newbie
Avatar

Joined: 07 February 2018
Location: Wausau
Status: Offline
Points: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Thomas_Powers Quote  Post ReplyReply Direct Link To This Post Posted: 07 February 2018 at 7:38pm
We saw the same thing.....Event 7 goes nuts and the rest of the Event IDs are either delayed or never show up (especially Event ID 3)

TP
Back to Top
Nemo7891 View Drop Down
Newbie
Newbie
Avatar

Joined: 13 July 2017
Status: Offline
Points: 9
Post Options Post Options   Thanks (0) Thanks(0)   Quote Nemo7891 Quote  Post ReplyReply Direct Link To This Post Posted: 13 February 2018 at 8:40pm
I don't have this problem. Have a number of onmatch=exclude type rules defined using the <Signature condition="contains"> tag and it works as advertised. Running v7.01
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.