Site feedback

yizheng-8130 avatar image
1 Vote"
yizheng-8130 suggested yizheng-8130 published

sysmon bug on Win7

I'm using sysmon v12.03 to monitor my system on win7 sp1 x64. I want to get the sysmon event17 Pipe Created and event18 Pipe Connected, and I use my own code to test it. My program will create namedpipe named "\test_pipe" on start,create a new thread to connect the pipe after 5 seconds,then exit,it works like this,
49051-image.png
and my sysmon config like this,
48978-image.png

My program works well, but I found that on win7,sysmon will not log any event of 17 and 18. I do the same thing on win10 and win8.1, sysmon will log the two events.
48996-image.png
49062-image.png
49063-image.png
49014-image.png

And I found this error log on win7,
48987-image.png


Is this a bug? If this, will sysmon fix it in the next version? Thank you very much!


windows-sysinternals-sysmon
image.png (5.8 KiB)
image.png (17.4 KiB)
image.png (84.8 KiB)
image.png (112.6 KiB)
image.png (136.3 KiB)
image.png (102.7 KiB)
image.png (105.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No Solutions

Your Opinion Counts

Share your feedback, or help out by voting for other people's feedback.

Related Feedback