Hi,
We identified that when installing Sysmon 13.02 on a clean computer (no previous Sysmon installation) specifying a custom configuration with -i config.xml, the installation crash silently but a crash log is generated in the Application log and Sysmon is not installed:
Faulting application name: sysmon64_13.02.exe, version: 13.0.2.0, time stamp: 0x60590c93
Faulting module name: sysmon64_13.02.exe, version: 13.0.2.0, time stamp: 0x60590c93
Exception code: 0xc0000409
Fault offset: 0x000000000015d68f
Faulting process id: 0x654
Faulting application start time: 0x01d727c08f00bca7
Faulting application path: Z:\sysmon64_13.02.exe
Faulting module path: Z:\sysmon64_13.02.exe
Report Id: c6519b5d-a1fa-4f2a-ae64-06d886bc1695
Faulting package full name:
Faulting package-relative application ID:
Here is the console output:
PS C:\Windows\system32> z:\sysmon64_13.02.exe -i z:\config.xml
System Monitor v13.02 - System activity monitor
Copyright (C) 2014-2021 Mark Russinovich and Thomas Garnier
Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved.
Sysinternals - www.sysinternals.com
We observed this behavior on Windows 2012R2, 2019 and Windows 10 pro.
Installing with -i config.xml -accepteula or without specifying any configuration works well. The issue seems to be related to the EULA popup.
Many thanks in advance for your help.
