Site feedback

yizheng-8130 avatar image
1 Vote"
yizheng-8130 suggested yizheng-8130 published

sysmon bug on Win7

I'm using sysmon v12.03 to monitor my system on win7 sp1 x64. I want to get the sysmon event17 Pipe Created and event18 Pipe Connected, and I use my own code to test it. My program will create namedpipe named "\test_pipe" on start,create a new thread to connect the pipe after 5 seconds,then exit,it works like this,
and my sysmon config like this,

My program works well, but I found that on win7,sysmon will not log any event of 17 and 18. I do the same thing on win10 and win8.1, sysmon will log the two events.

And I found this error log on win7,

Is this a bug? If this, will sysmon fix it in the next version? Thank you very much!

image.png (5.8 KiB)
image.png (17.4 KiB)
image.png (84.8 KiB)
image.png (112.6 KiB)
image.png (136.3 KiB)
image.png (102.7 KiB)
image.png (105.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No Solutions

Your Opinion Counts

Share your feedback, or help out by voting for other people's feedback.

Related Feedback