I'm using sysmon v12.03 to monitor my system on win7 sp1 x64. I want to get the sysmon event17 Pipe Created and event18 Pipe Connected, and I use my own code to test it. My program will create namedpipe named "\test_pipe" on start,create a new thread to connect the pipe after 5 seconds,then exit,it works like this,
and my sysmon config like this,
My program works well, but I found that on win7,sysmon will not log any event of 17 and 18. I do the same thing on win10 and win8.1, sysmon will log the two events.
And I found this error log on win7,
Is this a bug？ If this, will sysmon fix it in the next version? Thank you very much!