
ah yes... forgot to post the Answer here.
These Policies solved the Problem - which is basically the same as you did via Registry.
Thanks!
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I'm using newest version of sysmon with config i get from https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml
I have a problem with Event 22 DNS query. It doesn`t generate the events with the domains I am accessing. Tried from edge, chrome, I dont get Event 22 for them in Event Viewer (Sysmon/Operational).
With command or using Firefox it works, I can see Event 22 in Event Viewer, but from browser Edge/Chrome processes it won't work.
Event ID 22 with QueryName:wpad is unique with Image from Chrome.
I tried everything (I think) :
Did anyone encounter this issue? What else can I do in order to work ? Every help/suggestion is appreciated.
Thank you
ah yes... forgot to post the Answer here.
These Policies solved the Problem - which is basically the same as you did via Registry.
Thanks!
Hi @THAN VAN TRONG ,
According to sysmonconfig-export.xml:
Chrome and Firefox prefetch DNS lookups, or use alternate DNS lookup methods Sysmon won't capture. You need to turn these off. Search for Group Policy for these browsers to configure this.
So, you may need to turn off network prediction on both Edge and Chrome to generate Event 22. Configure the following 2 policies:
You should be able to have Event 22 after these configurations.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best Regards,
Shijie Li
Hi all,
currently I'm running into the same behaivor. The NetworkPredictionOptions -> 2 policy doesn't fix it for me.
Curriosly i can reproduze this on a newly installed Windows 10 22H2, but on Windows 11 22H2 it is working...
Also it is working in Windows 10 21H2.
any other Ideas?
Thanks,
BR
Sorry for late answer.
I don't know you solved your problem or not.
In my situation, i add value to BuiltInDnsClientEnabled registry to 0.
It worked for me, you can try this.