What's the general memory situation on the computer? Anything special when this happens?
Sysmon 15.12 - high cpu utilization & stops logging certain events
Running sysmon 15.12 with a pretty robust config that's a combination of open source (swiftonsecurity, etc) and my own rules.
I am noticing a peculiar behavior in 15.12 where after running normal/stable for a while, sysmon decides to consume an entire CPU core and stops logging FileCreate and FileExecutableDetected events. Other events at this time are continuing to be logged. Not yet sure if that's the symptom/clue or a red herring, but a restart typically fixes the issue: back to low CPU utilization and the events begin being logged, until something happens and it's back to high CPU + no file-related events.
Anyone experiencing anything similar?
1 answer
Sort by: Most helpful
-
Alex Mihaiuc 176 Reputation points Microsoft Employee
2024-05-14T12:40:32.34+00:00