Share via

Sysmon Configuration Entries - DriverName has no effect

Shane King 21 Reputation points
2024-05-01T18:03:50.01+00:00

I am running Sysmon v15.14 and have the following config entries:

<Sysmon schemaversion="4.90">
	<DnsLookup></DnsLookup>
	<DriverName>AudiusSv</DriverName>

	<EventFiltering>

		<RuleGroup name="" groupRelation="or">
			<ProcessCreate onmatch="include" />
		</RuleGroup>

		<RuleGroup name="" groupRelation="or">
			<ProcessTerminate onmatch="include" />
		</RuleGroup>

	</EventFiltering>

</Sysmon>

No matter what I name the service, it has no effect. The service is always named Sysmon64 and the driver is always SysmonDrv.

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,096 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Shane King 21 Reputation points
    2024-05-03T19:03:33.4366667+00:00
    0 comments