SYSMON Event ID 3 - RDP logon issue : "Initiated" field allways false

Jérémy Beaugeard 1 Reputation point
2021-08-25T13:13:18.193+00:00

Hello,

I have an issue with Sysmon event ID 3. This event is related to network connections. When i logon to my windows client via RDP, sysmon shows this log event :

126336-image.png

As you can see the "Initiated" field is set to false. There is no difference between this event and the RDP connection failure. Should the "Initiated" field not be set to true in this case ?

Note : I use my AD credentials to log myself.

Thanks,

Jeremy

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,102 questions
{count} votes