This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi all,
We found Sysmon64 version 11.1 terminated unexpectedly on windows 2016 Server many times.
Here the log:
{
"process_id": 948,
"record_number": "3010210549",
"type": "wineventlog",
"mtime": "202110191901",
"day_time": "2021-10-19",
"unix_mtime": 1634641260000,
"thread_id": 7964,
"beat_name": "xxx",
"provider_guid": "{555908d1-a6d7-4695-8e1e-26931d2012f4}",
"event_data_param1": "sysmon64",
"event_data_param2": "1",
"@version": "1",
"host": "xxx",
"beat_version": "6.2.4",
"security_domain": "xx",
"unix_timestamp": 1634641273324,
"event_data_binary": "5300790073006d006f006e00360034000000",
"source_name": "service control manager",
"timestamp": "2021-10-19 19:01:13.324",
"computer_name": "xxx",
"log_id": "16346412763539cacdc2c938af87854a3c3393d23a75740cbd84e5d4eb50737b",
"host_ip": "xxx",
"level": "Error",
"log_name": "system",
"beat_hostname": "xxx",
"message": " The sysmon64 service terminated unexpectedly. It has done this 1 time(s)",
"tags": "xxx",
"event_id": "7034"
}
It's happened 2-3 times per a week. But I really don't know what this error means and how to repair it. Could you give some advices? Thanks.
Did you manage to get it to not crash? The official recommendation in all these cases is to switch to the latest version. Specifically here, since a lot has changed for Sysmon in the past couple of years.