Skip to content

Latest commit

 

History

History
18 lines (17 loc) · 5.75 KB

File metadata and controls

18 lines (17 loc) · 5.75 KB

Sysmon Changelog

Version Schema Features Release
15.15 4.90 * Fixes a hang that occurs when memory is constrained.
* Improves FsFilter performance.
* Fixes two rare crashes related to FileBlockShredding and PipeEvent.
July 23, 2024
15.0 4.90 * Sysmon service now runs as a Protected Process Light (PPL), hardening it against tampering.
* Added FileExecutableDetected (EventID 29) to log creation of new executable (PE) files without blocking.
* Fixed a system hang from a network/file-system event interaction.
June 27, 2023
14.1 4.83 * Added FileBlockShredding (EventID 28) to detect and block file shredding/wiping by tools such as Sysinternals SDelete. October 8, 2022
14.0 4.82 * Added FileBlockExecutable (EventID 27) - the first Sysmon event that blocks an action on rule match, blocking creation of executable (PE) files. August 2022
13.01 4.50 * Fixed regression bug where several event types where not logged. January 13, 2021
13.0 4.50 * Added support for Process Tampering Detection. January 11, 2021
12.03 4.40 * fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules. November 25, 2020
12.02 4.40 * This update to Sysmon fixes several configuration parsing bugs. November 4, 2020
12.01 4.40 * Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes. October 16, 2020
12.0 4.40 * Added support to capture text stored in to the clipboard by a process. September 17, 2020
11.11 4.4 * Fixes a bug that prevented USB media from being ejected.
* Fixes an issue that could stop network event logging and a resulting memory leak.
* Fixes logs file delete events for delete-on-close files.
July 15, 2020
11.1 4.31 * For Event ID 15 “Content field was added to save text streams of less than 1k.
* The –a commandline option has been removed. The custom archive directory must be set via configuration file.
* Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10.
* Fix rule parsing issue.
June 24, 2020
11.0 4.30 * Control Reverse DNS Lookup.
* Log file deletions and story copy of the file.
* Bug Fixes.
April 28, 2020
10.42 4.23 * Memory leaks in DNS, Networking and Image load events
* Bug fixes including filtering, rule group names, NULL process GUIDS and W3LOGSVC interop issue
* Increased rule name field length from 32 to 128 characters
* Added “excludes any” and “excludes all” filtering conditions.
* Performance improvements for ImageLoad module
December 11, 2019