| Version | Schema | Features | Release |
|---|---|---|---|
| 15.15 | 4.90 | * Fixes a hang that occurs when memory is constrained. * Improves FsFilter performance. * Fixes two rare crashes related to FileBlockShredding and PipeEvent. |
July 23, 2024 |
| 15.0 | 4.90 | * Sysmon service now runs as a Protected Process Light (PPL), hardening it against tampering. * Added FileExecutableDetected (EventID 29) to log creation of new executable (PE) files without blocking. * Fixed a system hang from a network/file-system event interaction. |
June 27, 2023 |
| 14.1 | 4.83 | * Added FileBlockShredding (EventID 28) to detect and block file shredding/wiping by tools such as Sysinternals SDelete. | October 8, 2022 |
| 14.0 | 4.82 | * Added FileBlockExecutable (EventID 27) - the first Sysmon event that blocks an action on rule match, blocking creation of executable (PE) files. | August 2022 |
| 13.01 | 4.50 | * Fixed regression bug where several event types where not logged. | January 13, 2021 |
| 13.0 | 4.50 | * Added support for Process Tampering Detection. | January 11, 2021 |
| 12.03 | 4.40 | * fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules. | November 25, 2020 |
| 12.02 | 4.40 | * This update to Sysmon fixes several configuration parsing bugs. | November 4, 2020 |
| 12.01 | 4.40 | * Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes. | October 16, 2020 |
| 12.0 | 4.40 | * Added support to capture text stored in to the clipboard by a process. | September 17, 2020 |
| 11.11 | 4.4 | * Fixes a bug that prevented USB media from being ejected. * Fixes an issue that could stop network event logging and a resulting memory leak. * Fixes logs file delete events for delete-on-close files. |
July 15, 2020 |
| 11.1 | 4.31 | * For Event ID 15 “Content field was added to save text streams of less than 1k. * The –a commandline option has been removed. The custom archive directory must be set via configuration file. * Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10. * Fix rule parsing issue. |
June 24, 2020 |
| 11.0 | 4.30 | * Control Reverse DNS Lookup. * Log file deletions and story copy of the file. * Bug Fixes. |
April 28, 2020 |
| 10.42 | 4.23 | * Memory leaks in DNS, Networking and Image load events * Bug fixes including filtering, rule group names, NULL process GUIDS and W3LOGSVC interop issue * Increased rule name field length from 32 to 128 characters * Added “excludes any” and “excludes all” filtering conditions. * Performance improvements for ImageLoad module |
December 11, 2019 |