Didn'n instaled with -n parameters.

[slavaNBA]

Hello! More like default issue: i try to install sysmon with -i and -n options. Every time when i add -n option - it crashes with win error. Any ideas?

[olafhartong]

Yes this is a known bug, it will be patched in the next version

On Wed, 20 May 2020 at 11:11, slavaNBA notifications@github.com wrote:

Hello! More like default issue: i try to install sysmon with -i and -n options. Every time when i add -n option - it crashes with win error. Any ideas?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/SwiftOnSecurity/sysmon-config/issues/116, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6FXC2KDONO3TRO4PBSMATRSONC5ANCNFSM4NFX5ILA .

--

-- https://olafhartong.nl +31 6 20604042

[slavaNBA]

Yes this is a known bug, it will be patched in the next version On Wed, 20 May 2020 at 11:11, slavaNBA @.***> wrote: Hello! More like default issue: i try to install sysmon with -i and -n options. Every time when i add -n option - it crashes with win error. Any ideas? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#116>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB6FXC2KDONO3TRO4PBSMATRSONC5ANCNFSM4NFX5ILA .

… -- https://olafhartong.nl +31 6 20604042

Thank's for info. But will sysmon still works for network connections (for example as nmap detection activity tool) with this config? Actually i have tried to detect some activity from nmap (Kali linux) using config in the topic with no results. (Using kali on virtual machine)

[jokezone]

@olafhartong according to this tweet about the -n switch no longer working on Sysmon v11, Mark Russinovich confirmed that this is intended behavior. Network monitoring can only be enabled using a configuration file.

[davebremer]

I love how azure support essentially say “huh??” In response.