search

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing
4.68k stars 1.69k forks source link

Line 239 registry formatting #179

Open kevinelwell opened 1 year ago

kevinelwell commented 1 year ago

Created issue 48

Change line 239 from: <TargetObject condition="is">\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft Print to PDF\PrinterDriverData</TargetObject>

to: <TargetObject condition="is">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft Print to PDF\PrinterDriverData</TargetObject>