Author: Nemo7891
Subject: Sysmon PipeEvent
Posted: 13 February 2018 at 8:27pm
Has anyone gotten any of the PipeEvent messages to log with Sysmon? I am getting very spotty results. Tried it with 7.01 on Win7 and it worked up until a reboot and now i can't get it to work despite numerous reboots and re-installs. And that was a "good" outcome. On other systems I can't get it to log any relevant events, neither Pipe Connected nor Pipe Created, even though I expect hundreds if not thousands of events. Tried with v6.10 and wasn't able to generate any either. I am trying with a very basic install options:
sysmon -n -i h * -accepteula
Subject: Sysmon PipeEvent
Posted: 13 February 2018 at 8:27pm
Has anyone gotten any of the PipeEvent messages to log with Sysmon? I am getting very spotty results. Tried it with 7.01 on Win7 and it worked up until a reboot and now i can't get it to work despite numerous reboots and re-installs. And that was a "good" outcome. On other systems I can't get it to log any relevant events, neither Pipe Connected nor Pipe Created, even though I expect hundreds if not thousands of events. Tried with v6.10 and wasn't able to generate any either. I am trying with a very basic install options:
sysmon -n -i h * -accepteula
and my config is totally sparse:
<Sysmon schemaversion="4.00">
<HashAlgorithms>md5,sha1,sha256,imphash</HashAlgorithms>
<EventFiltering>
<PipeEvent onmatch="exclude">
</PipeEvent>
</EventFiltering>
</Sysmon>
Any suggestions?