@@ -21,103 +21,134 @@ Sysmon sets multiple callbacks on kernel objects in addition to using telemetry
2121
2222When the tool is downloaded from the Microsoft Sysinternals website < https://docs.microsoft.com/en-us/sysinternals/ > it is important to save and identify previous versions since Microsoft does not provide older versions and the release notes do not detail what has been fixed. Microsoft has a fast release cycle, forcing users to test very carefully and to keep track of versions.
2323
24-
2524<table width =" 1280 " >
2625<tbody >
27- <tr >
28- <td width =" 132 " >
26+ <tr style = " height : 46 px ; " >
27+ <td style = " height : 46 px ; " width =" 132 " >
2928<p ><strong >Version</strong ></p >
3029</td >
31- <td width =" 114 " >
30+ <td style = " height : 46 px ; " width =" 114 " >
3231<p ><strong >Schema </strong ></p >
3332</td >
34- <td width =" 522 " >
33+ <td style = " height : 46 px ; " width =" 522 " >
3534<p ><strong >Features</strong ></p >
3635</td >
37- <td width =" 380 " >
38- <p ><strong >Known Issues</strong ></p >
39- </td >
40- <td width =" 132 " >
36+ <td style =" height 46px ;" width =" 132 " >
4137<p ><strong >Release</strong ></p >
4238</td >
4339</tr >
44- <tr >
45- <td width =" 132 " >
40+ <tr style =" height 46px ;" >
41+ <td style =" height 46px ;" width =" 132 " >
42+ <p >13.01</p >
43+ </td >
44+ <td style =" height 46px ;" width =" 114 " >4.50  ; </td >
45+ <td style =" height 46px ;" width =" 522 " >  ; * Fixed regression bug where several event types where not logged.  ; </td >
46+ <td style =" height 46px ;" width =" 132 " >  ; January 13, 2021</td >
47+ </tr >
48+ <tr style =" height 46px ;" >
49+ <td style =" height 46px ;" width =" 132 " >
50+ <p >13.0</p >
51+ </td >
52+ <td style =" height 46px ;" width =" 114 " >  ; 4.50</td >
53+ <td style =" height 46px ;" width =" 522 " >  ; * Added support for Process Tampering Detection.</td >
54+ <td style =" height 46px ;" width =" 132 " >  ; January 11, 2021</td >
55+ </tr >
56+ <tr style =" height 61px ;" >
57+ <td style =" height 61px ;" width =" 132 " >12.03</td >
58+ <td style =" height 61px ;" width =" 114 " >  ; 4.40</td >
59+ <td style =" height 61px ;" width =" 522 " >  ; * fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules.</td >
60+ <td style =" height 61px ;" width =" 132 " >  ; November 25, 2020</td >
61+ </tr >
62+ <tr style =" height 61px ;" >
63+ <td style =" height 61px ;" width =" 132 " >12.02</td >
64+ <td style =" height 61px ;" width =" 114 " >  ; 4.40</td >
65+ <td style =" height 61px ;" width =" 522 " >  ; * This update to Sysmon fixes several configuration parsing bugs.</td >
66+ <td style =" height 61px ;" width =" 132 " >  ; November 4, 2020</td >
67+ </tr >
68+ <tr style =" height 61px ;" >
69+ <td style =" height 61px ;" width =" 132 " >12.01</td >
70+ <td style =" height 61px ;" width =" 114 " >  ; 4.40</td >
71+ <td style =" height 61px ;" width =" 522 " >  ; * Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.</td >
72+ <td style =" height 61px ;" width =" 132 " >  ; October 16, 2020</td >
73+ </tr >
74+ <tr style =" height 192px ;" >
75+ <td style =" height 192px ;" width =" 132 " >
4676<p >12.0</p >
4777</td >
48- <td width =" 114 " >
78+ <td style = " height : 192 px ; " width =" 114 " >
4979<p >4.40</p >
5080</td >
51- <td width =" 522 " >
81+ <td style = " height : 192 px ; " width =" 522 " >
5282<p >* Added support to capture text stored in to the clipboard by a process.</p >
5383</td >
54- <td width =" 380 " >
55- <p >* Kernel memory write that can lead to code execution.</p >
56- <p >* Metadata for driver still references.</p >
57- <p >* Sysmon 11.1 and may affect install scripts.</p >
58- <p >* Problems matching filters for FileDelete.</p >
59- <p >* Blue Screen on some Windows 2016 DCs</p >
60- </td >
61- <td width =" 132 " >
84+ <td style =" height 192px ;" width =" 132 " >
6285<p >September 17, 2020</p >
6386</td >
6487</tr >
65- <tr >
66- <td width =" 132 " >
88+ <tr style =" height 196px ;" >
89+ <td style =" height 196px ;" width =" 132 " >
90+ <p >11.11</p >
91+ </td >
92+ <td style =" height 196px ;" width =" 114 " >
93+ <p >4.4</p >
94+ </td >
95+ <td style =" height 196px ;" width =" 522 " >
96+ <p >* Fixes a bug that prevented USB media from being ejected.</p >
97+ <p >* Fixes an issue that could stop network event logging and a resulting memory leak.</p >
98+ <p >* Fixes logs file delete events for delete-on-close files.</p >
99+ </td >
100+ <td style =" height 196px ;" width =" 132 " >
101+ <p >July 15, 2020</p >
102+ </td >
103+ </tr >
104+ <tr style =" height 196px ;" >
105+ <td style =" height 196px ;" width =" 132 " >
67106<p >11.1</p >
68107</td >
69- <td width =" 114 " >
108+ <td style = " height : 196 px ; " width =" 114 " >
70109<p >4.31</p >
71110</td >
72- <td width =" 522 " >
111+ <td style = " height : 196 px ; " width =" 522 " >
73112<p >* For Event ID 15 &ldquo ; Content field was added to save text streams of less than 1k.</p >
74113<p >* The &ndash ; a commandline option has been removed. The custom archive directory must be set via configuration file.</p >
75114<p >* Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10.</p >
76115<p >* Fix rule parsing issue.</p >
77116</td >
78- <td width =" 380 " >
79- <p >* Kernel memory write that can lead to code execution.</p >
80- <p >* Blue Screen on on Win10 1809  ; </p >
81- </td >
82- <td width =" 132 " >
117+ <td style =" height 196px ;" width =" 132 " >
83118<p >June 24, 2020</p >
84119</td >
85120</tr >
86- <tr >
87- <td width =" 132 " >
121+ <tr style = " height : 110 px ; " >
122+ <td style = " height : 110 px ; " width =" 132 " >
88123<p >11.0</p >
89124</td >
90- <td width =" 114 " >
125+ <td style = " height : 110 px ; " width =" 114 " >
91126<p >4.30</p >
92127</td >
93- <td width =" 522 " >
128+ <td style = " height : 110 px ; " width =" 522 " >
94129<p >* Control Reverse DNS Lookup.</p >
95130<p >* Log file deletions and story copy of the file.</p >
96131<p >* Bug Fixes.</p >
97132</td >
98- <td width =" 380 " >
99- <p >* Does not log Process Creation on Windows 2016.</p >
100- <p >* Kernel memory write that can lead to code execution.</p >
101- </td >
102- <td width =" 132 " >
133+ <td style =" height 110px ;" width =" 132 " >
103134<p >April 28, 2020</p >
104135</td >
105136</tr >
106- <tr >
107- <td width =" 132 " >
137+ <tr style = " height : 78 px ; " >
138+ <td style = " height : 78 px ; " width =" 132 " >
108139<p >10.42</p >
109140</td >
110- <td width =" 114 " >
141+ <td style = " height : 78 px ; " width =" 114 " >
111142<p >4.23</p >
112143</td >
113- <td width =" 522 " >
114- <p >* Fixed multiple memory leaks</ p >
115- <p >* Introduces the "Excludes Any" and "Excludes All" filtering conditions</ p >
116- </ td >
117- <td width = " 380 " >
118- <p >* Issues with parsing some rules in configuration files.</ p >
144+ <td style = " height : 78 px ; " width =" 522 " >
145+ <div >* Memory & nbsp ; & nbsp ; in & nbsp ; DNS, & nbsp ; Networking & nbsp ; and & nbsp ; Image & nbsp ; load & nbsp ; events</ div >
146+ <div >* Bug & nbsp ; fixes & nbsp ; including & nbsp ; , & nbsp ; rule & nbsp ; group & nbsp ; names, & nbsp ; NULL & nbsp ; process & nbsp ; GUIDS & nbsp ; and & nbsp ; W3LOGSVC & nbsp ; interop & nbsp ; issue</ div >
147+ <div >* Increased & nbsp ; rule & nbsp ; name & nbsp ; field & nbsp ; length & nbsp ; from & nbsp ; 32 & nbsp ; to & nbsp ; 128 & nbsp ; characters</ div >
148+ <div >* Added & nbsp ;& ldquo ; excludes & nbsp ; any & rdquo ;& nbsp ; and & nbsp ;& ldquo ; excludes & nbsp ; all & rdquo ;& nbsp ; filtering & nbsp ; conditions.</ div >
149+ <div >* Performance & nbsp ; improvements & nbsp ; for & nbsp ; ImageLoad & nbsp ; module</ div >
119150</td >
120- <td width =" 132 " >
151+ <td style = " height : 78 px ; " width =" 132 " >
121152<p >December 11, 2019</p >
122153</td >
123154</tr >
0 commit comments