Blog Post

Sysinternals Blog
1 MIN READ

Sysmon v15.14

Alex_Mihaiuc's avatar
Alex_Mihaiuc
Icon for Microsoft rankMicrosoft
Feb 13, 2024
Sysmon v15.14 This update to Sysmon resolves a service crash on configuration change and a rare system crash.  
Published Feb 13, 2024
Version 1.0
Shane_King's avatar
Shane_King
Copper Contributor
May 03, 2024

Alex_Mihaiuc 

-d works.

However, I wanted to change the service name AND the driver name. The only way I can get that to work is rename the executable to Audius.exe and the execute it like this:
Audius.exe -d "AudiusSv" -i my-custom.xml

 

This creates a service called "Audius" and a kernel driver module called AudiusSv.
The driver name cant be the same name as the exe. Running

sc queryex Audius
sc queryex AudiusSv
will illustrate why.

However, based on the current documentation for the current version of Sysmon, there is no such thing as a "-d" switch. But there is an XML directive called "DriverName" which doesn't work.