Blog Post

Sysinternals Blog

1 MIN READ

Sysmon v15.14

Alex_Mihaiuc

Microsoft

Feb 13, 2024

Sysmon v15.14 This update to Sysmon resolves a service crash on configuration change and a rare system crash.

Published Feb 13, 2024

Version 1.0

Alex_Mihaiuc

Microsoft

Joined August 30, 2020

View Profile

Sysinternals Blog

Follow this blog board to get notified when there's new activity

bobmorning

Copper Contributor

Jun 24, 2024

Hello,

Has anyone seen this behavior with Sysmon: getting non-English characters in the ParentUser, and ParentCommandLine fields? Sometimes it looks like another language character set, other times it is WingDings or some other non-sensical characters. This screenshot is from our enterprise Splunk (~30,000 endpoints) and is a screenshot of 2 devices over a 60 minute sampling window. The one theme I see when digging into the Splunk record for each of these events is that the ServicePrincipleName begins with "TERMSRV/" and then the rest of the SPN follows. Only happens with Event code = 1.

Bob M.