| Version | Schema | Features | Release |
|---|---|---|---|
| 13.01 | 4.50 | * Fixed regression bug where several event types where not logged. | January 13, 2021 |
| 13.0 | 4.50 | * Added support for Process Tampering Detection. | January 11, 2021 |
| 12.03 | 4.40 | * fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules. | November 25, 2020 |
| 12.02 | 4.40 | * This update to Sysmon fixes several configuration parsing bugs. | November 4, 2020 |
| 12.01 | 4.40 | * Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes. | October 16, 2020 |
| 12.0 | 4.40 | * Added support to capture text stored in to the clipboard by a process. | September 17, 2020 |
| 11.11 | 4.4 | * Fixes a bug that prevented USB media from being ejected. * Fixes an issue that could stop network event logging and a resulting memory leak. * Fixes logs file delete events for delete-on-close files. |
July 15, 2020 |
| 11.1 | 4.31 | * For Event ID 15 “Content field was added to save text streams of less than 1k. * The –a commandline option has been removed. The custom archive directory must be set via configuration file. * Fix Issue where EventID 1 was not logged on Windowds 2016 and Windows 10. * Fix rule parsing issue. |
June 24, 2020 |
| 11.0 | 4.30 | * Control Reverse DNS Lookup. * Log file deletions and story copy of the file. * Bug Fixes. |
April 28, 2020 |
| 10.42 | 4.23 | * Memory leaks in DNS, Networking and Image load events * Bug fixes including filtering, rule group names, NULL process GUIDS and W3LOGSVC interop issue * Increased rule name field length from 32 to 128 characters * Added “excludes any” and “excludes all” filtering conditions. * Performance improvements for ImageLoad module |
December 11, 2019 |