EID 14 - error starting from 2nd execution

Question

EID 14 - error starting from 2nd execution

Opened this issue 2 years ago · 0 comments

EID 14
After each run registry key "RegistrySysmonTestingRenamed" should be deleted otherwise at next run the key still exist and "NewRegistrySysmonTesting" can't be renamed to the same name, then don't produce Sysmon event ID 14.

BR