My Sysmon config sees the shell/open reg key being written, if you want to alert on this. /cc @cyb3ropshttps://twitter.com/teamcymru/status/1224085088851447808 …
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml#L718 … appears to result in this activity not being logged by Sysmon. Not sure if this is a bug with how Sysmon processes underscores? Sysmon V10.42 and schema version 4.23.
Hey @markrussinovich, is this expected behaviour?
Sysmon appears to ignore the underscore character in the exclude rule linked above, resulting in the event being excluded even though the rule doesn't match the target object value.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.