Install the latest Sysmon version to fix memory leak issues

Madalina Dinita
by Madalina Dinita
Managing Editor
0 Comments
Download PDF

Sysmon fix memory leak issues

Microsoft introduced a new Sysmon update. More specifically, Sysmon 8.o.4 fixes all the memory leak issues that existed in the previous version.

Sysmon is one of the many SysInternals components by Microsoft. It is a troubleshooting utility that monitors and troubleshoots the operating system and writes events to the event log.

The previous version of the program brought some annoying memory leak problems. It was recorded that memory leakage could lead to system crashes after update.

Computer geek Ionstorm talked about this issue on Twitter, saying:

Heads up admins if you still run sysmon 8.0.0 and you run a scheduled task to update the sysmon config each reload will use approximately 15mb of ram, after 30 days it will max out memory on your servers if they dont reboot. Memory is locked in non-paged pool. 8.0.4 resolves

Memory leak issues were also highlighted on the Microsoft SysInternals Forum. The same issue was reported by a user who reported the consumption of memory in Nonpaged pools after each time configuration reloads. He commented:

I faced a bug in Sysmon (ver. 7.01 and 7.03) – Symon’s driver (SysmonDrv.sys) consumes new area in Nonpaged pool memory every time configuration reloads, but driver does not free old area in Nonpaged pool memory. As a result, we can see memory leak. I found this problem on my VM, which had only 4GB RAM and more than 180 uptime days.

However, Microsoft responded that the issue has been fixed in the new update 8.o.4. Sysmon 8.o.o and 8.o.2 users can jump to 8.o.4 version to get this problem fixed.

RELATED POSTS TO CHECK OUT: