Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,218 questions
Sysmon signature verification error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
We use Sysmon to monitor events on our Windows 10 endpoinds. We randomly get Sysmon signature verification error, which occurs on 30% of endpoints regardless of their amount of RAM or build number. The example of an error:
<13>Mar 27 15:57:19 XXXXX AgentDevice=WindowsLog AgentLogFile=Microsoft-Windows-Sysmon/Operational PluginVersion=WC.MSEVEN6.10.1.10.11 Source=Microsoft-Windows-Sysmon Computer=XXXXX.xxx.xxx.xxx.ua OriginatingComputer=x.x.x.x User=SYSTEM Domain=NT AUTHORITY EventID=7 EventIDCode=7 EventType=4 EventCategory=7 RecordNumber=3290522 TimeGenerated=1743083836 TimeWritten=1743083836 Level=Informational Keywords=0 Task=SysmonTask-SYSMONEVENT_IMAGE_LOAD Opcode=Resume Message=Image loaded: RuleName: - UtcTime: 2025-03-27 13:57:16.666 ProcessGuid: {096ac3aa-593c-67e5-7201-000000005401} ProcessId: 8968 Image: C:\Windows\System32\taskhostw.exe ImageLoaded: C:\Windows\System32\msasn1.dll FileVersion: 10.0.19041.3636 (WinBuild.160101.0800) Description: ASN.1 Runtime APIs Product: Microsoft® Windows® Operating System Company: Microsoft Corporation OriginalFileName: msasn1.dll Hashes: SHA1=FCB93A019377C297088B8EF6A1215DEC3E732D81,MD5=AB9535AEBFD8DED1BA9743A1A33C8344,SHA256=A40B90479BEF00F51B15E02D8CCE799A15248237EB68E73A2732C0FA8461BBB6,IMPHASH=F79599CA729D557E0381EC0A41471A27 Signed: failed: Signing queue is full Signature: - SignatureStatus: - User: YYYY\xxxxxxx
How can we get rid of these errors? Thanks in advance.
Sysinternals
Sign in to answer