Fixed
We fixed an issue within Sysmon Installer component's ability to detect system crashes.
The Sysmon Installer component manages the Sysmon service installation and monitors for system crashes in order to uninstall the Sysmon service if a crash occurs. It uninstalls the Sysmon service to protect the asset from recurring system crashes.
The previous Sysmon Installer Update contained an issue that caused Sysmon to be uninstalled if the system crashed with a BSOD for any reason. This release fixes the logic to correctly identify system crashes due to Sysmon-related issues, removing Sysmon only if it is the root cause of the crash. It will also restore Sysmon if it was previously removed from the endpoint.
Note: In rare cases where Sysmon was the root cause of a system crash, it may trigger another crash after being reinstalled. With this update Sysmon Installer will correctly identify that Sysmon needs to be uninstalled again, and it will remain uninstalled.