Error 255 appears, please help me figure it out.

[h3nkbleck]

Please help me figure out how to fix these errors or eliminate them. Events with msgid 255 from sysmon appear in the SIEM system on the host where this config is installed.

Contents of the following event data:

"text": "Events dropped from driver queue: ProcessAccess:1",
"text": "Events dropped from driver queue: ImageLoad:2",
"text": "Events dropped from driver queue: ImageLoad:1 ProcessAccess:16",
"text": "Events dropped from driver queue: ImageLoad:1 ProcessAccess:51 RegistryEvent:4",
"text": "Events dropped from driver queue: ImageLoad:3 ProcessAccess:4 RegistryEvent:4",

Here is the full log:

{
"Event": {
"xmlns": "http://schemas.microsoft.com/win/2004/08/events/event",
"System": {
"Provider": {
"Name": "Microsoft-Windows-Sysmon",
"Guid": "{5770385f-c22a-43e0-bf4c-06f5698ffbd9}"
},
"EventID": "255",
"Version": "3",
"Level": "2",
"Task": "255",
"Opcode": "0",
"Keywords": "0x8000000000000000",
"TimeCreated": {
"SystemTime": "2024-03-01T08:22:36.7399186Z"
},
"EventRecordID": "1239498",
"Correlation": null,
"Execution": {
"ProcessID": "4300",
"ThreadID": "6532"
},
"Channel": "Microsoft-Windows-Sysmon/Operational",
"Computer": "h43-12-4-21211.company.com.local",
"Security": {
"UserID": "S-1-5-18"
}
},
"EventData": {
"Data": [
{
"text": "2024-03-01 08:22:36.738",
"Name": "UtcTime"
},
{
"text": "QUEUE",
"Name": "ID"
},
{
"text": "Events dropped from driver queue: ProcessAccess:1 RegistryEvent:1",
"Name": "Description"
}
]
}
}
}