EID 14 - error starting from 2nd execution #6
Description
EID 14
After each run registry key "RegistrySysmonTestingRenamed" should be deleted otherwise at next run the key still exist and "NewRegistrySysmonTesting" can't be renamed to the same name, then don't produce Sysmon event ID 14.
BR