How to Update Sysmon on Windows – Step by Step Guide

How to Update Sysmon on Windows – Step by Step Guide.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. Use the next steps to update Sysmon.

1. Open the PowerShell or command line (CMD) or Terminal with administrative rights.

2. Navigate to the C:\Windows:

cd C:\Windows (or cd ../)

3. Uninstall currently installed Symon:

sysmon.exe -u

Also, you can use the force key:

sysmon.exe -u force

4. Download the latest version from the Microsoft website.

5. Copy sysmon.exe from the downloaded folder to the c:\windows and replace the current file (better make some backup of sysmon.exe before replacing).

6. Run in the PowerShell:

sysmon.exe -i

7. Run in the PowerShell to check that the new version is installed:

sysmon.exe

That’s all, the update Sysmon process successfully completed