如何在Windows上更新Sysmon – 逐步指南.
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. Use the next steps to update Sysmon.
1. Open the PowerShell or command line (指令管理系统) or Terminal with administrative rights.
2. Navigate to the C:\视窗:
cd C:\Windows (or cd ../)3. Uninstall currently installed Symon:
sysmon.exe -u还, you can use the force key:
sysmon.exe -u force4. Download the latest version from the Microsoft website.
5. Copy sysmon.exe from the downloaded folder to the c:\windows and replace the current file (better make some backup of sysmon.exe before replacing).
sysmon.exe -i7. Run in the PowerShell to check that the new version 已安装:
sysmon.exe就这样, the update Sysmon process successfully completed
