Sysmon: New Sysinternals Tool Releases
Microsoft has released a new utility to the Sysinternals bundle. Sysmon runs as a service to capture suspicious computer activity.
August 12, 2014
Sysinternals utilities, the invention of Microsoft's Mark Russinovich, has a long and stable lineage, providing fantastic capabilities and value for IT Pros. For me, it's tough to say which utility is my favorite, but have probably used PsExec the most over the years. PsExec, of course, is the utility that gives IT Pros the ability to run commands on remote systems, even with elevated privileges.
On August 5, 2014, a new tool was added to the group of Sysinternals utility, taking the total utility bundle count to 71. The new utility, Sysmon, is a stay-resident service for Windows that can be installed to monitor and log system activity and record the information to the Windows event log, even if the computer is rebooted.
The value of this type of utility is that it allows administrators to record suspicious activity, helping to identify potential attacks from intruders and pinpoint occurrences of malware.
Install, uninstall, and configuration are all done from the command-line, using specific command-line switches. Details for the commands are available on the Sysmon download page:
Download: Sysmon v1.0
Download the entire bundle at once: Sysinternals Suite
About the Author
You May Also Like