Setup

Download and Setup

First, we need to download the latest Sysmon version from the following link:

https://download.sysinternals.com/files/Sysmon.zipdownload.sysinternals.com

Next, we have to download the Configuration file for Sysmon to run properly.

sysmon-modular/sysmonconfig.xml at master · olafhartong/sysmon-modularGitHub

Make sure that the configuration file is in the same directory as the extracted Sysmon files.

       Extracted Sysmon directory
            |
   +--------+---------+
   |                  |
sysmonconfig.xml   other files

Installation

Open PowerShell with administrator privileges and change directory to the one in which Sysmon is downloaded.

C:\Users\{User}\Downloads\Sysmon>

Then we have to execute the Sysmon64.exe file and install the sysmonconfig.xml configuration file.

C:\Users\{User}\Downloads\Sysmon> .\Sysmon64.exe -i sysmonconfig.xml

We can then verify that Sysmon is running using the Get-Process cmdlet.

C:\Users\{User}\Downloads\Sysmon> Get-Process Sysmon64