There is good news for administrators: Microsoft has delivered on its promise to build Sysmon functionality into Windows.
Thefunctionality arrived in the Dev and Beta Windows Insider channels this week in builds 26300.7733 and 26220.7752, respectively. It allows administrators to capture system events via custom configuration files, filter for specific events, and write them to the standard Windows event log for pickup by third-party applications, including security tools.
Sysmon, part of the Sysinternals toolset, has long been useful for monitoring Windows' internals. Mark Russinovich, Microsoft technical fellow and co-founder of Winternals, from whence Sysinternals (and Sysmon) sprang,said: "It helps in detecting credential theft, uncovering stealthy lateral movement, and powering forensic investigations.
"Its granular diagnostic data feeds security information and event management (SIEM) pipelines and enables defenders to spot advanced attacks."
But deployment has been painful for administrators, managing potentially thousands of endpoints across an enterprise that need to be kept. Russinovich noted "a lack of official customer support for Sysmon in production environments."
Having it built in (though disabled by default) is therefore welcome, a respite from Microsoft's relentless AI integrations across its portfolio.
Enabling it requires some work with PowerShell, which shouldn't trouble Sysmon-savvy users. Microsoft notes that any existing Sysmon installation must be uninstalled first before the built-in version can be enabled.
- Old Windows quirks help punch through new admin defenses
- Windows is testing a new, wider Run dialog box. Here's how to try it
- Microsoft euthanizes ancient deployment toolkit
- Microsoft Task Manager now tasking PCs with running multiple copies of itself
After a month of patches thatMicrosoft would rather forget, Sysmon's arrival is a genuinely positive update.
Rather thanadding font effects to Notepad and more AI, or turning Paint into a Photoshop knockoff, Microsoft is delivering a tool that actually makes administrators' lives easier - perhaps a sign it's taking user needs more seriously than shareholder demands.
Who are we kidding? ®
Narrower topics
- Active Directory
- Azure
- Bing
- Bitlocker
- BSoD
- Excel
- Exchange Server
- Help Desk
- HoloLens
- Internet Explorer
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Fabric
- Microsoft Ignite
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- .NET
- Office 365
- OS/2
- Outlook
- Patch Tuesday
- Pluton
- PowerShell
- SharePoint
- Skype
- SQL Server
- Visual Studio
- Visual Studio Code
- Who, Me?
- Windows 10
- Windows 11
- Windows 2000
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows Subsystem for Linux
- Windows XP
- WPF
- Xbox
- Xbox 360
Broader topics
More about
Narrower topics
- Active Directory
- Azure
- Bing
- Bitlocker
- BSoD
- Excel
- Exchange Server
- Help Desk
- HoloLens
- Internet Explorer
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Fabric
- Microsoft Ignite
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- .NET
- Office 365
- OS/2
- Outlook
- Patch Tuesday
- Pluton
- PowerShell
- SharePoint
- Skype
- SQL Server
- Visual Studio
- Visual Studio Code
- Who, Me?
- Windows 10
- Windows 11
- Windows 2000
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows Subsystem for Linux
- Windows XP
- WPF
- Xbox
- Xbox 360
Biting the hand that feeds IT
