This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 62%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
I'd like to once and for all understand the difference between the 3 sysmon executables contained in sysmon.zip (sysmon.exe, sysmon64.exe and sysmon64a.exe).
At one point I believed that sysmon64 was the Itanium (ia64) version and that running the plain old sysmon.exe installer automatically chose either the x32 or the x64 build and correctly installed the appropriate image. This is confirmed by checking to see that sysmon is running in 64bit mode after install using sysmon.exe. But I see lots of people on this forum running sysmon64.exe directly to install, so now I am not so sure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 83%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
sysmon.exe
This is the main installer that automatically detects whether your system is 32-bit or 64-bit and installs the right version. It's the one most people use because it handles everything for you.
sysmon64.exe
This is specifically for 64-bit systems. If you're sure your machine is 64-bit, you can run this directly to skip the auto-detection.
sysmon64a.exe
You likely won’t ever need this unless you're dealing with legacy hardware.
So, typically, you’ll just use sysmon.exe, but some people prefer using sysmon64.exe directly to make sure the 64-bit version gets installed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 56.00000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
sysmon64a.exe is for the 64-bit ARM architecture, I think sysmon.exe has support for both x86 and x64, and of course sysmon64.exe is just for x64.