Share via

How do I delete a hidden sysmon folder?

Anonymous
2023-03-11T12:54:17+00:00

I installed sysmon for school activities, however after uninstalling, I ran a storage check using TreeSize and found a hidden Sysmon folder. Tried deleting its content (12gb~) but I require permission from.. myself? I tried to mess around with permissions of the hidden sysmon folder by going through its properties. At first, only SYSTEM was the account written there. I tried adding myself but still to no avail.

Windows for home | Windows 10 | Files, folders, and storage

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Ramesh 176.3K Reputation points Volunteer Moderator
2023-03-11T13:10:18+00:00

The SYSTEM account owns the Sysmon folder. You can delete the folder using many different ways. One of which is to boot into Windows RE and delete the folder.

Another option is to recursively take ownership of the folder using the takeown.exe & icacls.exe commands.

The 3rd option, probably the easiest one, is to download PsExec from Microsoft, launch cmd.exe as SYSTEM and nuke the folder.

Download PsExec64.exe and launch CMD.exe as SYSTEM. For more information, check out this article → Run a Program as SYSTEM (LocalSystem)

In the Command Prompt (System) window, run:

rd /s /q c:\sysmon

Was this answer helpful?

9 people found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest