Sysmon installation problem - virtual win11 arm

Question

Hi, i am using sysmon couple of years so far, always works perfect.
Right now, i am trying on macos UTM virtualization and installed fresh windows 11 arm64 version.
I am trying to install sysmon, but there is error for which i cannot find solution...

c:\temp\sysmon.exe -accepteula -i sysmonconfig-export.xml
System Monitor v14.13 - System activity monitor
By Mark Russinovich and Thomas Garnier
Copyright (C) 2014-2022 Microsoft Corporation
Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved.
Sysinternals - www.sysinternals.com

Loading configuration file with schema version 4.50
Sysmon schema version: 4.83
Configuration file validated.
Sysmon installed.
SysmonDrv installed.
StartService failed for SysmonDrv:
This driver has been blocked from loading
Failed to start the driver:
This driver has been blocked from loading

Stopping the service failed:
The service has not been started.
SysmonDrv removed.
Stopping the service failed:
The service has not been started.
Sysmon removed.

I try:
bcdedit.exe /set nointegritychecks on
in local policy: unsigned driver installation behavior disabled
disabled complete defender

and still nothing...

What happening? is there some incompatibility with latest sysmon and latest arm win11 (22621.963)?

Answer 1

The ARM version is the Sysmon64a.exe, are you using that one renamed to sysmon.exe ?

Answer 2

oh... i did not look at names :(
damn, sorry and thank you!