What happen install sysmon without config file

Saber Afsehi 21 Reputation points
2023-07-29T09:36:21.6933333+00:00

Hi

if I install sysmon without config file what happen for logs that it save?

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,066 questions
0 comments No comments
{count} votes

Accepted answer
  1. Will 400 Reputation points
    2023-07-29T10:17:11.29+00:00

    Installing sysmon without a config file just uses MSFT's defaults which only records essential system activities like process (creation/termination), mods to the registry and a few other things but it won't capture network events by default.

    You've got to create/tweek a config file to get it to recoord what you need/want to monitor.

    Logs will be stored here:

    Applications and Services Logs/Microsoft/Windows/Sysmon/Operational

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful