Why can't I get sysmon to run on my windows 11 machine?

SLM64 20 Reputation points
2024-05-04T20:24:28.5433333+00:00

Hi all,

I downloaded sysinternals suite and unzipped all. I tried to run sysmon by right clicking the sysmon.exe > run as administrator. When that didn't work I opened Powershell as administrator, navigated to the folder that contained sysmon and tried to run it from there. Neither way appears to have worked. I don't see any signs of sysmon in event viewer or in task manager. One other interesting note is there was a very brief flash of a command window both times I tried to run it.

Any ideas how to run sysmon on windows 11?

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,103 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andreas Baumgarten 98,626 Reputation points MVP
    2024-05-04T21:00:01.8233333+00:00

    Hi @SLM64 ,

    did you install Sysmon by running sysmon64.exe -i?

    If Sysmon is installed you could verify if the service Sysmon64 is listed under Services and status is running.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. SLM64 20 Reputation points
    2024-05-04T22:03:02.6766667+00:00

    Here is what I ran in Powershell and the error it gave me.

    PS C:\users\administrator\downloads\Sysmon> sysmon.exe -i -accepteula

    The error I received is below.

    sysmon.exe : The term 'sysmon.exe' is not recognized as the name of a cmdlet, function, script file, or operable

    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    At line:1 char:1

    • sysmon.exe -i -accepteula
    • 
          + CategoryInfo          : ObjectNotFound: (sysmon.exe:String) [], CommandNotFoundException
      
          + FullyQualifiedErrorId : CommandNotFoundException
      
      

    I'm not clear on where you would like for me to check the service. I checked processes in Task Manager but nothing shows up when searching for sysmon. The closest match was SysMain.