Why can't I get sysmon to run on my windows 11 machine?

SLM64 20 Reputation points

Hi all,

I downloaded sysinternals suite and unzipped all. I tried to run sysmon by right clicking the sysmon.exe > run as administrator. When that didn't work I opened Powershell as administrator, navigated to the folder that contained sysmon and tried to run it from there. Neither way appears to have worked. I don't see any signs of sysmon in event viewer or in task manager. One other interesting note is there was a very brief flash of a command window both times I tried to run it.

Any ideas how to run sysmon on windows 11?

Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,103 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andreas Baumgarten 98,626 Reputation points MVP

    Hi @SLM64 ,

    did you install Sysmon by running sysmon64.exe -i?

    If Sysmon is installed you could verify if the service Sysmon64 is listed under Services and status is running.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)


    Andreas Baumgarten

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. SLM64 20 Reputation points

    Here is what I ran in Powershell and the error it gave me.

    PS C:\users\administrator\downloads\Sysmon> sysmon.exe -i -accepteula

    The error I received is below.

    sysmon.exe : The term 'sysmon.exe' is not recognized as the name of a cmdlet, function, script file, or operable

    program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    At line:1 char:1

    • sysmon.exe -i -accepteula
          + CategoryInfo          : ObjectNotFound: (sysmon.exe:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CommandNotFoundException

    I'm not clear on where you would like for me to check the service. I checked processes in Task Manager but nothing shows up when searching for sysmon. The closest match was SysMain.