This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
My Windows 10 (Version 1909) VM just crashed and restarted when I uninstalled the Sysmon (v13.23).
Very weird as this didn't happened neither on my another Windows 10 (Version 20H2) box nor on Windows Server 2012 R2.
As evidence of crash, following Event IDs were generated after the crash.
I. Event ID 41: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
II. Event ID 6008: The previous system shutdown was unexpected.
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 42%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
It's the same when trying to uninstall Sysmon (all versions since 6.0) on Windows Server 2016 running Credential Guard ... it generates a BSOD. The only workaround is to disable Sysmon, reboot and then uninstall.