heise PlusAbo
Anzeige

Native Sysmon integration in Windows is getting closer

Microsoft has released Windows Insider previews that include the powerful Sysmon logging tool as a Windows feature.

listen Print view
Flickering Windows 11 logo against matrix-like code

(Image: heise online / dmk)

2 min. read
Security
By

The native version of Sysmon in Windows is coming. Microsoft has released Insider preview versions of Windows in which the feature can now be activated.

In the current Windows Insider preview versions in the Developer Channel (Build number 26300.7733, KB5074178) and in the Beta Channel (Build 26220.7752, KB5074177), the Windows 11 operating system brings the Sysmon function natively to Windows. “With the Sysmon feature, you can capture system events that can help detect threats, and you can use custom configuration files to filter the events you want to monitor,” Microsoft explains in the release announcements. “The captured events are written to the Windows event log so they can be used with security applications and various use cases,” the developers further elaborate.

Enable native Sysmon support

By default, Sysmon is disabled and must be explicitly turned on. This can be done either via “Settings” – “System” – “Optional Features” and then under “Related settings” – “More Windows features,” which opens the dialog box in the familiar look with the name “Turn Windows features on or off” and then by checking “Sysmon.” In the command prompt or PowerShell, this can also be done by calling Dism /Online /Enable-Feature /FeatureName:Sysmon. To complete the installation, the call sysmon -i must then be issued to PowerShell or the command prompt. Microsoft developers explicitly point out that those who have already downloaded and installed Sysmon from the website must uninstall that version first. However, the documentation is not yet complete and “will be added to Windows soon.”

Sysmon (“System Monitor”) is a powerful tool that is helpful in diagnosing problems. Sysmon logs various system activities, such as process creation, loading of drivers or libraries, and network connections. “This allows you to detect malicious or anomalous activity and understand how attackers and malware operate in your network,” explains Microsoft on the Sysmon website.

Videos by heise

The Windows preview version has also received support for the Netherlands for language access and minimal bug fixes for minor issues. Mark Russinovich, developer of Sysmon and the other Sysinternals tools, had already announced the Sysmon integration last November.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten