No More Hunting Down Sysintenals For This Valuable Tool
Sysmon has been around for some time, but you’ve had to know what it is and how to install it. Currently you need to visit Microsoft’s Sysinternals page, grab Sysmon and install it. It’s not a terribly onerous task but it tends to mean Sysmon is installed after a problem occurs and Event Manager didn’t reveal the reason why. It would be far better for everyone if Sysmon was already installed and running, so you can have a decent chance at figuring out what went wrong the first time it happens.
A more widespread use of Sysmon will also mean better examples of custom configurations would be easily available for all. It is a powerful tool but does need tweaking to make it effective for your environment. Bleeping Computer offers a few examples in their post, including DNS queries and process tampering. Thanks to Windows Subsystem for Linux, you can also install Sysmon on a Linux box which is very helpful for those far more familiar with Sysmon than they are with native Linux troubleshooting tools.
