Sysmon is a Windows service and driver which records process and file creations, registry modifications, attempts to change a file creation date, network connections and more. It's intended to help you identify malicious activity, but could also be helpful with general troubleshooting, or if you need to know some basic details on how a PC is being used.
To install Sysmon, launch it from an elevated command prompt. Use Sysmon -i to install it and log process creations only, or Sysmon -i -n to monitor network connections as well.
If everything has worked correctly, the Sysinternals EULA will be displayed. Agree to it, then reboot to run your first test.
Once Windows has started again, launch the Event Viewer (Eventvwr.msc), and browse to Applications and Services Logs\Microsoft\Windows\Sysmon\Operational.
You should now see multiple events listing Sysmon as a source, along with their date and time, giving you much more detail about what happened during your system boot.
Basic log management tasks can be carried out in Event Viewer, as usual. You're able to filter the log, display just the events you need, search for something important, disable logging when it's no longer needed, save the events to a file, and more: right-click Sysmon\Operational for the full list.
You can also change Sysmon to use its default configuration (no network connection logging) by running Sysmon -c -- , or uninstall it entirely with Sysmon -u . The service and driver are removed immediately, and there's no reboot required.
Verdict:
Tools like Process Monitor give you more information and are easier to set up and use, but Sysmon is a better choice for long-term use. It launches early in the boot process to capture the maximum possible detail, and saves information to the Event Log for easier analysis later.
Your Comments & Opinion
Find out exactly what's running on your PC with this feature-packed Task Manager alternative
View and take control of the programs running on your PC
Find out exactly what the programs running on your PC are doing
Track CPU usage, download speeds, RAM, more
Identify potentially risky processes running on your PC, right now
A simple Task Manager - in an Excel spreadsheet
Analyze, search, back up, clean up, and generally get more from your hard drive with this suite of tools
Analyze, search, back up, clean up, and generally get more from your hard drive with this suite of tools
Take control of your file and folder management with this powerful – if slightly unrefined - utility
Take control of your file and folder management with this powerful – if slightly unrefined - utility
A powerful Notepad replacement