Geek Rewind

How to Install or Uninstall Built-in Sysmon on Windows 11

This guide will help you easily install or remove the built-in Sysmon feature on your Windows 11 computer.

What is Sysmon?

Sysmon (System Monitor) is a tool in Windows that helps track whatโ€™s happening on your computer. It watches for things like new programs starting, network connections, and changes to files. This information is saved in the Event Log, which can help you spot problems or security issues.

Starting with certain Windows 11 versions (like build 26220 and newer), Sysmon is already included in Windows. You donโ€™t need to download anything extra!

Important:

You need to be signed in as an Administrator to install or uninstall Sysmon.

Option 1: Install or Uninstall Sysmon Using Windows Settings

  1. Open Settings by pressing Win + I.
  2. Click System from the left menu, then select Optional features on the right.
  3. Click More Windows Features near the top.
  4. In the new window, find Sysmon in the list.
  5. To install, check the box next to Sysmon. To uninstall, uncheck the box.
  6. Click OK.
  7. Depending on your choice:
    • If installing, click Close.
    • If uninstalling, click Restart now to finish the removal.

Visual guide:

Optional features Windows 11 tile
Optional features Windows 11 link
Optional features sysmom selection

Finish Installing Sysmon via Command Line

  1. Open Windows Terminal (Admin). Choose either PowerShell or Command Prompt.
  2. Type or paste the command below, then press Enter:

    Sysmon -i
  3. After it finishes, you can close the Terminal and Settings.

Option 2: Install Sysmon Using Command Line Only

  1. Open Windows Terminal (Admin) and pick PowerShell or Command Prompt.
  2. Run one of these commands to turn on the Sysmon feature:
  3. PowerShell: Enable-WindowsOptionalFeature -Online -FeatureName Sysmon
    • Command Prompt: DISM /Online /Enable-Feature /FeatureName:"Sysmon"
  4. Next, run this command to install Sysmon itself:


    Sysmon -i
  5. Close the Terminal when done.

Option 3: Uninstall Sysmon Using Command Line

  1. Open Windows Terminal (Admin) and pick PowerShell or Command Prompt.
  2. Run one of these commands to turn off (uninstall) Sysmon:
    • PowerShell: Disable-WindowsOptionalFeature -Online -FeatureName Sysmon
    • Command Prompt: DISM /Online /Disable-Feature /FeatureName:"Sysmon"
  3. When asked, type Y and press Enter to restart your PC and finish uninstalling.

Summary

  • What Sysmon Does: Tracks and logs important system activities to help spot security problems.
  • Admin Rights Needed: You must be signed in as an administrator to add or remove Sysmon.
  • Easy Installation Options: Use Settings or Command Line tools like Windows Terminal.
  • Restart May Be Required: Removing Sysmon usually needs a reboot to complete.
  • Built into Windows 11: No need to download anything extra on newer Windows 11 versions.

With these simple steps, you can manage Sysmon on your Windows 11 PC to help keep your system secure and monitored.

Categories:

Tags:

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

Popular Posts

Explore Topics