Sysmon 5 is the latest version of the popular monitoring program for Windows that writes activities to the Windows Event log.
Sysmon, which stands for System Monitor, is a background monitor. This means that it will do its work once installed without user interaction or graphical user interface.
In fact, all you have to do to install it is to run a short command from the command line to install the monitoring service.
This is done by tapping on the Windows-key, typing cmd.exe, holding down the Shift-key and Ctrl-key before hitting the Enter-key, and typing sysmon -accepteula –i in the Sysmon program directory.
Tip: to uninstall Sysmon again, run the operation again but this time with the command sysmon -u.
The program logs directly to the Windows Event log which means that you need to open it using the native viewer or a third-party program such as Event Log Explorer to access the data.
All events that Sysmon 5 tracks are stored in Applications and Services Logs/Microsoft/Windows/Sysmon/Operational in the Event log.
The following events are tracked by the application:
Filtering is supported which means that you can use Event Filtering to filter for specific events you are interested in.
The new Sysmon 5 introduces new monitoring options that log file create and Registry modification events.
This major update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces file create and registry modification logging. These event types make it possible to configure filters that capture updates to critical system configuration as well as changes to autostart entry points used by malware.
Sysmon 5 improves an already great program further by introducing Registry modification and file create events to the logging capabilities. Since nothing else has changed, it is a no brainer to upgrade the existing copy of the program to the latest version to benefit from the additional event logging options.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.