Sysmon Archives

Winsage

November 21, 2025

As Windows turns 40, Microsoft faces an AI backlash

Microsoft is transforming Windows into an "agentic OS" by integrating advanced AI capabilities, as announced at the Ignite conference. The reception has been mixed, with users expressing concerns similar to those after the release of Windows 8. Windows chief Pavan Davuluri faced criticism on social media regarding the initiative, with users calling for a return to simpler interfaces like Windows 7. Despite acknowledging user pain points, many feel that the focus on AI features overshadows necessary improvements. The integration of AI tools like Copilot has received mixed reviews, with reports of unreliability. CEO Satya Nadella envisions a shift towards AI agents performing tasks, while also emphasizing the need for user control over their experience. Microsoft aims to balance innovation with user preferences, allowing users to opt-in to AI features at their own pace. Recent developments include a hotfix driver from Nvidia for Windows 11 performance issues, the return of a calendar feature to Windows 11, integration of Google's AI models into GitHub Copilot, and enhancements in security and performance for Windows and Office applications.

Winsage

November 19, 2025

Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows

Microsoft will integrate native System Monitor (Sysmon) functionality into Windows 11 and Windows Server 2025, enhancing security operations for IT teams. This integration will provide instant threat visibility, automate compliance through Windows Update, and include features such as process monitoring, network connection tracking, credential access detection, file system monitoring, process tampering detection, WMI persistence tracking, and custom configuration support. It will also offer official customer service support and allow seamless access to events through Windows Event Logs or Security Information and Event Management (SIEM) systems. Administrators can enable Sysmon using the command "sysmon -i." Future plans include expanding Sysmon’s capabilities with enterprise-scale management and AI-powered detection.

Winsage

November 19, 2025

Microsoft Integrates System Monitor (Sysmon) into Windows 11

Microsoft will integrate its forensic tool, System Monitor (Sysmon), into the Windows kernel with the upcoming releases of Windows 11 and Server 2025. This integration will transform Sysmon from a standalone utility into a native “Optional Feature” that will be serviced automatically through Windows Update. Administrators will no longer need to manually distribute Sysmon; instead, it can be activated through the “Turn Windows features on or off” dialog or command-line instructions. The integration will ensure that updates flow through the standard Windows Update pipeline, providing official support and Service Level Agreements (SLAs) for Sysmon. Microsoft plans to utilize local computing capabilities for AI inferencing to enhance security measures, focusing on detecting credential theft and lateral movement patterns. Sysmon will maintain backward compatibility with existing workflows, allowing the use of custom configuration files and adhering to the XML schema while continuing to log events to the Windows event log. Community-driven configuration repositories will remain operational, preserving established community knowledge.

Winsage

November 18, 2025

Microsoft is bringing native Sysmon support to Windows 11, Server 2025

Microsoft is integrating Sysmon into Windows 11 and Windows Server 2025, eliminating the need for separate deployments of Sysinternals tools. This integration will allow users to utilize custom configuration files for filtering captured events, which will be logged in the Windows event log. Sysmon is a free tool that monitors and blocks suspicious activities while logging events such as process creation, DNS queries, and executable file creation. It will be easily installable via the "Optional features" settings in Windows 11, with updates delivered through Windows Update. Sysmon will retain its standard features, including support for custom configuration files and advanced event filtering. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025, eliminating the need for standalone deployment. Sysmon will allow users to utilize custom configuration files for event filtering, logging events in the Windows event log. It tracks events such as process creation, DNS queries, executable file creation, changes to the clipboard, and auto-backup of deleted files. Users can access Sysmon through "Optional features" in Windows 11 and receive updates via Windows Update. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft Finally Makes Sysmon Native To Windows

Sysmon is a system monitoring tool that traditionally requires users to download and install it from Microsoft's Sysinternals page, often leading to its deployment only after issues arise. Pre-installing Sysmon can enhance proactive monitoring and issue diagnosis. Its effectiveness can be improved through tailored configurations, with resources available from Bleeping Computer for specific use cases like monitoring DNS queries. Additionally, Sysmon can now be installed on Linux systems via the Windows Subsystem for Linux (WSL), increasing its accessibility and versatility for users familiar with Sysmon.