Microsoft Adds Sysmon To Windows (theregister.com)
(Wednesday February 04, 2026 @09:00PM (msmash)
from the about-time dept.)
- Reference: 0180732392
- News link: https://tech.slashdot.org/story/26/02/05/0023249/microsoft-adds-sysmon-to-windows
- Source link: https://www.theregister.com/2026/02/04/microsoft_adds_sysmon_to_windows/
Microsoft has finally delivered on its promise to integrate Sysmon -- the long-standing system monitoring tool from its Sysinternals suite -- [1]directly into Windows , a move that should make life considerably easier for enterprise administrators who have struggled with deploying and managing the utility across thousands of endpoints.
The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.
[1] https://www.theregister.com/2026/02/04/microsoft_adds_sysmon_to_windows/
The functionality landed this week in Windows Insider builds 26300.7733 (Dev channel) and 26220.7752 (Beta channel). Sysmon allows administrators to capture system events through custom configuration files, filter for specific activity, and pipe the data into standard Windows event logs for pickup by security tools and SIEM pipelines. Mark Russinovich, Microsoft technical fellow and Winternals co-founder, has previously noted the lack of official customer support for Sysmon in production environments -- a gap this integration addresses. The feature ships disabled by default and requires PowerShell to enable. Microsoft notes that any existing Sysmon installation must be uninstalled before activating the built-in version.
[1] https://www.theregister.com/2026/02/04/microsoft_adds_sysmon_to_windows/
What? (Score:2)
by RitchCraft ( 6454710 )
They haven't renamed it CoPilot Sysmon yet?
Why was this a challenge to admins? (Score:2)
by gweihir ( 88907 )
Oh, right, WINDOWS. Yuck. No ssh-ing down the list with a nice small script and all done. No idea why this limited and defective toy is used in any professional context.
More Likely for MS to Take Control of Your Machine (Score:1)
Let's face it: Microsoft can no longer be trusted with your data. On a fresh Windows installation, just how long does it take to attempt to de-clap it?
Re: (Score:3)
> Let's face it: Microsoft can no longer be trusted with your data. On a fresh Windows installation, just how long does it take to attempt to de-clap it?
Let's face it: Microsoft took twenty fucking years to integrate this tool.
They don't seem to be in a hurry to utilize the damn thing, regardless of how useful the rest of us find it.
Re: (Score:2)
My take is they have a long list of minor and tiny changes they can push as great "innovations" to obscure the fact that they are pushing an ancient obsolete system design with a mediocre, unreliable and insecure implementation on their users.
Re: (Score:2)
> just how long does it take to attempt to de-clap it?
0 hours, since it's not something that 99.99% of users do, especially not in corporations (which is what this story is about).
Re: (Score:2)
Show me where he said "typical user", then you would be attempting to make a point that was consistent with his post. Of course the fact that most non-corporate "admins" are also users who don't have a basic understanding of any of this, and are regularly lied to by Microsoft when they are told skill isn't required, while forcing an insecure by default OS onto systems via past anti-trust violations that led to user lock-in and rake in money from naive customers, doesn't make your ridiculous "point" any bet