Microsoft has announced that it will integrate the popular Sysmon tool directly into Windows 11 and Windows Server 2025 in 2026. The announcement was made by Sysinternals creator Mark Russinovich.
Sysmon (System Monitor) is a free tool from Microsoft Sysinternals for monitoring and blocking suspicious activity in Windows. Events are logged in the Windows Event Log, making the tool indispensable for detecting threats and diagnosing problems.
By default, Sysmon tracks basic events like process creation and termination, but you can use custom configuration files to monitor process tampering, DNS queries, executable file creation, clipboard changes, automatic backups of deleted files, and more.
Currently, Sysmon must be installed individually on each device, making it difficult to manage in large IT environments.
Native support should solve this issue, as users will be able to install the tool via Windows 11 optional features and receive updates directly through Windows Update.
Microsoft promises to retain all standard features, including support for custom configurations and advanced event filtering.
Once installed, administrators can enable Sysmon via the command line ( sysmon -i for monitoring with a custom configuration sysmon -i ).
Microsoft officials also announced that they will release full Sysmon documentation in 2026, adding new enterprise management capabilities and AI-powered threat detection capabilities.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
