Geeks for your information News Microsoft Windows News v
Sysmon 11.0 is out with file delete monitoring
Sysmon 11.0 is out with file delete monitoring
harlan4096 Online
MalWare Zoo Team
*******
Posts: 15,794
Threads: 10,130
Thanks Received: 9,299 in 7,445 posts
Thanks Given: 10,212
Joined: 12 September 18
#1
Information  30 April 20, 09:45 (This post was last modified: 01 May 20, 08:01 by harlan4096.)
Quote:
[Image: sysmon-11.png]

Microsoft released a new version of Sysinternals Sysmon (System Monitoring) program for Microsoft Windows devices this week. Sysmon 11.0 is a major update of the application; users may download the latest version of the program from the official Sysinternals website or launch the new version of the tool directly using Sysinternals Live.

Sysmon is a specialized system monitor tool for Windows 7 and up that installs as a system service and device driver. The application monitors events on the system commonly used by attackers, e.g. by malware attacks, and logs these to the Windows event log.

The program monitors important activity such as the creation of processes and their termination, network connections, the loading of drivers, the creation of files, or Registry Events when it is active.

Sysmon 11.0 adds a new event to the list of monitored activity on Windows devices. Event 23, FileDelete, monitors all file removal activity on the Windows machine; this gives administrators options to see all files that were deleted on a system while Sysmon was active.

One of the reasons for adding file delete monitoring came from Microsoft's own experience. The company noted that attackers who successfully got into company machines would drop tools on the machine, use these, and delete these when they were done. The new file delete monitoring provides analysts with information about the tools that the attacker used on the system. Naturally, file deletion activity covers other types of deletions as well when it is used.

Installation of Sysmon is straightforward. All that needs to be done is to download the latest archive version of the program and extract it on the target system. You may check the configuration using sysmon -s using the command prompt, and install the monitoring service using sysmon -accepteula -i; this uses the default configuration. To uninstall sysmon, run sysmon -u from the command line.

Advanced users can use configuration files to customize the monitoring, e.g. to ignore certain activity on the system. The new version of Sysmon comes with a flag to disable reverse DNS lookups to avoid DNS servers being overloaded by requests from the tool.
 
Now You: do you use Sysinternals tools?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
WinRAR 7.20
WinRAR 7.20 (stabl...harlan4096 — 10:27
Vivaldi 7.8 Build 3925.62
Vivaldi 7.8 Build ...harlan4096 — 09:56
New Windows 11 Preview Adds Sysmon, Fixe...
Microsoft has rele...harlan4096 — 09:30
Android 16 February 2026 Security Update...
Google has begun t...harlan4096 — 08:59
Mozilla Firefox Browser 147.0.3
Mozilla Firefox Br...harlan4096 — 07:44

[-]
Birthdays
Today's Birthdays
avatar (48)Michaelecozy
Upcoming Birthdays
avatar (47)hapedDow
avatar (46)komriwat
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)delsreehRob
avatar (44)pyotrded
avatar (41)oecmecodo
avatar (40)ShakitaSmobe
avatar (49)tsorenHievy
avatar (46)myhotseeve
avatar (46)Edwinmub
avatar (46)dimaWeami
avatar (41)svoyaEnuct
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (50)listfquoto
avatar (46)dima6sarPrave
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (41)yposegij
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>