Sysmon is great until you need to uninstall it, in which case the documented instructions don't work. If you get an odd the service sysmon64 is already registered message, do this:
- Stop the Sysmon service in
Services.msc. - Open an elevated PowerShell prompt in the folder containing
sysmon64.exe - Run
sysmon64.exe -uorsysmon64.exe -u force(if the 1st command doesn't work)
That should uninstall Sysmon completely. I've created a corresponding Microsoft Docs PR.
Top comments (0)