Sysmon is great until you need uninstall it, in which case the documented instructions don't work. If you get an odd the service sysmon64 is already registered, do this:
- Stop the Sysmon service in
Services.msc. - Open an elevated PowerShell prompt in the folder containing
sysmon64.exe - Run
sysmon64.exe -uorsysmon64.exe -u force(if the 1st command doesn't work)
That should uninstall Sysmon completely. I've created a corresponding Microsoft Docs PR.
Discussion (0)