Sysmon Redeployment on Windows - Single Endpoint

Updated Jan 31, 2024

Redeploy Sysmon on a single endpoint

If needed, you can redeploy Sysmon on a single Windows endpoint.

  1. Download the latest version of Sysmon.

    See Microsoft website for more information.

  2. If you are reinstalling using the Sysmon Assistant, download the file from the MDR Dashboard, and then extract it to access the MSI file.

    Note: Older versions of Sysmon Assistant may not reinstall Sysmon properly.

  3. Install Sysmon on Windows devices.

    Note: If you reinstall using the Sysmon Assistant, make sure that the latest versions of Sysmon.exe and Sysmon64.exe are in the same shared folder as Sysmon Assistant.

See also