Sysmon Installation on Windows - Multiple Endpoints

Updated Feb 12, 2024

Uninstall Sysmon using the Group Policy Management Console

If needed, you can uninstall Sysmon from multiple Windows endpoints using the Group Policy Management Console (GPMC).

  1. Open the GPMC.
  2. Right-click the Sysmon Assistant object that you created, and then click Edit.
  3. For each user or each machine, expand the Software Settings element that contains the deployed package.
  4. Expand the Software Installation element that contains the deployed package.
  5. In the Group Policy window, right-click the package.
  6. Click All Tasks > Remove, and then click Immediately uninstall the software from users and computers.
  7. Click OK.
  8. Close the Group Policy snap-in, and then click OK to exit.

See also