If needed, you can redeploy Sysmon on a single Windows endpoint.

1. If you installed Sysmon manually instead of using Sysmon Assistant, run one of these commands to uninstall Sysmon:
   • For 32-bit systems:
     INICopy

     sysmon -u force

     sysmon -u force

   • For 64-bit systems:
     INICopy

     sysmon64 -u force

     sysmon64 -u force

2. Download the latest version of Sysmon.

   For more information, see the Microsoft website.

3. If you are reinstalling using the Sysmon Assistant, download the SysmonAssistant.zip file from the MDR Dashboard, and then extract it to access the MSI file.
   Note:

   Older versions of Sysmon Assistant might not reinstall Sysmon properly.

4. Install Sysmon on Windows devices.
   Note:

   If you reinstall using the Sysmon Assistant, make sure that the latest versions of Sysmon.exe and Sysmon64.exe are in the same shared folder as Sysmon Assistant.