¶ Sysinternals Download and Setup
- Download from URL
- Or download from command line (I haven't tried these commands to see if they work):
Download-SysInternalsTools C:\Sysinternals
OR
Install-Module -Name SysInternals
- After download, you can launch tools from command line just by typing the program name in (elevated) PowerShell or Command Prompt (Need to edit environment variables):
- Type "sysdm.cpl" in command prompt
- click on 'Advanced' Tab
- Click 'Path' > 'Edit'
- 'New'
- Paste file path of sysinternals suite (desktop)
- Now you can type the following commands in an **elevated **PS or cmd window:
- tcpview
- procexp
- procmon
- sysmon
- Configuration file for Sysmon:
- Installing sysmon with config file:
sysmon.exe -accepteula -i sysmonconfig.xml
- Update existing configuration file
sysmon.exe -c sysmonconfig.xml
- If installed correctly, 'sysmon' should be added to Event Viewer
- To view sysmon logs, open Event Viewer:
-
Application and Service Logs > Microsoft > Windows > Sysmon > Operational
(Might remove this small section?)
Sysmon.exe -accepteula -i ..\Configuration\swift.xml`
- path of where the download is