Providing Free and Editor Tested Software Downloads

MajorGeeks.com - If your computer could ask you for it, it would.
MajorGeeks.Com » Overview » How To Enable and Install the Built-In System Monitor (Sysmon)

How To Enable and Install the Built-In System Monitor (Sysmon)

By selma čitaković

on 04/21/2026
Hop into IObit’s Easter Sale and save up to 90% on top utilities, plus score 3 FREE months before the deal disappears! 🐰🌷🏆
{$insert['content_title']


System Monitor (Sysmon) is a system service and device driver that logs and tracks system activity. It detects changes and logs events, including process creations, registry modifications, network connections, file creation time changes, and more. It's kinda similar to Event Viewer, but much more in-depth.

Basically, it collects a lot of data that you can review to identify suspicious activities and threats. However, Sysmon doesn't analyze events or prevent threats by itself - it's just a detailed recording tool.

Previously, you could only get it as a standalone version, but it's available natively now in Windows 11. The built-in Sysmon is disabled by default, but you can easily enable and install it. I'll show you how below! But first, make sure you've signed in as an administrator.

Via Optional Features



You can install and uninstall Sysmon as an optional feature:

  1. Press Win + R, type OptionalFeatures.exe, and press Enter. Or, you can go to Settings > System > Optional features > More Windows features.
  2. This will open Windows Features, where you can check Sysmon. Click OK.
  3. You should see a message saying "Windows completed the requested changes." Click Close.
  4. Now, press Win + X and select Terminal (Admin).
  5. Open either PowerShell or Command Prompt. Type the following command and press Enter: Sysmon -i


And that's it.

To uninstall the tool, uncheck Sysmon in Windows Features instead (step 2) and click OK. You'll then have to restart to complete the changes.

Via Command



Or, you can install and uninstall it using commands. You'll need elevated privileges to run them.

First, let's go over the steps to install Sysmon:

  1. Press Win + X and select Terminal (Admin). Open either Command Prompt or PowerShell.
  2. In Command Prompt, type the following command and press Enter: DISM /Online /Enable-Feature /FeatureName:"Sysmon"
  3. Alternatively, in PowerShell, type the following command and press Enter: Enable-WindowsOptionalFeature -Online -FeatureName Sysmon
  4. After running either command, type Sysmon -i in the same elevated terminal, and press Enter.


This will complete the installation.

To uninstall Sysmon:

  1. Again, press Win + X, select Terminal (Admin), and open Command Prompt or PowerShell.
  2. In Command Prompt, type this and press Enter: DISM /Online /Disable-Feature /FeatureName:"Sysmon"
  3. Or, in PowerShell, type this and press Enter: Disable-WindowsOptionalFeature -Online -FeatureName Sysmon
  4. Press Y to restart in Command Prompt, or press Y and Enter to restart in PowerShell.


One last thing: If you've previously downloaded and installed standalone Sysmon, you'll have to uninstall that version. Otherwise, the built-in Sysmon won't work.

selma citakovic
selma citakovic
Selma is a gamer, geek and gremlin hunter with a passion for cyber security and smashing Windows bugs before they bite. She’s IBM-certified, loves real freeware, despises bloatware, and powers most of her troubleshooting with an unhealthy amount of coffee.

comments powered by Disqus


© 2000-2026 MajorGeeks.com
Powered by Contentteller® Business Edition