By Lawrence Abrams
Publication Date: 2025-11-18 17:25:00
Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools.
“Next year, Windows updates for Windows 11 and Windows Server 2025 will bring Sysmon functionality natively to Windows,” reads an announcement by Sysinternals creator Mark Russinovich.
“Sysmon functionality allows you to use custom configuration files to filter captured events. These events are written to the Windows event log. enabling a wide range of use cases including by security applications.”
Sysmon (or System Monitor) is a free Microsoft Sysinternals tool that can be configured to monitor for and block malicious/suspicious activity and log events to the Windows Event Log.
By default, Sysmon monitors basic events, such as process creation and termination. However, it is possible to create advanced configuration files that let you monitor and perform more advanced behavior,…
