With the release of Windows 11 Insider Preview Build 26300.7733 (KB5074178) to the Dev Channel. The company is integrating the popular System Monitor (Sysmon) tool directly into the operating system.
Previously available only as a standalone tool within the Sysinternals suite, this move simplifies how security teams deploy advanced logging capabilities to monitor for malware and malicious activity.
For years, Sysmon has been a critical tool for Incident Response (IR) teams and Security Operations Centers (SOCs).
It provides detailed information about process creations, network connections, and changes to file creation time.
By integrating this natively, Microsoft ensures that granular event logging is more accessible without requiring external downloads. The native version retains the core functionality that security professionals rely on.
It captures specific system events useful for threat detection and writes them directly to the Windows Event Log.
This integration ensures seamless compatibility with existing Security Information and Event Management (SIEM) solutions and other security applications.
Users can still use custom XML configuration files to filter events, ensuring that defenders capture only relevant data and avoid log noise.
Microsoft has adopted a “secure by default” approach; as a result, the built-in Sysmon feature is disabled by default. Administrators must explicitly enable it.
| Method | Approach | Steps |
|---|---|---|
| Method 1 | Windows Settings (GUI) | Go to Settings > System > Optional features > More Windows features, then check “Sysmon” |
| Method 2 | PowerShell / Command Prompt | Use DISM for script-based or enterprise deployment |
To enable the feature, run the following command:
powershellDism /Online /Enable-Feature /FeatureName:SysmonOnce the feature is enabled, the service must be installed to begin capturing events:
sysmon -i
Security teams currently running the standalone version of Sysmon (downloaded from the Sysinternals website) must take caution.
Microsoft has stated that the legacy version must be uninstalled before enabling the built-in Windows version to avoid conflicts.
Beyond security enhancements, this build addresses several stability issues. Microsoft fixed a critical bug that caused applications to freeze when interacting with files on OneDrive or Dropbox.
Additionally, improvements were made to File Explorer, including better keyboard navigation and fixes for folder renaming issues.
This update represents a significant step forward in making advanced telemetry standard on Windows endpoints, giving defenders a native advantage against sophisticated threat actors.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft to Add Sysmon Threat Detection Feature Natively to Windows 11 appeared first on Cyber Security News.
Devil May Cry Season 2 debuts on Netflix on May 12.The first season of Devil…
Vanilla Scroll Sky is a pure CSS scrollytelling library that creates sticky image reveals and…
no.css is a pure CSS front-end framework that helps developers quickly create modern web pages…
DETROIT, MICH. (WOWO) Patients who rely on both Blue Cross Blue Shield and Michigan Medicine…
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers…
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide.…
This website uses cookies.