Sysmon

by Sysinternalsv15.20

Last updated Jun 8, 2026

System activity monitor

Install with winget

$ winget install --id Microsoft.Sysinternals.Sysmon --exact --version 15.20

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.

Installers · v15.20

Architecture	Type	Scope	Download
x86	ZIP archive	-	Direct
x64	ZIP archive	-	Direct
arm64	ZIP archive	-	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

3 known CVEs via NVD

high7.8Patched in wingetCVE-2023-29343affects before 14.16May 9, 2023
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
Patch Vendor advisory
high7.8Patched in wingetCVE-2022-44704affects before 14.13Dec 13, 2022
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
Patch Vendor advisory
high7.8Patched in wingetCVE-2022-41120Nov 9, 2022
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability

Source: NVD, updated 2h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

SDeleteSysinternals
Microsoft.Sysinternals.SDeletev2.06
Securely overwrite sensitive files and cleanse free space.
StringsSysinternals
Microsoft.Sysinternals.Stringsv2.54
Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
Sysinternals SuiteSysinternals
Microsoft.Sysinternals.Suitev2026-06-10
Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more.
Remote Desktop Connection ManagerSysinternals
Microsoft.Sysinternals.RDCManv3.12
RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers.
ZoomItSysinternals
Microsoft.Sysinternals.ZoomItv12.00
ZoomIt is a screen zoom, annotation, and recording tool for technical presentations that include application demonstrations.
VMMapSysinternals
Microsoft.Sysinternals.VMMapv3.40
A process virtual and physical memory analysis utility.

More from Sysinternals or browse sysinternals.

Frequently asked questions

How do I install Sysmon on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Microsoft.Sysinternals.Sysmon --exact --version 15.20. winget downloads the installer from Sysinternals and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Sysmon silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Microsoft.Sysinternals.Sysmon --exact 15.20 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Sysmon via winget?

Run: winget uninstall --id Microsoft.Sysinternals.Sysmon --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Sysmon's Apps & Features entry.

Is Sysmon free?

Sysmon is distributed under Proprietary. Refer to the publisher (https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon) for the full license terms - Wingetly itself does not charge for installation.

Does Sysmon work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Sysmon directly from the publisher.

How do I keep Sysmon up to date?

Run winget upgrade --id Microsoft.Sysinternals.Sysmon --exact, or winget upgrade --all to update everything winget tracks. We index 1 version of Sysmon from microsoft/winget-pkgs.