We are having issues with Sysmon not cleanly removing the driver from runtime when updating the Sysmon agent. There are no errors displayed when the uninstall process has been completed. When the new version is registered we get an error stating the driver "The driver sysmon is already registered. Uninstall Sysmon before reinstalling." I have checked the disk and registry for driver entries. Currently, the only solution is to reboot the host. This issue is affecting the majority of our systems. We have specific windows to reboot hosts in a given period. therefore, rebooting is not something we can do every day. We need to be able to reinstall Sysmon reliably, without the need to reboot.
I believe the issue to be a registered module in the kernel.
Any help would be greatly appreciated.