question

MAXXIT4HACK avatar image
0 Votes"
MAXXIT4HACK asked MAXXIT4HACK edited

Sysmon Driver Not uninstalling during Update

We are having issues with Sysmon not cleanly removing the driver from runtime when updating the Sysmon agent. There are no errors displayed when the uninstall process has been completed. When the new version is registered we get an error stating the driver "The driver sysmon is already registered. Uninstall Sysmon before reinstalling." I have checked the disk and registry for driver entries. Currently, the only solution is to reboot the host. This issue is affecting the majority of our systems. We have specific windows to reboot hosts in a given period. therefore, rebooting is not something we can do every day. We need to be able to reinstall Sysmon reliably, without the need to reboot.

I believe the issue to be a registered module in the kernel.

Any help would be greatly appreciated.

windows-sysinternals-sysmon
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers