is a complex and reliable software utility which was developed to function only from Command Prompt, as it does not feature a Graphical User Interface.
The main purpose of the program resides in helping you monitor and capture your system activity to the Windows event log, so you can determine if there is anything out of place on your computer.
Sysmon works as a Windows service as well as a device driver, tracking various actions on your system, for instance the network connections, changes to the files’ creation times, process creation and other relevant details.
However, the utility does not provide interpretation abilities, so the gathered information will need to be analyzed separately, by you.
In order to install the tool on your PC, you need to open a CMD window and drop the EXE file onto it, after which you can type the ‘ -i [-h [sha1|md5|sha256]] [-n]’ command and hit Enter, allowing it to go through all its paces.
Once complete, you can begin configuring Sysmon, using a series of arguments, depending on what you wish to do with it. Some of its capabilities include recording the hash of process image files in MD5, SHA256 or SHA1, the last of which is used by default.
Moreover, it can log network connection details, namely the source process, the IP address, the hostnames and the port numbers. By analyzing the gathered data, you can determine whether anything suspicious occurs on your computer, being able to figure out if there are any intruders on your network.
To sum it up, Sysmon is a comprehensive and efficient CMD tool, aimed mainly at advanced individuals, enabling you to monitor system activity and identify the occurrence of anomalous behavior.