‎03-06-2023 08:51 PM - last edited on ‎06-26-2023 06:03 PM by Mercedes_O
Trying to install Sysmon via a deployment package. Has anyone been able to do so? With a configuration? If so please share details. Thank you
Solved! Go to Solution.
‎03-24-2023 02:50 PM
Yo,
This is my config :
<?xml version="1.0" encoding="utf-8"?>
<Package>
<Name>Sysmon - Installer</Name>
<Description>Sysmon event logs</Description>
<ShutdownOption>0</ShutdownOption>
<ShutdownTime>0</ShutdownTime>
<MaxDuration>1800</MaxDuration>
<Rescan>True</Rescan>
<RunMode>-1</RunMode>
<Steps>
<Step>
<Nr>1</Nr>
<Name>Does installer exist</Name>
<Type>5</Type>
<ReturnCodes></ReturnCodes>
<Success>-1</Success>
<Failure>-3</Failure>
<Path></Path>
<Parameters></Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command></Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>1</Type>
<SpecOne>{PackageShare}\Installers\Sysmon</SpecOne>
<SpecTwo>Sysmon.exe</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
<Step>
<Nr>2</Nr>
<Name>Install Sysmon</Name>
<Type>1</Type>
<ReturnCodes>0,1605,1641,3010</ReturnCodes>
<Success>-2</Success>
<Failure>-3</Failure>
<Path>{PackageShare}\Installers\Sysmon\Sysmon.exe</Path>
<Parameters>-accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command>"{PackageShare}\Installers\Sysmon\Sysmon.exe" -accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>2</Type>
<SpecOne>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\</SpecOne>
<SpecTwo>UninstallString</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
</Steps>
<SoftwareVersion>10.4.3.1</SoftwareVersion>
</Package>
And for sysmon config files, i use this config files :
https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml
Hope this help you
‎03-29-2023 12:45 PM
Nice to see you got a good response @jmp917 Thank you for sharing @jvanbelle
‎03-24-2023 02:50 PM
Yo,
This is my config :
<?xml version="1.0" encoding="utf-8"?>
<Package>
<Name>Sysmon - Installer</Name>
<Description>Sysmon event logs</Description>
<ShutdownOption>0</ShutdownOption>
<ShutdownTime>0</ShutdownTime>
<MaxDuration>1800</MaxDuration>
<Rescan>True</Rescan>
<RunMode>-1</RunMode>
<Steps>
<Step>
<Nr>1</Nr>
<Name>Does installer exist</Name>
<Type>5</Type>
<ReturnCodes></ReturnCodes>
<Success>-1</Success>
<Failure>-3</Failure>
<Path></Path>
<Parameters></Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command></Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>1</Type>
<SpecOne>{PackageShare}\Installers\Sysmon</SpecOne>
<SpecTwo>Sysmon.exe</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
<Step>
<Nr>2</Nr>
<Name>Install Sysmon</Name>
<Type>1</Type>
<ReturnCodes>0,1605,1641,3010</ReturnCodes>
<Success>-2</Success>
<Failure>-3</Failure>
<Path>{PackageShare}\Installers\Sysmon\Sysmon.exe</Path>
<Parameters>-accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command>"{PackageShare}\Installers\Sysmon\Sysmon.exe" -accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>2</Type>
<SpecOne>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\</SpecOne>
<SpecTwo>UninstallString</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
</Steps>
<SoftwareVersion>10.4.3.1</SoftwareVersion>
</Package>
And for sysmon config files, i use this config files :
https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml
Hope this help you
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now