Installing Sysmon

jmp917 · ‎03-06-2023

Trying to install Sysmon via a deployment package. Has anyone been able to do so? With a configuration? If so please share details. Thank you

jvanbelle · ‎03-24-2023

Yo,

This is my config :

<?xml version="1.0" encoding="utf-8"?>
<Package>
<Name>Sysmon - Installer</Name>
<Description>Sysmon event logs</Description>
<ShutdownOption>0</ShutdownOption>
<ShutdownTime>0</ShutdownTime>
<MaxDuration>1800</MaxDuration>
<Rescan>True</Rescan>
<RunMode>-1</RunMode>
<Steps>
<Step>
<Nr>1</Nr>
<Name>Does installer exist</Name>
<Type>5</Type>
<ReturnCodes></ReturnCodes>
<Success>-1</Success>
<Failure>-3</Failure>
<Path></Path>
<Parameters></Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command></Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>1</Type>
<SpecOne>{PackageShare}\Installers\Sysmon</SpecOne>
<SpecTwo>Sysmon.exe</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
<Step>
<Nr>2</Nr>
<Name>Install Sysmon</Name>
<Type>1</Type>
<ReturnCodes>0,1605,1641,3010</ReturnCodes>
<Success>-2</Success>
<Failure>-3</Failure>
<Path>{PackageShare}\Installers\Sysmon\Sysmon.exe</Path>
<Parameters>-accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command>"{PackageShare}\Installers\Sysmon\Sysmon.exe" -accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>2</Type>
<SpecOne>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\</SpecOne>
<SpecTwo>UninstallString</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
</Steps>
<SoftwareVersion>10.4.3.1</SoftwareVersion>
</Package>

And for sysmon config files, i use this config files :
https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml

Hope this help you

View solution in original post

Mercedes_O · ‎03-29-2023

Nice to see you got a good response @jmp917 Thank you for sharing @jvanbelle

jvanbelle · ‎03-24-2023

Yo,

This is my config :

<?xml version="1.0" encoding="utf-8"?>
<Package>
<Name>Sysmon - Installer</Name>
<Description>Sysmon event logs</Description>
<ShutdownOption>0</ShutdownOption>
<ShutdownTime>0</ShutdownTime>
<MaxDuration>1800</MaxDuration>
<Rescan>True</Rescan>
<RunMode>-1</RunMode>
<Steps>
<Step>
<Nr>1</Nr>
<Name>Does installer exist</Name>
<Type>5</Type>
<ReturnCodes></ReturnCodes>
<Success>-1</Success>
<Failure>-3</Failure>
<Path></Path>
<Parameters></Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command></Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>1</Type>
<SpecOne>{PackageShare}\Installers\Sysmon</SpecOne>
<SpecTwo>Sysmon.exe</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
<Step>
<Nr>2</Nr>
<Name>Install Sysmon</Name>
<Type>1</Type>
<ReturnCodes>0,1605,1641,3010</ReturnCodes>
<Success>-2</Success>
<Failure>-3</Failure>
<Path>{PackageShare}\Installers\Sysmon\Sysmon.exe</Path>
<Parameters>-accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Parameters>
<MSIParameters></MSIParameters>
<MSIName></MSIName>
<MSIVersion></MSIVersion>
<Command>"{PackageShare}\Installers\Sysmon\Sysmon.exe" -accepteula -i {PackageShare}\Installers\Sysmon\sysmonconfig.xml</Command>
<EditMode>False</EditMode>
<Conditions>
<Condition>
<Type>2</Type>
<SpecOne>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++\</SpecOne>
<SpecTwo>UninstallString</SpecTwo>
<Operator>1</Operator>
<Value></Value>
</Condition>
</Conditions>
</Step>
</Steps>
<SoftwareVersion>10.4.3.1</SoftwareVersion>
</Package>

And for sysmon config files, i use this config files :
https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml

Hope this help you

Installing Sysmon

New to Lansweeper?

Try Lansweeper For Free