Skip to content

Instantly share code, notes, and snippets.

@deruke

deruke/Sysmon_only_script

Created September 6, 2017 19:58
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deruke/1963b82d6b13bd6a87afec19bb818b59 to your computer and use it in GitHub Desktop.
Save deruke/1963b82d6b13bd6a87afec19bb818b59 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Sysmon_only_script
if not exist "C:\windows\sysmon_config.xml" (
copy /z /y "\\lab.local\SYSVOL\lab.local\scripts\sysmon\sysmon_config.xml" "C:\windows\"
)
sc query "Sysmon" | Find "RUNNING"
If "%ERRORLEVEL%" EQU "1" (
goto startsysmon
)
:startsysmon
net start Sysmon
If "%ERRORLEVEL%" EQU "1" (
goto installsysmon
)
:installsysmon
"\\lab.local\SYSVOL\lab.local\scripts\sysmon\sysmon64.exe" /accepteula -i c:\windows\sysmon_config.xml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment