- Compile and run your own.
- Run AutoUpdateSysmonEXE.exe as a scheduled task (as LOCAL ADMIN) per sysmon guidance.
Args must be in this fomat:
AutoUpdateSysmon.exe 'URL of Sysmon Config' 'Host Computer File Path of Sysmon xml file'
Example: ./AutoUpdateSysmon.exe 'https://raw.githubusercontent.com/ceramicskate0/sysmon-config/master/sysmonconfig-
export.xml' 'C:\Windows\sysmonconfig-export.xml'
Wclient.DownloadFile(@"https://raw.githubusercontent.com/ceramicskate0/sysmon-config/master/sysmonconfig-export.xml", @"C:\Windows\sysmonconfig-export.xml");
ProcessStartInfo startInfo = new ProcessStartInfo(@"C:\Windows\Sysmon.exe", @"-c C:\Windows\sysmonconfig-export.xml");
startInfo.WorkingDirectory = Path.GetDirectoryName(@"C:\Windows\");
startInfo.RedirectStandardOutput = true;
startInfo.RedirectStandardError = true;
startInfo.LoadUserProfile = true;
startInfo.UseShellExecute = false;
startInfo.CreateNoWindow = true;
Process process = new Process();
process.StartInfo = startInfo;
In short its because im downloading a file to C:\Windows by default (sysmon default install location) and the starting a program that calls it.
Feel free to replace the URL to your favorite or your own config. Same with the sysmon location.