-
Notifications
You must be signed in to change notification settings - Fork 6
/
Sysmon.yml
35 lines (35 loc) · 1.32 KB
/
Sysmon.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
version: "15.15"
description: Sysmon. Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
homepage: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
license:
identifier: Freeware
url: https://docs.microsoft.com/en-us/sysinternals/license-terms
url: https://download.sysinternals.com/files/Sysmon.zip
hash: 0edb284c2157562c15b2eb6f7fb0b3d1752c86dbce782fd4e5dfea89b10e4ba6
pre_install: |
$sysint = 'HKCU:\SOFTWARE\Sysinternals'
$fin = "$sysint\System Monitor"
New-Item $sysint, $fin -ErrorAction 'SilentlyContinue' | Out-Null
Set-ItemProperty -Path $fin -Name 'EulaAccepted' -Value 1 -Type 'DWord' -Force | Out-Null
pre_uninstall: |
if ($purge) {
$sysInt = 'HKCU:\SOFTWARE\Sysinternals'
Remove-Item "$sysInt\System Monitor" -ErrorAction 'SilentlyContinue' -Force -Recurse
if ((Get-ChildItem $sysInt).Count -eq 0) { Remove-Item $sysInt -ErrorAction 'SilentlyContinue' -Force -Recurse }
}
architecture:
64bit:
bin:
- Sysmon64.exe
- - Sysmon64.exe
- Sysmon
32bit:
bin: Sysmon.exe
arm64:
bin:
- Sysmon64a.exe
- - Sysmon64a.exe
- Sysmon
checkver: Sysmon\s+v([\d.]+)</h1
autoupdate:
url: https://download.sysinternals.com/files/Sysmon.zip