Unloading Sysmon Driver
Unload sysmon driver which causes the system to stop recording sysmon event logs.
Last updated
Unload sysmon driver which causes the system to stop recording sysmon event logs.
Last updated
Windows event logs suggesting SysmonDrv was unloaded successfully:
As well as processes requesting special privileges:
Note how in the last 35 minutes since the driver was unloaded, no further process creation events were recorded, although I spawned new processes during that time:
Note how the system thinks that the sysmon is still running, which it is, but not doing anything useful:
