2 min Security

Microsoft won’t let hackers mess with detection tool Sysmon any longer

Microsoft won’t let hackers mess with detection tool Sysmon any longer

Microsoft is releasing Sysmon 15. Sysmon is an acronym for System Monitor and is a free Microsoft tool that helps to block cyber threats. The new version should bolster the tool against hacking attempts.

System Monitor (Sysmon) is having its fifteenth edition. This time Microsoft chooses to strengthen the tool against hacking attempts. Hackers like to deactivate Sysmon on devices, since the tool functions as a help to a protected device. So Sysmon 15 is now a protected service and prevents malicious code from being brought into the process.

Once a suspicious activity is seen, Sysmon will post the details in the Windows Event Log. So the tool does not tackle hackers but only serves as a detection tool. However, it is interesting for hackers to break in even with such tools, to prevent the administrator from getting a notification of suspicious activity and keep the administrator under the illusion that his devices are safe.

‘FileExecutableDetected’ configuration

In addition, the Sysmon schema gets an upgrade to version 4.90. Specifically, this allows the tool to detect whether executable files are being created on the device’s files.

Finally, minor bugs have been eliminated from the tool. These include, for example, a bug that could prevent a machine from booting while running a specific configuration.

Also read: Google’s new detection tool gives companies an edge over hackers