Installation Error of Sysmon on Windows 7 VM - Sysmondrv Driver and StartService Issue
I hope you are doing well.
My issue is that I need to download and install Sysmon and need to perform scripts from the Invoke-Adversary emulation scripts (). I am trying to do this on a Windows 7 VM on VirtualBox that was from the Microsoft Edge testing VMs page: . IE10 Windows 7
I am using the IE10 Windows 7 version. My issue is that I am trying to install sysmon after downloading it from the Microsoft site. I have put the sysmon.exe file and the configuration script from in the same folder, and I have tried to use several variations of this command:
sysmon.exe -ior
sysmon.exe -i -accepteula sysmonconfig-export.xmlHowever, the installation keeps going like this:
Sysmon installed SysmonDrv installed Start Service failed for SysmonDrv:
Failed to start the driver:
Stopping he service failed: The service has not been started SysmonDrv removed Stopping the service failed The service has not been started Sysmon removed
I have been stuck with this problem for several hours, I have tried to search up the solution to this issue online but there was not any I could find for this issue. I am running the command prompt in admin mode and I have checked that sysmon or sysmondrv are not already on the VM.
Any help would be appreciated. Thank you.
Update: I still have this issue with trying to install Sysmon on the Windows 7 VM, however I tried to download and install Sysmon on a Windows 8 VM and that went successfully using the same files and command(s) above. However, the solution to this problem still eludes me.
1 Answer
Install this Microsoft fix - KBxxxx, I had this issue as well.
The original source was this.
