What is sysmon.exe?

The .exe extension on a filename indicates an executable file. Executable files may, in some cases, harm your computer. Therefore, please read below to decide for yourself whether the sysmon.exe on your computer is a Trojan that you should remove, or whether it is a file belonging to the Windows operating system or to a trusted application.

Click to Run a Free Scan for sysmon.exe related errors

Sysmon.exe file information

The process known as MS System Monitor belongs to software sysmon by Microsoft (

Description: Sysmon.exe is not essential for Windows and will often cause problems. Sysmon.exe is located in the C:\Windows\System32 folder. Known file sizes on Windows 8/7/XP are 8,224 bytes (50% of all occurrences), 4,640 bytes, 38,400 bytes, 773,120 bytes or 8,691 bytes. 
Sysmon.exe is not a Windows system file. There is no description of the program. The program has no visible window. The sysmon.exe file is an unknown file in the Windows folder. The program starts when Windows starts (see Registry key: MACHINE\Run, Winlogon\Shell). Therefore the technical security rating is 67% dangerous, however you should also read the user reviews.

Recommended: Identify sysmon.exe related errors

External information from Paul Collins:
There are different files with the same name:

Important: Some malware camouflages itself as sysmon.exe. Therefore, you should check the sysmon.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.


User Comments

zeigt nur die CPU-Auslastung, den Batteriestand (Ladezustand) und den belegten RAM an.
There is a SYSMON.EXE which installs itself in the Documents and Settings\All Users\Application Data\Sysmon folder of its own. It also may insinuate itself into the .INI file of your default JPG viewer. It then stores hundreds of screen shots of your card data entry pages. Yes, it is very dangerous and is a stealth keylogger.
it creats copies of usb or cd drives and stores in system32\mui directory
  rojer jim  

Summary: Average user rating of sysmon.exe: based on 3 votes with 3 user comments. One user thinks sysmon.exe is essential for Windows or an installed application. One user suspects danger. One user thinks sysmon.exe is dangerous and recommends removing it.

Do you have additional information? Help other users!
What do you know about sysmon.exe:
How would you rate it:
Link for more info:
Your Name:

Best practices for resolving sysmon issues

A clean and tidy computer is the key requirement for avoiding problems with sysmon. This means running a scan for malware, cleaning your hard drive using cleanmgr and sfc /scannow, uninstalling programs that you no longer need, checking for Autostart programs (using msconfig) and enabling Windows' Automatic Update. Always remember to perform periodic backups, or at least to set restore points.

Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off doing a repair of your installation, or in the case of Windows 8, executing the DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.

To help you analyze the sysmon.exe process on your computer, the following programs have proven to be helpful: Security Task Manager displays all running Windows tasks, including embedded hidden processes, such as keyboard and browser monitoring or Autostart entries. A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. Malwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive.

Other processes

sysmon.exe [all]