System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. The service runs as a protected process, thus disallowing a wide range of user mode interactions.
I should also note that when I manually update the product I must uninstall the current installation of sysmon before installing the new. This has involved stopping the running service, and removing the software using the exe with -u force command line switches.
You're correct that we do have a limitation today on only being able to support single file installers. You're also correct that in the example of Sysmon, it is single file and can be "installed".
However, the challenge we have today which is stopping us from being able to support this as a base install in Configuration Manager Applications or Intune Apps is that today, we can only do regisry detection in those platforms or package types. Sysmon does not present itself to the registry, therefore we would need to improve our solution to do file-based detection in these platforms.
We are able to offer Sysmon as an update in WSUS or Configuration Manager software updates because these platforms enable us to do file based detection.
We'll keep this request open of course for when this improvement comes in the future (I do not have an ETA on this) however I want to share with you the information as to why/what is our current limitation.
Kindly vote or comment on this request which addresses the limitation: https://ideas.patchmypc.com/ideas/PATCHMYPC-I-1591
https://ideas.patchmypc.com/ideas/PATCHMYPC-I-1371
I noticed in another post requesting something similar that it was determined that multi file installers are not possible. Let me also note I am only asking for the sysmon64.exe to be included as a package and be able to be updated. Though the download is a zip file that contains multiple files, they are for different types of systems. Sysmon64.exe is the only one necessary for this request.
Also looks like it was extensively addressed in https://ideas.patchmypc.com/ideas/PATCHMYPC-I-216
I have a PowerShell scirpt I use today to push via SCCM. Just would be nice to have some automation from PatchMyPC for the regular updates we require. I am happy to provide any information as to what we do today if it helps.