Sysmon is great until you need uninstall it, in which case the documented instructions don’t work. If you get an odd
the service sysmon64 is already registered, do this:
- Stop the Sysmon service in
- Open an elevated PowerShell prompt in the folder containing
sysmon64.exe -u force(if the 1st command doesn’t work)
That should uninstall Sysmon completely. I’ve created a corresponding Microsoft Docs PR.