Home » How To » How To Enable Sysmon in Windows 11

How To Enable Sysmon in Windows 11

By / How To, Windows 11

Windows 11 now comes built-in with Sysmon that lets you track and log system activity. Here’s how to enable the Sysmon tool in Windows 11.

Most don’t know this, but Windows has a super-powerful tool called Sysmon that lets you track and log every system activity in detail. The best thing is that it is developed by Microsoft and is part of the SysInternals suite. Generally, you’d have to download this tool manually. However, with recent updates, Microsoft is bundling Sysmon with Windows 11. That means you can use it directly, no need to download it manually. However, while Sysmon is built into Windows 11, you need to manually enable it via the Optional Features tool.

In this quick and easy guide, I will show you two easy methods to enable Sysmon in Windows 11. Let’s get started.

Enable Sysmon in Windows 11 Using Optional Features

  1. Right-click the Start button on the taskbar.
  2. Select the “Settings” option.
  3. Go to the “System” tab on the left sidebar.
  4. Scroll down and click the “Optional features” option on the right panel.
  5. Click the “More Windows features” option.
  6. Scroll down and select the “Sysmon” checkbox.
  7. Click the “OK” button.
  8. This will install any required files and enable Sysmon.
  9. Once done, close all windows and restart your computer.
  10. With that, you’ve enabled the Sysmon tool in Windows 11.

Note: If you don’t see the “Sysmon” checkbox in the Windows Features dialog, you must update to Windows 11 v25H2 or higher.

enable sysmon in Windows 11

Enable Sysmon in Windows 11 Using a PowerShell Command

If you like the command-line approach, you can also turn on the Sysmon functionality using a single-line PowerShell command. In fact, it does the same thing as the first method, but via the command line. The best thing is, all it takes is executing a single command instead of navigating multiple windows. Let me show you.

  1. Right-click the “Start” button to open the Power User menu.
  2. Select the “Terminal (Admin)” option.
  3. Run the following command.
    Enable-WindowsOptionalFeature -Online -FeatureName Sysmon
  4. It will automatically enable the Sysmon tool.
  5. Once done, close the Terminal window.
  6. Restart your computer.
  7. After restarting, Sysmon is fully enabled, and you can start using it.

That is all. It is that simple to enable Sysmon on Windows 11. If you have any questions or need help, comment below. I’ll be happy to assist.

Leave a Comment

Your email address will not be published. Required fields are marked *