- Ensure you are in detectOnly mode
- Download latest https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
- Extract Sysmon.exe to desktop from Sysmon zip
- Download sysmon configuration from https://gist.githubusercontent.com/jymcheong/0ec2ae2a729d4474331d6a64feb68bc3/raw/8bfaf71568b4d4cf82bc6d12c273efb3176e1871/smc.txt, save to desktop as smc.txt
- Use admin (UAC elevated) console or powershell
- uninstall current sysmon: sysmon -u
- install new: sysmon -i smc.txt
- Reboot the Windows target