Sysmon.zip	Surveillance de l'activite windows : lancement de process, connections réseau, etc. 

Uses Sysmon simple command-line options to install and uninstall it, as well as to check and modify Sysmon’s configuration:

Usage:

Install:    Sysmon.exe -i [-h [sha1|md5|sha256]] [-n]

Configure:  Sysmon.exe -c [[-h [sha1|md5|sha256]] [-n]|--]

Uninstall:  Sysmon.exe -u

-c Update configuration of an installed Sysmon driver or dump the
 current configuration if no other argument is provided.
-h Specify the hash algorithm used for image identification (default
 is SHA1).
-i	Install service and driver.
-m	Install the event manifest (done on service install as well).
-n	Log network connections.
-u	Uninstall service and driver.

The service logs events immediately and the driver installs as a
boot-start driver to capture activity from early in the boot that the
service will write to the event log when it starts.

On Vista and higher, events are stored in "Applications and Services
Logs/Microsoft/Windows/Sysmon/Operational"

On older systems events write to the System event log.

Specify -accepteula to automatically accept the EULA on installation,
otherwise you will be interactively prompted to accept it.

Neither install nor uninstall require a reboot.

-----------------