Microsoft waxay siisaa qalab badan oo faa'iido leh oo loogu talagalay isticmaalayaasha dhamaadka kuwaas oo loo isticmaali karo in lagu hagaajiyo, lagu ciyaaro, lagu xalliyo, lagu ogaado, lagu sugo, ama lagu sameeyo wax kasta nidaamka hawlgalka Windows . Kormeeraha Nidaamka Sysinternals ^{(Sysinternals)} (Sysmon),^{(System Monitor (Sysmon),)} waa mid ka mid ah aaladaha cusub ee la sii daayay ee loogu talagalay kombuyuutar ku salaysan Windows kaas oo ururiya dhammaan faylasha nidaamka log. Faylashan logu waa kuwo aad muhiim u ah oo aad muhiim u ah si loo fahmo arrimaha khuseeya Windows . Sysmon mar la rakibo waxa uu gadaal ka sii shaqaynayaa sidii uu hurdo oo dib ayaa loo soo noolayn karaa marka loo baahdo.

Kormeerka Nidaamka Nidaamka Daaqadaha

Socodka shaqada aasaasiga ah ee ka dambeeya Nidaamka Kormeeraha^{(System Monitor)} waa in uu kaydiyo macluumaadka Ururinta Dhacdooyinka Windows^{(Windows Event Collection)} ( Dhacdada Daawade^{(Event Viewer)} ) iyo Macluumaadka Amniga^{(Security Information)} iyo Maareynta Dhacdada^{(Event Management)} ( SIEM ) wakiilada sida aqoonsiga^(IDs) nidaamka , GUIDs , SHA1 , MD5 ( SHA256 ) xashiishyada. Waxay ku kaydisaa dhammaan faylashan hoostooda Applications and Services\logs\Microsoft\Windows\Sysmon\operational folder gudaha Windows 10/8/7/Vista , iyo hoos gelitaanka dhacdooyinka System^{( System event log)}  ee da'da weyn ee nidaamyada hawlgalka Windows sida Windows XP.

Sida loo rakibo System Monitor
^{(How to install System Monitor)}

• Soo deji Sysmon [^{(Download Sysmon [)} linkiga hoose ayaa ku yaal]
• Faylka la soo dejiyay wuxuu ahaan doonaa qaab zip ah. Ka fur faylka adigoo isticmaalaya daaqadaha soo saarista faylka caadiga ah ama isku day Winrar , 7zip iwm.
• Marka faylka la furo, orod "Sysmon" aqbal EULA oo ku dhufo Next.
• Sug^(Wait) Nidaamka , La ^(System)soco^(Monitor) si aad u dhammaystirto rakibidda, taasi waa dhammaan!

Sida loo isticmaalo Symmon^{(How to use Sysmon)}

Khadka taliska ee ku jira sysmon waxa loo isticmaali karaa in lagu rakibo, ka saaro, la hubiyo iyo in lagu hagaajiyo qaabaynta Kormeerka System:

Install:    Sysmon.exe -i [-h [sha1|md5|sha256]] [-n]

Configure:  Sysmon.exe -c [[-h [sha1|md5|sha256]] [-n]|--]

Uninstall:  Sysmon.exe –u

Amarro yar oo isticmaaluhu u baahan yahay inuu fahmo waa:^{(Few commands that user need to understand are:)}

– i: rakib adeegga iyo barnaamijyada darawalnimada

-n : waxay kaydisaa diiwaannada isku xirka shabakada

-u : uninstall adeegyada iyo barnaamijyada darawalka

-c : waxay cusboonaysiisaa darawalka sysmon-ka ee lagu rakibay kumbuyuutarka ama waxay ka caawisaa inay daadiso habaynta qaabaynta hadda la heli karo

-h : Waxay qeexaysaa algorithm-ka lagu dabaqay barnaamijka [sida caadiga ah SHA1 ayaa lagu dabaqay]

Tusaalooyinka:^(Examples:)

• Si aad ugu rakibto arjiga leh goobaha caadiga ah: " sysmon -i accepteula " iyada oo aan la soo xigan [SHA1 default]
• Si loo rakibo arjiga leh MD5 [SHA256] settings: " sysmon -i accepteula -h md5 -n "  
• Si aad isaga saarto " sysmon-u "

System Monitor waxa^{(System Monitor)} uu kaydiyaa dhacdooyinka sida Aqoonsiyada Dhacdada^{(Event IDs)} sida,

• Aqoonsiga Dhacdada 1^{(Event ID 1)} : Waxaa loo isticmaalay Hab-abuurka,
• Aqoonsiga Dhacdada 2^{(Event ID 2)} : Hab-socodku^(Process) wuxuu beddelay wakhtiga abuurista faylka oo wata timestamp iyo
• Aqoonsiga Dhacdada 3^{(Event ID 3)} : Isku xirka Shabakadda.

Qalabku wuxuu ku sii socon doonaa xagga dambe wuxuuna ku qori doonaa dhammaan diiwaannada dhacdada gal. Ka dib markii la rakibo ama uninstall ah nidaamka reboot looma wada baahna.

Waa qalab loo baahan yahay in loo helo dhammaan kumbiyuutarrada ku shaqeeya Windows . Halkan ka soo qabso qalabka Kormeerka^{(System Monitor)} Systemka here!

CUSBOONAYSIINTA^(UPDATE) : Windows Sysinternals Sysmon hadda waxa kale oo uu diiwangeliyaa hawsha habsocodka diiwaanka dhacdada Windows si loogu isticmaalo ogaanshaha shilka iyo falanqaynta baadhista, waxa ku jira culayska darawalka iyo dhacdooyinka raritaanka sawirka oo wata macluumaadka saxeexa, warbixinta hashing algorithm ka warbixinta, filtarrada dabacsan ee lagu daro lagana saarayo dhacdooyinka, iyo taageerada si loogu keeno qaabeynta iyada oo loo sii marayo faylka qaabeynta beddelka khadka taliska. Waxa kale oo ay helaysaa ogaanshaha hab-socodka malware-ka .

Sysinternals Sysmon system monitor for Windows

Miсroѕoft offers a plethora of useful tools for end-users that can be used to tweak, plaу, troubleshoot, diagnoѕe, secure, or do anything with the Windows operating system. Sysinternals System Monitor (Sysmon), is one such newly released tool designed for Windows-based computer which collects all system log files. These log files are very important and crucial to understand issues pertaining to Windows. Sysmon once installed keeps running in the background as dormant and can be brought back to life when required.

Sysmon System Monitor for Windows

The basic workflow behind System Monitor is that it stores information from Windows Event Collection (Event Viewer) and Security Information and Event Management (SIEM) agents like process IDs, GUIDs, SHA1, MD5 (SHA256) hash logs. It stores all these files under Applications and Services\logs\Microsoft\Windows\Sysmon\operational folder in Windows 10/8/7/Vista, and under System event log in older Windows operating systems like Windows XP.

How to install System Monitor

• Download Sysmon [download link provided below]
• The downloaded file will be in zip format. Unzip the file using windows default file extractor or try Winrar, 7zip etc.
• Once the file is unzipped, run “Sysmon” accept the EULA and hit Next.
• Wait for System, Monitor to complete installation, that’s all!

How to use Sysmon

The command line in sysmon can be used to install, uninstall, check and to tweak System Monitor’s configuration:

Install:    Sysmon.exe -i [-h [sha1|md5|sha256]] [-n]

Configure:  Sysmon.exe -c [[-h [sha1|md5|sha256]] [-n]|--]

Uninstall:  Sysmon.exe –u

Few commands that user need to understand are:

–i: install service and driver programs

-n: stores network connection logs

-u: uninstall service and driver programs

-c: it updates the installed sysmon driver on the computer or helps to dump current configuration  settings available

-h: It specifies the algorithm applied to the program [by default SHA1 is applied]

Examples:

• To install the application with default settings: “sysmon -i accepteula” without quotes [SHA1 default]
• To install the application with MD5 [SHA256] settings: “sysmon -i accepteula –h md5 -n”  
• To uninstall “sysmon -u”

System Monitor stores events like Event IDs as,

• Event ID 1: Used for Process Creation,
• Event ID 2: A Process changed a file creation time with timestamp and
• Event ID 3: For Network Connection.

The tool will keep running in the background and will write all event logs into a folder. After install or uninstall a system reboot is not all required.

It is a must-have tool for all computers running on Windows. Go grab the System Monitor tool from here!

UPDATE: Windows Sysinternals Sysmon now also records process activity to the Windows event log for use by incident detection and forensic analysis, includes driver load and image load events with signature information, configurable hashing algorithm reporting, flexible filters for including and excluding events, and support for supplying configuration via a configuration file instead of the command line. It also gets malware process tampering detection.

Related posts

• Xakamaynta xusuusta Jireed ee faylasha Shilalka ee Windows 10

• Sida loo isticmaalo SysInternals Process Explorer Tool for Windows 10

• Maamulaha habsocodka wuxuu kuu ogolaanayaa inaad cabbirto wakhtiyada dib-u-boodhka kombiyuutarka iyo in ka badan

• RAMMap waa utility falanqaynta isticmaalka xusuusta ka Sysinternals

• La wadaag faylasha qof kasta oo leh meel kasta u dir Windows PC

• Tifaftirayaasha Menu Context: Ku dar, Ka saar Shayada Menu ee ku jira Windows 11

• Sida loo damiyo Badbaadada Cusbooneysiinta Muuqaalka ee Windows 10

• Waa maxay faylka Windows.edb ee ku jira Windows 11/10

• Microsoft Intune miyaanay wada shaqayn? Ku qas Intune in ay isku xidho Windows 11/10

• Ku qari ikhtiyaarka aaladaha gudaha Menu Macnaha guud ee Taskbar gudaha Windows 10

• Sida loogu daro Tifaftiraha Siyaasadda Kooxda Windows 11/10 Daabacaadda Guriga

• Ogeysiisyada Taskbar oo aan ka muuqanayn Windows 11/10

• Sida loo beddelo kamaradaha caadiga ah ee kumbuyuutarka Windows 11/10

• VirtualDJ waa software bilaash ah oo DJ ah oo loogu talagalay Windows PC

• Daar xiriirinta Shabakadda intaad ku jirto heeganka casriga ah Windows 11/10

• Anti-Ransomware software bilaash ah oo loogu talagalay kombiyuutarada Windows

• Dejinta isku xidhka oo aan shaqaynayn ama ka cirroonayn Windows 11/10

• Ashampoo WinOptimizer waa software bilaash ah si kor loogu qaado Windows 10

• PicsArt waxa ay ku siisaa stickers Custom & Tafatirka 3D gaar ah Windows 10

• Daaqadaha ayaa ku xayiran shaashadda Soo dhaweynta