How to uninstall Sysmon

Sysmon is great until you need to uninstall it, in which case the documented instructions don't work. If you get an odd the service sysmon64 is already registered message, do this:

  1. Stop the Sysmon service in Services.msc.
  2. Open an elevated PowerShell prompt in the folder containing sysmon64.exe
  3. Run sysmon64.exe -u or sysmon64.exe -u force (if the 1st command doesn't work)

That should uninstall Sysmon completely. I've created a corresponding Microsoft Docs PR.

