Details
Category: PowerShell

$SysRunning = $Null

$SysRunning=Get-Service -Name sysmon64 2>&1 | select -ExpandProperty status 2>&1
$MyDate=Get-Date -Format "yyyy-MM-dd HH:mm:ss"
 
if ($SysRunning -eq "Running" -or $SysRunning -eq "Stopped")
{
    $SysVer=(get-item $env:windir\Sysmon64.exe).versioninfo | select -ExpandProperty ProductVersion
    $SysXMLVer=C:\Windows\Sysmon64.exe -c 2>&1 | select-string 'Config file'
    $SysXMLVerShort=($SysXMLVer -split "\\",2)[1] 
    $SysXMLHash = (& "C:\Windows\Sysmon64.exe" -c 2>&1 | Select-String -Pattern "SHA256=(.*)" | % { $_.matches.groups[1] } | Select -Expand Value)
    cls
    write-host "Datum:    $MyDate"
    write-host "Status:   $SysRunning"
    write-host "Version:  $SysVer"
    write-host "Config:   $SysXMLVerShort"
    write-host "ConfHash: $SysXMLHash`n"
}
Else
{
    write-host "Datum:    $MyDate"
    write-host "Status:   Not installed"
    write-host "Version:  n/a"
    write-host "Config:   n/a"
    write-host "ConfHash: n/a`n"
  • You are here:  
  • Home
  • PowerShell
  • Ta fram vilken version av Sysmon som körs