Sysmon is a free tool from Microsoft Sysinternals that provides granular and detailed logging of not only Windows process and file activity, but Linux as well. It has empowered users and businesses of all sizes to gain more visibility into their networks. Sysmon has now added the ability to block the creation of executables defined in various ways, such as hashes, file paths, or parent process. This new capability further empowers organizations to be proactive about security.
There are high-quality community-sourced configurations for Sysmon to assist with implementation. Security Researcher @SwiftOnSecurity maintains a GitHub repository named sysmon-config that provides solid default configurations that can be tuned to meet users’ needs: https://github.com/SwiftOnSecurity/sysmon-config
In addition, security researcher Florian Roth maintains a fork of that repository, which fixes issues in the original sysmon-config repository as well as extends the functionality of the configuration files to include support for new extensions and updates to Sysmon: https://github.com/Neo23x0/sysmon-config