Posts: 15,843
Threads: 10,149
Thanks Received: 9,306 in 7,452 posts
Thanks Given: 10,217
Joined: 12 September 18
Today, 10:11
Quote:Microsoft is rolling out Windows 11 Insider Preview Build 28020.1611 (KB5077221) to the Canary Channel. As expected with Canary builds, this release focuses on early platform changes and experimental features.
There’s also a small known issue: the desktop watermark currently shows the wrong build number, which Microsoft says will be corrected in an upcoming build.
While you can check the previous update, here’s what’s new.
Built-In Sysmon Comes to Windows
One of the biggest additions in this build is native Sysmon support.
Previously available as a separate Sysinternals download, Sysmon (System Monitor) is now integrated directly into Windows as an optional feature. IT professionals and security teams widely use Sysmon to monitor detailed system activity for threat detection.
![[Image: event-screen-optimized.png]](https://www.ghacks.net/wp-content/uploads/2026/02/event-screen-optimized.png)
What Sysmon Does
Sysmon captures and logs system-level events, including:- Process creation
- Network connections
- File changes
- Driver loading activity
These events are written to the Windows Event Log, where they can be analyzed by security tools or SIEM platforms.
Continue Reading...
New Windows 11 Update Adds Built-In Sysmon and OneDrive Sharing Tweaks
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
