Upgrade Sysmon (for ProcessTampering)

Download latest https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Extract Sysmon.exe to desktop from Sysmon zip
Download sysmon configuration from https://gist.githubusercontent.com/jymcheong/0ec2ae2a729d4474331d6a64feb68bc3/raw/8bfaf71568b4d4cf82bc6d12c273efb3176e1871/smc.txt, save to desktop as smc.txt
Use admin (UAC elevated) console or powershell
- uninstall current sysmon: sysmon -u
- install new: sysmon -i smc.txt
Reboot the Windows target