Sysmon v15.11

Alex_Mihaiuc  I am seeing basically the same issue ScottWilbers described, but cannot install the new version.  The installer produces this output:

C:\sysmon>Sysmon64.exe -i -accepteula

System Monitor v15.11 - System activity monitor
By Mark Russinovich and Thomas Garnier
Copyright (C) 2014-2023 Microsoft Corporation
Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved.
Sysinternals - www.sysinternals.com

Sysmon64 installed.
SysmonDrv installed.
Starting SysmonDrv.
SysmonDrv started.
StartService failed for Sysmon64:
The service did not respond to the start or control request in a timely fashion.
Failed to start the service:
The service did not respond to the start or control request in a timely fashion.

Stopping SysmonDrv.
SysmonDrv stopped.
SysmonDrv removed.
Stopping the service failed:
The system cannot find the file specified.
DeleteService failed:
Access is denied.

When it fails, it seems it tries to clean up after itself.  It successfully deletes SysmonDrv.sys and the SysmonDrv service, and the Sysmon64.exe file, but not the Sysmon64 service.  The uninstaller isn't much help there either.

So I try to clean up manually as you instructed.  The .exe's are already gone, I delete the registry key for the service that does exist, and reboot.  The service is gone, and things appear to be in a clean state to reinstall.

However, trying to install 15.11 or 15.1 again results in the same thing again.  Only 14.x versions and older can be installed after cleaning up as you said.

It's very strange that this happened on 4 machines out of over 1400 successful updates.  And it re-occurs on the same machines after cleaning up manually.  Whereas all other machines let me install and uninstall it as much as I want.  But these machines are from the same image, so I am not sure what is so unique about them.

P.S. I have run sfc /scannow and dism /online /cleanup-image /restorehealth already, no impact.