Sysinternals Blog articles https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bg-p/Sysinternals-Blog Sysinternals Blog articles Mon, 18 Oct 2021 14:48:53 GMT Sysinternals-Blog 2021-10-18T14:48:53Z Autoruns v14.05 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-05/ba-p/2844204 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v14.05</SPAN></A></P> <DIV><SPAN>This update for Autoruns addresses a bug preventing opening and comparing .arn files.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Thu, 14 Oct 2021 00:56:10 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-05/ba-p/2844204 Alex_Mihaiuc 2021-10-14T00:56:10Z Autoruns v14.04, high DPI icons for WinObj, Tcpview, Process Monitor and build tools refresh https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-04-high-dpi-icons-for-winobj-tcpview-process/ba-p/2839719 <P><A href="#" target="_self"><SPAN>Autoruns v14.04</SPAN></A></P> <DIV><SPAN>This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.13</SPAN></A><SPAN style="font-family: inherit;">, </SPAN><A style="font-family: inherit; background-color: #ffffff;" href="#" target="_self">Tcpview v4.16</A><SPAN style="font-family: inherit;"> and </SPAN><A style="font-family: inherit; background-color: #ffffff;" href="#" target="_self">Process Monitor v3.86</A> <SPAN style="font-family: inherit;">get high DPI application icons.</SPAN></P> </DIV> <DIV>&nbsp;</DIV> <DIV> <P><A href="#" target="_self"><SPAN>AccessEnum v1.33</SPAN></A>, <A href="#" target="_self"><SPAN>CacheSet v1.01</SPAN></A>, <A href="#" target="_self"><SPAN>Contig v1.81</SPAN></A>, <A href="#" target="_self"><SPAN>Desktops v2.01</SPAN></A>, <A href="#" target="_self"><SPAN>Disk2vhd v2.02</SPAN></A>, <A href="#" target="_self"><SPAN>DiskMon v2.02</SPAN></A>, <A href="#" target="_self"><SPAN>EFSDump v1.03</SPAN></A>, <A href="#" target="_self"><SPAN>LoadOrder v1.02</SPAN></A>, <A href="#" target="_self"><SPAN>PsShutdown v2.53</SPAN></A>, <A href="#" target="_self"><SPAN>RegJump v1.11</SPAN></A>, <A href="#" target="_self"><SPAN>ShareEnum v1.61</SPAN></A>, <A href="#" target="_self"><SPAN>ShellRunas v1.02</SPAN></A> <SPAN>get new builds with updated Windows libraries.</SPAN></P> </DIV> <DIV><BR /><BR /></DIV> Tue, 12 Oct 2021 21:39:29 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-04-high-dpi-icons-for-winobj-tcpview-process/ba-p/2839719 Alex_Mihaiuc 2021-10-12T21:39:29Z Autoruns v14.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-03/ba-p/2800248 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v14.03</SPAN></A></P> <DIV><SPAN>This update for Autoruns restores entries previously shown in v13.100, improves Wow64 redirection handling and entry name resolution.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Thu, 30 Sep 2021 17:14:39 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-03/ba-p/2800248 Alex_Mihaiuc 2021-09-30T17:14:39Z Sysinternals 25th anniversary event: October 14, 2021 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-25th-anniversary-event-october-14-2021/ba-p/2793393 <P>On October 14, 2021, we are hosting a special event to celebrate 25 years of Sysinternals, the utilities IT pros and developers around the world turn to for help with analyzing, troubleshooting, and optimizing Windows systems and applications.<BR /><BR /></P> <P>The day begins with a fireside chat with Microsoft Azure CTO and Sysinternals creator Mark Russinovich and continues with fast-paced deep dives into the most popular tools. We'll also be offering some cool prizes so block your calendar.&nbsp;</P> <P>&nbsp;</P> <P>Don't miss your chance to be part of the celebration! Add this event to your calendar and visit&nbsp;<A href="#" target="_blank">https://aka.ms/Sysinternals25</A>&nbsp;for the full agenda!</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Decorative card stating that Sysinternals@25 is a special event on October 14, 2021" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/313427i99DA2C4CBDF83077/image-size/large?v=v2&amp;px=999" role="button" title="sysinternals25_blog.png" alt="sysinternals25_blog.png" /></span></P> Tue, 28 Sep 2021 21:55:59 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-25th-anniversary-event-october-14-2021/ba-p/2793393 Heather Poulsen 2021-09-28T21:55:59Z Autoruns v14.02, WinObj v3.12, Tcpview v4.15 and Process Monitor v3.85 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-02-winobj-v3-12-tcpview-v4-15-and-process-monitor/ba-p/2775709 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v14.02</SPAN></A></P> <DIV><SPAN>Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.12</SPAN></A></P> <DIV><SPAN>WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Tcpview v4.15</SPAN></A></P> <DIV><SPAN>TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.85</SPAN></A></P> <DIV><SPAN>Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 22 Sep 2021 18:49:48 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-02-winobj-v3-12-tcpview-v4-15-and-process-monitor/ba-p/2775709 Alex_Mihaiuc 2021-09-22T18:49:48Z Autoruns v14.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-01/ba-p/2708458 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v14.01</SPAN></A></P> <DIV><SPAN>This update for Autoruns fixes a regression with VirusTotal submissions introduced in v14.0.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 01 Sep 2021 17:20:46 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-01/ba-p/2708458 Alex_Mihaiuc 2021-09-01T17:20:46Z Autoruns v14.0, RDCMan v2.83, Procdump v10.11, dark theme updates, ProcExp v16.43 and Sysmon v13.24 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-0-rdcman-v2-83-procdump-v10-11-dark-theme-updates/ba-p/2661936 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v14.0</SPAN></A></P> <DIV><SPAN>Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>RDCMan v2.83</SPAN></A></P> <DIV><SPAN>This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>ProcDump v10.11</SPAN></A></P> <DIV><SPAN>This update to ProcDump fixes a "The parameter is incorrect" error on Windows Server 2016 systems.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Winobj v3.11</SPAN></A></P> <DIV><SPAN>WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.14</SPAN></A></P> <DIV><SPAN>TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.84</SPAN></A></P> <DIV><SPAN>Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Explorer v16.43</SPAN></A></P> <DIV><SPAN>This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, "medium+" for process integrity levels and has some display tweaks for systems with large memory capacity.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.24</SPAN></A></P> <DIV><SPAN>This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 18 Aug 2021 18:12:16 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v14-0-rdcman-v2-83-procdump-v10-11-dark-theme-updates/ba-p/2661936 Alex_Mihaiuc 2021-08-18T18:12:16Z ProcDump v10.1, RDCMan v2.82, Sigcheck v2.82 and Sysmon v13.23 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procdump-v10-1-rdcman-v2-82-sigcheck-v2-82-and-sysmon-v13-23/ba-p/2592574 <DIV> <P><A href="#" target="_self"><SPAN>ProcDump v10.1</SPAN></A></P> <DIV><SPAN>This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds a new option (-dc) for specifying a dumpfile comment and supports "triage" dumps (-mt).</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>RDCMan v2.82</SPAN></A></P> <DIV><SPAN>This RDCMan update adds a toggle for bitmap caching and fixes a series of crashes.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sigcheck v2.82</SPAN></A></P> <DIV><SPAN>This Sigcheck update fixes a crash occurring when analyzing unsigned files on VirusTotal.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.23</SPAN></A></P> <DIV><SPAN>This Sysmon update fixes a bug where rules with long names were incorrectly processed and a rare out of memory crash occurring on 32-bit systems.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Tue, 27 Jul 2021 18:15:54 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procdump-v10-1-rdcman-v2-82-sigcheck-v2-82-and-sysmon-v13-23/ba-p/2592574 Alex_Mihaiuc 2021-07-27T18:15:54Z RDCMan v2.81 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rdcman-v2-81/ba-p/2480972 <DIV> <P><A href="#" target="_self"><SPAN>RDCMan v2.81</SPAN></A></P> <DIV><SPAN>This update to RDCMan, a utility for managing multiple remote desktop connections, resolves a crash happening on failure to connect to server groups.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Thu, 24 Jun 2021 14:30:28 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rdcman-v2-81/ba-p/2480972 Alex_Mihaiuc 2021-06-24T14:30:28Z RDCMan v2.8, AccessChk v6.14, Process Monitor v3.83, Strings v2.54, Sysmon v13.22 and TCPView v4.13 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rdcman-v2-8-accesschk-v6-14-process-monitor-v3-83-strings-v2-54/ba-p/2470340 <DIV> <P><A href="#" target="_self"><SPAN>RDCMan v2.8</SPAN></A></P> <DIV><SPAN>RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!&nbsp;This release fixes CVE-2020-0765, an XML parsing vulnerability.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>AccessChk v6.14</SPAN></A></P> <DIV><SPAN>This AccessChk version adds support for NULL DACL reporting.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.83</SPAN></A></P> <DIV><SPAN>ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Strings v2.54</SPAN></A></P> <DIV><SPAN>This Strings update improves handling of files containing long strings.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.22</SPAN></A></P> <DIV><SPAN>This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.13</SPAN></A></P> <DIV><SPAN>This TCPView update fixes a bug with connection state filtering.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 18 Aug 2021 18:14:01 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rdcman-v2-8-accesschk-v6-14-process-monitor-v3-83-strings-v2-54/ba-p/2470340 Alex_Mihaiuc 2021-08-18T18:14:01Z Process Monitor v3.82, TCPView v4.12, Process Explorer v16.42 and Sysmon v13.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-82-tcpview-v4-12-process-explorer-v16-42-and/ba-p/2404570 <DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.82</SPAN></A></P> <DIV><SPAN>This update to Process Monitor fixes "go to event" from context menu and introduces some UI improvements for the dark theme.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.12</SPAN></A></P> <DIV><SPAN>This update to TCPView fixes a bug where columns would be drawn twice.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Explorer v16.42</SPAN></A></P> <DIV><SPAN>This update to Process Explorer fixes a bug with signature checks.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.21</SPAN></A></P> <DIV><SPAN>This update to Sysmon fixes a rare crash on process startup on x86 systems.</SPAN></DIV> <DIV>&nbsp;</DIV> Tue, 01 Jun 2021 15:21:41 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-82-tcpview-v4-12-process-explorer-v16-42-and/ba-p/2404570 Alex_Mihaiuc 2021-06-01T15:21:41Z Process Monitor v3.81, TCPView v4.11 and Process Explorer v16.41 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-81-tcpview-v4-11-and-process-explorer-v16-41/ba-p/2387897 <DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.81</SPAN></A></P> <DIV><SPAN>This bugfix update for Process Monitor addresses some regressions introduced with v3.80.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.11</SPAN></A></P> <DIV><SPAN>This update to TCPView fixes a crash occurring when items were copied.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Explorer v16.41</SPAN></A></P> <DIV><SPAN>This update to Process Explorer fixes a startup crash.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 26 May 2021 15:20:19 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-81-tcpview-v4-11-and-process-explorer-v16-41/ba-p/2387897 Alex_Mihaiuc 2021-05-26T15:20:19Z ProcMon 3.80, Sysmon 13.20, TCPView 4.10, ProcExp 16.40, PsExec 2.34, Sigcheck 2.81 and WinObj 3.10 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procmon-3-80-sysmon-13-20-tcpview-4-10-procexp-16-40-psexec-2-34/ba-p/2384766 <DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.80</SPAN></A></P> <DIV><SPAN>Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.20</SPAN></A></P> <DIV><SPAN>This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.10</SPAN></A></P> <DIV><SPAN>This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Explorer v16.40</SPAN></A></P> <DIV><SPAN>This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>PsExec v2.34</SPAN></A></P> <DIV><SPAN>This PsExec release reverts to sending all PsExec output to stderr so that only target process output emits to stdout.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sigcheck v2.81</SPAN></A></P> <DIV><SPAN>Sigcheck v2.81 fixes a bug in filtering output for unsigned VirusTotal unknown files and now reports the signing time for files with untrusted certificate signatures.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.10</SPAN></A></P> <DIV><SPAN>This WinObj update extends search functionality to include symbolic link targets.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Tue, 25 May 2021 17:16:48 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procmon-3-80-sysmon-13-20-tcpview-4-10-procexp-16-40-psexec-2-34/ba-p/2384766 Alex_Mihaiuc 2021-05-25T17:16:48Z Autoruns v13.100 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-100/ba-p/2282998 <DIV> <P><A href="#" target="_self"><SPAN>Autoruns v13.100</SPAN></A></P> <DIV><SPAN>This update to Autoruns fixes a crash reported in v13.99.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Fri, 23 Apr 2021 18:43:59 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-100/ba-p/2282998 Alex_Mihaiuc 2021-04-23T18:43:59Z Procmon v3.70, Sysmon v13.10, Autoruns v13.99, TCPView v4.01 and WinObj v3.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procmon-v3-70-sysmon-v13-10-autoruns-v13-99-tcpview-v4-01-and/ba-p/2280263 <DIV> <P><A href="#" target="_self"><SPAN>Procmon v3.70</SPAN></A></P> <DIV><SPAN>This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.10</SPAN></A></P> <DIV><SPAN>This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Autoruns v13.99</SPAN></A></P> <DIV><SPAN>This update to Autoruns fixes a bug that resulted in some empty locations being hidden when the Include Empty Locations option is selected.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.01</SPAN></A></P> <DIV><SPAN>This update to TCPView refines Quick search to look in IP addresses and ports.</SPAN></DIV> <DIV>&nbsp;</DIV> <P>Theme Engine</P> <DIV><SPAN>This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TcpView have been updated. Expect more tools using the theme engine in the near future!</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Wed, 21 Apr 2021 16:09:38 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/procmon-v3-70-sysmon-v13-10-autoruns-v13-99-tcpview-v4-01-and/ba-p/2280263 Alex_Mihaiuc 2021-04-21T16:09:38Z TCPView v4.0, PsExec v2.33, WinObj v3.02 and Sysmon v13.02 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549 <DIV> <P><A href="#" target="_self"><SPAN>TCPView v4.0</SPAN></A></P> <DIV><SPAN>This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV> <P><A href="#" target="_self"><SPAN>PsExec v2.33</SPAN></A></P> <DIV><SPAN>This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.02</SPAN></A></P> <DIV><SPAN>This WinObj release fixes a bug that could cause it to crash.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.02</SPAN></A></P> <DIV><SPAN>This Sysmon update fixes a crash that could be caused by file deletion events, fixes the "is any" rule predicate, and adds several configuration parsing performance improvements.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> </DIV> </DIV> Tue, 23 Mar 2021 19:25:35 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549 lukekim 2021-03-23T19:25:35Z WinObj v3.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/winobj-v3-01/ba-p/2175086 <DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.01</SPAN></A></P> <DIV><SPAN>This minor update to WinObj fixes a crash on exit.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Mon, 01 Mar 2021 18:43:45 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/winobj-v3-01/ba-p/2175086 lukekim 2021-03-01T18:43:45Z WinObj v3.0 and Coreinfo v3.52 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/winobj-v3-0-and-coreinfo-v3-52/ba-p/2162978 <DIV> <P><A href="#" target="_self"><SPAN>WinObj v3.0</SPAN></A></P> <DIV><SPAN>This major update to WinObj adds dynamic updates, quick search, full search, properties for more object types, as well as performance improvements. It's also the first Sysinternals tool to feature a dark theme.</SPAN></DIV> <DIV>&nbsp;</DIV> <DIV> <P><A href="#" target="_self"><SPAN>Coreinfo v3.52</SPAN></A></P> <DIV><SPAN>This update to Coreinfo adds reporting for CET (shadow stack) support.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> </DIV> Wed, 24 Feb 2021 19:33:05 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/winobj-v3-0-and-coreinfo-v3-52/ba-p/2162978 lukekim 2021-02-24T19:33:05Z PsExec v2.32 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/psexec-v2-32/ba-p/2062900 <DIV> <P><A href="#" target="_self"><SPAN>PsExec v2.32</SPAN></A></P> <DIV><SPAN>This update to PsExec fixes a bug where the -r option was not honored.</SPAN></DIV> <DIV>&nbsp;</DIV> </DIV> Fri, 15 Jan 2021 02:24:56 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/psexec-v2-32/ba-p/2062900 lukekim 2021-01-15T02:24:56Z Sysmon v13.01 and PsExec v2.30 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v13-01-and-psexec-v2-30/ba-p/2054904 <DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.01</SPAN></A></P> <DIV><SPAN>This bugfix update to Sysmon resolves a series of config parsing issues.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>PsExec v2.30</SPAN></A></P> <DIV><SPAN>Previous versions of PsExec are susceptible to a named pipe squatting attack. If a low-privileged attacker creates a named pipe on a server to which a PsExec client connects, they could intercept explicit authentication credentials or sensitive command-line arguments sent by the client. The PsExec client now drops a key into file protected with an administrator-only security descriptor with a name formatted as PSEXEC-.key into the Windows directory on the remote system that the PsExec service uses to authenticate to the client.</SPAN></DIV> </DIV> Tue, 12 Jan 2021 23:01:25 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v13-01-and-psexec-v2-30/ba-p/2054904 lukekim 2021-01-12T23:01:25Z Sysmon v13.00, Process Monitor v3.61 and PsExec v2.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v13-00-process-monitor-v3-61-and-psexec-v2-21/ba-p/2048379 <DIV> <P><A href="#" target="_self"><SPAN>Sysmon v13.00</SPAN></A></P> <DIV><SPAN>This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.61</SPAN></A></P> <DIV><SPAN>This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>PsExec v2.21</SPAN></A></P> <DIV><SPAN>This update to PsExec, a command line utility for remotely launching processes on Windows computers, removes some MAX_PATH related limits and now mandates the -i flag for interactive sessions.</SPAN></DIV> </DIV> Mon, 11 Jan 2021 11:12:51 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v13-00-process-monitor-v3-61-and-psexec-v2-21/ba-p/2048379 lukekim 2021-01-11T11:12:51Z Sysmon 12.03, SDelete v2.04, WinObj v2.23 and ARM64 releases https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-12-03-sdelete-v2-04-winobj-v2-23-and-arm64-releases/ba-p/1930079 <DIV> <P><A href="#" target="_self"><SPAN>Sysmon v12.03</SPAN></A></P> <DIV><SPAN>This version of Sysmon fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>SDelete v2.04</SPAN></A></P> <DIV><SPAN>This update to SDelete, a command line utility for secure file deletion, provides a new switch, -f, to to avoid file/directory versus drive ambiguity.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>WinObj v2.23</SPAN></A></P> <DIV><SPAN>This update to WinObj, a utility to explore the Windows NT Object Manager's namespace, brings bug fixes and is now available for x64 and ARM64.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>ARM64 ports</SPAN></A></P> <DIV><SPAN>New ARM64 releases for ADRestore v1.2, LogonSessions v1.41 and WinObj v2.23. Download all ARM64 tools in a single download with the <A href="#" target="_self">Sysinternals Suite for ARM64</A>.</SPAN></DIV> </DIV> Wed, 25 Nov 2020 11:00:08 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-12-03-sdelete-v2-04-winobj-v2-23-and-arm64-releases/ba-p/1930079 lukekim 2020-11-25T11:00:08Z AD Explorer v1.50, Disk Usage v1.62, VMMap v3.31 and Sysmon v12.02 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/ad-explorer-v1-50-disk-usage-v1-62-vmmap-v3-31-and-sysmon-v12-02/ba-p/1854373 <P><A href="#" target="_self"><SPAN>AD Explorer v1.50</SPAN></A></P> <DIV><SPAN>This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the "Compare" dialog and is now available for x64 and ARM64.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Disk Usage v1.62</SPAN></A></P> <DIV><SPAN>This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>VMMap v3.31</SPAN></A></P> <DIV><SPAN>This update to VMMap, a utility that reports the virtual memory layout of a process, fixes a Thread Environment Block bug on Windows 10 systems.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v12.02</SPAN></A></P> <DIV><SPAN>This update to Sysmon fixes several configuration parsing bugs.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>ARM64 ports</SPAN></A></P> <DIV><SPAN>New ARM64 releases for AdExplorer v1.50 and DU v1.62. Download all ARM64 tools in a single download with the <A href="#" target="_self">Sysinternals Suite for ARM64</A>.</SPAN></DIV> Wed, 04 Nov 2020 22:11:47 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/ad-explorer-v1-50-disk-usage-v1-62-vmmap-v3-31-and-sysmon-v12-02/ba-p/1854373 lukekim 2020-11-04T22:11:47Z Sysmon v12.01, VMMap 3.30, RAMMap v1.60, AccessChk v6.13 and DiskView v2.41 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v12-01-vmmap-3-30-rammap-v1-60-accesschk-v6-13-and/ba-p/1776110 <DIV> <P><A href="#" target="_self"><SPAN>VMMap v3.30</SPAN></A></P> <DIV><SPAN>This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>RAMMap</SPAN></A></P> <DIV><SPAN>This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Sysmon v12.01</SPAN></A></P> <DIV><SPAN>Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>ARM64 ports</SPAN></A></P> <DIV><SPAN>New ARM64 releases for AccessChk v6.13, DiskView v2.41 and VMMap v3.30. Download all ARM64 tools in a single download with the <A href="#" target="_self">Sysinternals Suite for ARM64</A>.</SPAN></DIV> </DIV> Fri, 16 Oct 2020 16:33:24 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v12-01-vmmap-3-30-rammap-v1-60-accesschk-v6-13-and/ba-p/1776110 lukekim 2020-10-16T16:33:24Z Sysmon v12.0, Process Monitor v3.60, Procdump v10.0 and ARM64 ports https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v12-0-process-monitor-v3-60-procdump-v10-0-and-arm64/ba-p/1649402 <DIV> <P><A href="#" target="_self"><SPAN>Sysmon v12.0</SPAN></A></P> <DIV><SPAN>In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Process Monitor v3.60</SPAN></A></P> <DIV><SPAN>This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>Procdump v10.0</SPAN></A></P> <DIV><SPAN>This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.</SPAN></DIV> <DIV>&nbsp;</DIV> <P><A href="#" target="_self"><SPAN>ARM64 ports</SPAN></A></P> <DIV><SPAN>In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the <A href="#" target="_self">Sysinternals Suite for ARM64</A>.</SPAN></DIV> </DIV> Fri, 18 Sep 2020 20:17:32 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v12-0-process-monitor-v3-60-procdump-v10-0-and-arm64/ba-p/1649402 lukekim 2020-09-18T20:17:32Z Sysmon v11.11 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-11/ba-p/1522915 <DIV> <DIV style="box-sizing: border-box; color: #333333; font-family: inherit; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; line-height: 1.7142; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot;">Sysmon&nbsp;v11.11</SPAN></DIV> </DIV> <DIV>This update to Sysmon fixes a bug that prevented USB media from being ejected, an issue that could stop network event logging and a resulting memory leak, and logs file delete events for delete-on-close files.</DIV> <DIV>&nbsp;</DIV> Wed, 15 Jul 2020 09:05:09 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-11/ba-p/1522915 Mark_Cook 2020-07-15T09:05:09Z Sysmon v11.10, Sigcheck v2.80, Autoruns v13.98 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-10-sigcheck-v2-80-autoruns-v13-98/ba-p/1485287 <DIV> <DIV style="box-sizing: border-box; color: #333333; font-family: inherit; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; line-height: 1.7142; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot;">Sysmon&nbsp;v11.10</SPAN></DIV> </DIV> <DIV>This update to Sysmon logs stream content for alternate data streams, introduces the `is-any` filter condition and includes a number of important bugfixes.</DIV> <DIV>&nbsp;</DIV> <DIV><FONT style="background-color: #ffffff;"><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Sigcheck v2.80</SPAN><BR />Sigcheck, a flexible tool for showing file versions, file signatures, and certificate stores, introduces a -p option for specifying a trust GUID for signature verification, and it now shows certificate signing chains even when a certificate in the chain is untrusted.<BR /></FONT></DIV> <DIV>&nbsp;</DIV> <DIV><FONT style="background-color: #ffffff;"><STRONG><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Autoruns v13.98</SPAN></STRONG><BR /></FONT></DIV> <DIV> <P>This release of Autoruns resolves an issue where Microsoft Defender binaries were being flagged as unsigned.</P> <P>&nbsp;</P> <P>Watch Mark Russinovich discuss these including demos of the new features in Sysmon and Sigcheck at <A href="#" target="_blank" rel="noopener">https://youtu.be/HCZlJDKUqn0</A></P> </DIV> Wed, 24 Jun 2020 10:17:49 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-10-sigcheck-v2-80-autoruns-v13-98/ba-p/1485287 Mark_Cook 2020-06-24T10:17:49Z Sysmon v11.0, LiveKD v5.63, Process Explorer v16.32, Coreinfo v3.5 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153 <DIV> <DIV style="box-sizing: border-box; color: #333333; font-family: inherit; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; line-height: 1.7142; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot;">Sysmon&nbsp;v11.0</SPAN></DIV> </DIV> <DIV><FONT style="background-color: #ffffff;">This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud. </FONT></DIV> <DIV>&nbsp;</DIV> <DIV><FONT style="background-color: #ffffff;"><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">LiveKD v5.63</SPAN><BR />This update fixes a regression with enumerating and dumping Hyper-V partitions on recent versions of Windows 10. </FONT></DIV> <DIV>&nbsp;</DIV> <DIV><FONT style="background-color: #ffffff;"><STRONG><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Coreinvo v3.5</SPAN></STRONG><BR />This release of Coreinfo, a tool that shows system CPU, memory and cache topology and information, now reports the status of restricted guest virtualization on Intel platforms. </FONT></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN style="box-sizing: border-box; color: #0000ff; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Process Explorer v16.32</SPAN><FONT style="background-color: #ffffff;"><BR />This update resolves an issue where the application icon in the tree view was displayed incorrectly. </FONT></DIV> Tue, 28 Apr 2020 19:45:00 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153 Mark_Cook 2020-04-28T19:45:00Z Process Monitor v3.53, Process Explorer v16.31 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-53-process-explorer-v16-31/ba-p/1073828 <H2 id="user-content-process-monitor-v3.53">Process Monitor v3.53</H2> <P>This update to Process Monitor includes the following changes:</P> <UL> <LI>Resolves a crash when reloading a saved file</LI> <LI>Fixes issues where profiling events and/or process activity summary stopped working after the GUI is closed and reopened</LI> <LI>Adds file information class for IRP_MN_QUERY_DIRECTORY</LI> </UL> <H2 id="user-content-process-explorer-v16.31">Process Explorer v16.31</H2> <P>This update to Process Explorer resolves a number of crashes and addresses a GDI exhaustion issue on busy systems.</P> Thu, 19 Dec 2019 12:23:16 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-53-process-explorer-v16-31/ba-p/1073828 Mark_Cook 2019-12-19T12:23:16Z Sysmon v10.42, Zoomit v4.52, Whois v1.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v10-42-zoomit-v4-52-whois-v1-21/ba-p/1060875 <DIV><SPAN style="color: #0000ff;">Sysmon&nbsp;v10.42</SPAN></DIV> <DIV><SPAN style="color: #000000;">This&nbsp;update&nbsp;to&nbsp;Sysmon&nbsp;includes&nbsp;the&nbsp;following&nbsp;changes:</SPAN></DIV> <DIV><SPAN style="color: #0000ff;">-&nbsp;</SPAN><SPAN style="color: #000000;">Memory&nbsp;leaks&nbsp;in&nbsp;DNS,&nbsp;Networking&nbsp;and&nbsp;Image&nbsp;load&nbsp;events</SPAN></DIV> <DIV><SPAN style="color: #0000ff;">-&nbsp;</SPAN><SPAN style="color: #000000;">Bug&nbsp;fixes&nbsp;including&nbsp;filtering,&nbsp;rule&nbsp;group&nbsp;names,&nbsp;NULL&nbsp;process&nbsp;GUIDS&nbsp;and&nbsp;W3LOGSVC&nbsp;interop&nbsp;issue</SPAN></DIV> <DIV><SPAN style="color: #0000ff;">-&nbsp;</SPAN><SPAN style="color: #000000;">Increased&nbsp;rule&nbsp;name&nbsp;field&nbsp;length&nbsp;from&nbsp;32&nbsp;to&nbsp;128&nbsp;characters</SPAN></DIV> <DIV><SPAN style="color: #0000ff;">-&nbsp;</SPAN><SPAN style="color: #000000;">Added&nbsp;“excludes&nbsp;any”&nbsp;and&nbsp;“excludes&nbsp;all”&nbsp;filtering&nbsp;conditions.</SPAN></DIV> <DIV><SPAN style="color: #0000ff;">-&nbsp;</SPAN><SPAN style="color: #000000;">Performance&nbsp;improvements&nbsp;for&nbsp;ImageLoad&nbsp;module</SPAN></DIV> <P>&nbsp;</P> <DIV><SPAN style="color: #0000ff;">Zoomit&nbsp;v4.52</SPAN></DIV> <DIV><SPAN style="color: #000000;">Adds&nbsp;enhanced&nbsp;multi-monitor&nbsp;support.</SPAN></DIV> <P>&nbsp;</P> <DIV><SPAN style="color: #0000ff;">Whois&nbsp;v1.21</SPAN></DIV> <DIV><SPAN style="color: #000000;">Includes&nbsp;a&nbsp;number&nbsp;of&nbsp;bugfixes</SPAN></DIV> Wed, 11 Dec 2019 19:47:40 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v10-42-zoomit-v4-52-whois-v1-21/ba-p/1060875 Mark_Cook 2019-12-11T19:47:40Z BGINFO 4.28 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-4-28/ba-p/869906 <P>This update to Bginfo includes a fix that prevents bypass of Windows Secure Mode script policy.</P> Mon, 23 Sep 2019 09:36:53 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-4-28/ba-p/869906 Mark_Cook 2019-09-23T09:36:53Z Sysmon 10.4 Rule Enhancements https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-10-4-rule-enhancements/ba-p/840631 <P>When we first released the RuleGroup feature described in <LI-MESSAGE title="Sysmon - The rules about rules" uid="733649" url="https://gorovian.000webhostapp.com/?exam=t5/Sysinternals-Blog/Sysmon-The-rules-about-rules/m-p/733649#U733649"></LI-MESSAGE> many of you contacted us to see if we might consider extending the AND/OR combiner to individual rules rather than to all rules for an event type.&nbsp; You asked and we listened and are pleased to announce that from 10.4 onwards this is now supported.</P> <P>&nbsp;</P> <P>As with RuleGroups, these are completely optional and your existing configuration files should continue to work as they do now. If you do want to take advantage of the new features though you will need to increment the schema version to 4.22 and you'll be ready to go..</P> <P>&nbsp;</P> <P>The basic building block is the new &lt;Rule&gt; element. As with &lt;RuleGroup&gt; this can optionally have name and groupRelation attributes and like RuleGroup the default groupRelation is "AND". An example schema is shown below</P> <P>&nbsp;</P> <P>&lt;Sysmon schemaversion="4.22"&gt;</P> <P>&nbsp; &nbsp;&lt;EventFiltering&gt;</P> <P>&nbsp; &nbsp; &nbsp; &lt;RuleGroup name="group 1" groupRelation="or"&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;timeout&lt;/CommandLine&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;CommandLine condition="contains all"&gt;net;view&lt;/CommandLine&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;Rule groupRelation="and" name="pinging microsoft"&gt;</P> <P>&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;Image condition="contains"&gt;ping&lt;/Image&gt;</P> <P>&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;CommandLine condition="contains"&gt;microsoft&lt;/CommandLine&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;/Rule&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;Rule groupRelation="and"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;Image condition="end with"&gt;powershell.exe&lt;/Image&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ParentImage condition="end with"&gt;cmd.exe&lt;/ParentImage&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&lt;/Rule&gt;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &lt;/ProcessCreate&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp; &lt;/RuleGroup&gt;</P> <P>&nbsp;&nbsp; &lt;/EventFiltering&gt;</P> <P>&lt;/Sysmon&gt;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Sysmon power users may have noticed something unusual with the following line</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&lt;CommandLine condition="contains all"&gt;net;view&lt;/CommandLine&gt;</P> <P>&nbsp;</P> <P>This brings me to another change for 10.4 which introduces the "contains any" and "contains all" conditions that can be used for local (field level) OR/AND conditions respectively. These attempt to match a ';' separated list of fields so in this example a match will be made for "net view" but not "net use". "contains any" is a similar condition but for "OR' operations.&nbsp; A rule for browsers for example might be</P> <P>&nbsp;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;Image condition="contains any"&gt;firefox.exe;chrome.exe;iexplore.exe&lt;/Image&gt;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Happy hunting and as always if you have any questions or suggestions, please feel free to contact us at syssite@microsoft.com</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 06 Sep 2019 15:12:44 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-10-4-rule-enhancements/ba-p/840631 Mark_Cook 2019-09-06T15:12:44Z Sysmon - The rules about rules https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-the-rules-about-rules/ba-p/733649 <P>Those who have been using Sysmon for a while will be aware that for some time now there has been a disparity between how filter rules were intended to work and how they worked in practice. The purpose of this post is to hopefully clarify some of the &nbsp;common sources of confusion and to explain why things are the way they are. With that said, let’s dive straight in.</P> <H1>&nbsp;</H1> <H1>Multiple rules on the same field</H1> <P>This is the most basic case and the least confusing because it has always been and remains the case today that these will be combined using ‘OR’. So the following example will cause Sysmon to log a process creation event only when the command line contains iexplore.exe OR firefox.exe</P> <P>&nbsp;</P> <P>&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;iexplore.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;firefox.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&lt;/ProcessCreate&gt;</P> <P>&lt;/EventFiltering&gt;</P> <P>&nbsp;</P> <P>A variation on this configuration is where we might have include and exclude rules on the same event. Here exclude rules will always take precedence. Thus in the following example we will omit our browser events when the browser was launched by explorer.exe.</P> <P>&nbsp;</P> <P>&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;iexplore.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;firefox.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&lt;/ProcessCreate&gt;</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&lt;ProcessCreate onmatch="exclude"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;c:\windows\explorer.exe</P> <P>&nbsp;&nbsp; &nbsp;&nbsp;&lt;/ProcessCreate&gt;</P> <P>&lt;/EventFiltering&gt;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>So far so good. Most users I speak with are happy with this. Where they are less comfortable is how rules for different fields are combined. &nbsp;&nbsp;So let’s talk about that next</P> <H1>&nbsp;</H1> <H1>Multiple rules on different fields</H1> <P>For reasons that are multiple and largely self-inflicted, this is the main source of confusion. The documentation has always stated that rules on different fields would be combined using ‘AND’ and in some cases this was true but in others it was not. Over the years we have tried to address some of the edge cases but generally this has been a non-deterministic hybrid of both depending on which combinations of fields were being used and which events they were applied to.</P> <P>&nbsp;</P> <P>All this changed in Sysmon 8.02. In response to repeated requests to make this behaviour match the documentation I resolved the hybrid AND/OR filtering once and for all so that the ‘AND’ logic worked consistently. &nbsp;This now matched the documentation and everybody was happy.</P> <P>&nbsp;</P> <P>Or not. Although the implementation was now consistent with the documentation, it turned out that prior to this change, many of the most commonly used fields were previously being combined using ‘OR’. Users were aware that this was contrary to the documentation but since this is the way it worked in practice they had no choice but to assume ‘OR’ anyway and had come to rely on it working that way. Thus for these users 8.02 broke their existing configurations and broke them badly.</P> <H1>&nbsp;</H1> <H1>Rule groups</H1> <P>In Sysmon 9.0 we introduced the concept of Rule Groups as a response to satisfy the competing demands of one set of users who wanted to combine their rules using ‘AND’ along with those who wanted to continue using ‘OR’.</P> <P>&nbsp;</P> <P>Rule groups are completely optional and can be used to explicitly define the way that rules on different fields are combined. &nbsp;At the most basic level a single rule group with or without an optional name attribute can be applied to the entire configuration</P> <P>&nbsp;</P> <P>&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;RuleGroup groupRelation="or"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="exclude"/&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ImageLoad onmatch="exclude"/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&lt;/EventFiltering&gt;</P> <P>&nbsp;</P> <P>Alternatively multiple rule groups &nbsp;can be used for different events</P> <P>&nbsp;</P> <P>&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;RuleGroup name=”group1”&nbsp;groupRelation="or"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="exclude"/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;RuleGroup name=”group2”&nbsp;groupRelation="and"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ImageLoad onmatch="exclude"/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&lt;/EventFiltering&gt;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>It is also possible to exclude events from the rule group completely such as the NetworkConnect events in the following example</P> <P>&nbsp;</P> <P>&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;RuleGroup name=”group1”&nbsp;groupRelation="or"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="exclude"/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;RuleGroup name=”group2”&nbsp;groupRelation="and"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ImageLoad onmatch="exclude"/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&nbsp;&nbsp;&nbsp; &lt;NetworkConnect onmatch="exclude"/&gt;</P> <P>&lt;/EventFiltering&gt;</P> <P>&nbsp;</P> <H1>Default values</H1> <P>Since rule groups are optional and because events may be omitted from a rule group, we had to pick a default value for these rules. In light of our experience when switching from ‘OR’ to ‘AND’ in Sysmon 8.02, we opted to revert to ‘OR’ for this default.</P> <P>&nbsp;</P> <P>It is important to note however that this is for backwards compatibility purposes only so that users are able to move to Sysmon 9.0 and later without modifying their configuration files. &nbsp;The desire is to reinstate the intended default value of ‘AND’ as stated in the documentation and for this reason we have linked the default value to the schemaversion. &nbsp;<STRONG><FONT color="#FF0000">Sysmon 9.0 was released with a schema version of 4.1 so anything with 4.1 and lower will default to ‘OR’ and anything with a schema version greater than 4.1 will default to ‘AND’.</FONT></STRONG></P> <P>&nbsp;</P> <P>Thus in the following example, we will record process creation events when either the command line contains iexplore.exe OR the parent command line contains explorer.exe</P> <P>&nbsp;</P> <P>&lt;Sysmon schemaversion="4.1"&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;iexplore.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;ParentCommandLine condition="contains"&gt;explorer.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/ProcessCreate/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/EventFiltering&gt;</P> <P>&lt;Sysmon&gt;</P> <P>&nbsp;</P> <P>Whereas in this example example we will only record events when both the command line AND the parent command line match.</P> <P>&nbsp;</P> <P>&lt;Sysmon schemaversion="4.21"&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;iexplore.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&lt;ParentCommandLine condition="contains"&gt;explorer.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/ProcessCreate/&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/EventFiltering&gt;</P> <P>&lt;Sysmon&gt;</P> <P>&nbsp;</P> <P>Recently we added DNS logging to Sysmon. This has been a popular feature but to take advantage of it you need to increment the schema version to 4.21. Several users have reported issues with their configuration files after enabling DNS so hopefully the reasons for this are now clear. If your configuration relied on the legacy ‘OR’ behaviour the solution is to add a top level rule group that defines this explicitly as shown in the following example.</P> <P>&nbsp;</P> <P>&lt;Sysmon schemaversion="4.21"&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;EventFiltering&gt;</P> <P>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;RuleGroup groupRelation="or"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &lt;ProcessCreate onmatch="include"&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;CommandLine condition="contains"&gt;iexplore.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;ParentCommandLine condition="contains"&gt;explorer.exe&lt;/CommandLine&gt;</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;/ProcessCreate/&gt;</P> <P>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;/RuleGroup&gt;</P> <P>&nbsp; &nbsp;&nbsp;&lt;/EventFiltering&gt;</P> <P>&lt;Sysmon&gt;</P> <P>&nbsp;</P> <P>While we continue to evolve the rule structure and flexibility, we have to be sensitive to any additional performance impact. Nevertheless if you have comments or suggestions on how we might be able to make this work better in your environment then we would love to hear from you at <A href="https://gorovian.000webhostapp.com/?exam=mailto:syssite@microsoft.com" target="_blank" rel="noopener">syssite@microsoft.com</A>.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 09 Sep 2019 07:31:42 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-the-rules-about-rules/ba-p/733649 Mark_Cook 2019-09-09T07:31:42Z Autoruns v13.96, Process Explorer v16.26, RAMMap v1.52 and Sysmon v10.2 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-96-process-explorer-v16-26-rammap-v1-52-and-sysmon/ba-p/729358 <DIV class="lia-message-subject-wrapper lia-component-subject lia-component-message-view-widget-subject-with-options"> <DIV class="MessageSubject"> <DIV class="MessageSubjectIcons ">&nbsp;</DIV> </DIV> </DIV> <DIV class="lia-message-body-wrapper lia-component-message-view-widget-body"> <DIV id="bodyDisplay" class="lia-message-body"> <DIV class="lia-message-body-content"> <P><A href="#" target="_blank" rel="noopener noreferrer">Autoruns v13.96</A><BR /><SPAN>This release of Autoruns improves the security of loading system libraries</SPAN></P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener noreferrer">Process Explorer v16.26</A></P> <P>This update to Process Explorer fixes a memory leak when showing CPU and/or GPU history graphs, display of overflowing metrics on the process properties tab and improves security of loading system libraries.</P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener noreferrer">RAMMap v1.52</A><BR />The ARM64 version of RAMMap "RAMMap64a.exe" is now included.</P> <P>&nbsp;</P> <P><A href="#" target="_self">Sysmon v10.2</A></P> <P>This update to Sysmon includes the following fixes:</P> <P>&nbsp;</P> <UL> <LI><SPAN>Fixed an XML parsing error when there is a comment after a RuleGroup element</SPAN></LI> <LI><SPAN>A config dump issue when both include and exclude rules are used</SPAN></LI> <LI><SPAN>A BSOD on Windows 7 when using named-pipes</SPAN></LI> </UL> </DIV> </DIV> </DIV> Mon, 01 Jul 2019 18:03:53 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-96-process-explorer-v16-26-rammap-v1-52-and-sysmon/ba-p/729358 lukekim 2019-07-01T18:03:53Z Handle v4.22, NotMyFault v4.20, Process Explorer v16.25, Sysmon v10.1 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/handle-v4-22-notmyfault-v4-20-process-explorer-v16-25-sysmon-v10/ba-p/726803 <P><STRONG>First published on TechNet on Jun 15, 2019<SPAN>&nbsp;</SPAN></STRONG></P> <P>&nbsp;</P> <P><A href="#" target="_blank">Handle v4.22</A><BR /><SPAN>This release of Handle fixes a race condition in the driver that could lead to a crash.</SPAN></P> <P>&nbsp;</P> <P><A href="#" target="_blank">Notmyfault v4.20</A><BR /><SPAN>Notmyfaultc now includes a flag that makes it wait until an event named Notmyfault is signaled before proceeding to crash or leak.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><A href="#" target="_blank">Process Explorer v16.25</A><BR />This update to Process Explorer fixes a potential buffer overflow when processing abnormally large environment variable blocks.</P> <P>&nbsp;</P> <P><A href="#" target="_blank">Sysmon v10.01</A><BR />This update to Sysmon fixes a memory leak in image load events that v10.0 introduced.</P> Thu, 27 Jun 2019 22:46:59 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/handle-v4-22-notmyfault-v4-20-process-explorer-v16-25-sysmon-v10/ba-p/726803 MarkRussinovich 2019-06-27T22:46:59Z Sysmon v10.0, Autoruns v13.95, VMMap v3.26 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v10-0-autoruns-v13-95-vmmap-v3-26/ba-p/726797 <P><STRONG>First published on TechNet on Jun 12, 2019<SPAN>&nbsp;</SPAN></STRONG></P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener">Sysmon 10.0</A><BR /><SPAN>This release of Sysmon adds DNS query logging, reports OriginalFileName in process create and load image events, adds ImageName to named pipe events, logs pico process creates and terminates, and fixes several bugs.</SPAN></P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener">Autoruns 13.95</A><BR /><SPAN>This Autoruns update adds support for user Shell folders redirections.&nbsp;&nbsp;</SPAN></P> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="noopener">VMMap 3.26</A><BR />This update to VMMap, a tool for looking at the virtual and physical memory usage of a process, fixes a bug in 64-bit CLR heap reporting.</P> Thu, 27 Jun 2019 22:45:34 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v10-0-autoruns-v13-95-vmmap-v3-26/ba-p/726797 MarkRussinovich 2019-06-27T22:45:34Z Sysmon v9.0, Autoruns v13.94 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v9-0-autoruns-v13-94/ba-p/726095 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 19, 2019 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon 9.0 </A> <BR /> <SPAN> Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification. </SPAN> <BR /> <BR /> <A href="#" target="_blank"> Autoruns 13.94 </A> <BR /> <SPAN> This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and cmd.exe. </SPAN> </BODY></HTML> Thu, 27 Jun 2019 19:21:58 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v9-0-autoruns-v13-94/ba-p/726095 MarkRussinovich 2019-06-27T19:21:58Z Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-93-handle-v4-21-process-explorer-v16-22-sdelete-v2/ba-p/726094 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 09, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Autoruns 13.93 </A> <BR /> This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version. <BR /> <BR /> <A href="#" target="_blank"> Handle 4.21 </A> <BR /> This Handle release fixes a race condition that could cause a bluescreen. <BR /> <BR /> <A href="#" target="_blank"> ProcessExplorer 16.22 </A> <BR /> This Process Explorer release fixes a race condition that could cause a bluescreen. <BR /> <BR /> <A href="#" target="_blank"> Sdelete 2.02 </A> <BR /> SDelete now includes a progress filter that reports progress for the disk cleaning phase that purges MFT resident files. <BR /> <BR /> <A href="#" target="_blank"> Sigcheck 2.71 </A> <BR /> This release fixes a crash when attempting to scan small files (&lt; 512 bytes) and resolves issue with incorrect timestamp being reported. <BR /> <BR /> <A href="#" target="_blank"> Sysmon 8.2 </A> <BR /> This Sysmon release fixes several filtering bugs, resolves a handle leak and high CPU usage for certain filters when on Windows 7 and Windows Server 2008, and fixes a bug that could cause the service process to crash. <BR /> <BR /> <A href="#" target="_blank"> VMMap 3.25 </A> <BR /> This VMMap update fixes a bug that prevented profiling a 32-bit application on a 64-bit OS. </BODY></HTML> Thu, 27 Jun 2019 19:21:52 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-93-handle-v4-21-process-explorer-v16-22-sdelete-v2/ba-p/726094 MarkRussinovich 2019-06-27T19:21:52Z Sigcheck 2.70, BgInfo v4.26, and VMMap v3.22 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sigcheck-2-70-bginfo-v4-26-and-vmmap-v3-22/ba-p/726092 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 21, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sigcheck v2.70 </A> <BR /> <SPAN> Windows WinVerifyTrust function reports signed MSI files that have malware appended to them as signed, so Sigcheck now indicates when appended content is present. </SPAN> <BR /> <BR /> <A href="#" target="_blank"> BgInfo v4.26 </A> <BR /> BgInfo now honors AppLocker scripting policy. <BR /> <BR /> <A href="#" target="_blank"> VMMap v3.22 </A> <BR /> This release of VMMap fixes bugs that excluded copy-on-write pages from the private bytes total and that double counted the contribution of page table entries (PTEs). </BODY></HTML> Thu, 27 Jun 2019 19:21:46 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sigcheck-2-70-bginfo-v4-26-and-vmmap-v3-22/ba-p/726092 MarkRussinovich 2019-06-27T19:21:46Z Sysmon v8.0, Autoruns v13.90 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v8-0-autoruns-v13-90/ba-p/726091 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jul 05, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v8.0 </A> <BR /> This update to Sysmon adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations. <BR /> <BR /> <A href="#" target="_blank"> Autoruns 13.90 </A> <BR /> Autoruns, a comprehensive Windows autostart entry point (ASEP) manager, now includes Runonce\*\Depend keys and GPO logon and logoff locations, as well as fixes a bug in WMI path parsing. <BR /> <BR /> </BODY></HTML> Thu, 27 Jun 2019 19:21:40 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v8-0-autoruns-v13-90/ba-p/726091 MarkRussinovich 2019-06-27T19:21:40Z RAMMap v1.51 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rammap-v1-51/ba-p/726090 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jun 01, 2018 </STRONG> <BR /> <A href="#" target="_blank"> RAMMap v1.51 </A> <BR /> This update to RAMMap fixes an incompatibility with the latest version of Windows 10. </BODY></HTML> Thu, 27 Jun 2019 19:21:33 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/rammap-v1-51/ba-p/726090 MarkRussinovich 2019-06-27T19:21:33Z Sysmon v7.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-03/ba-p/726089 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 14, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v7.03 </A> <BR /> This update to Sysmon fixes a service executable crash that could result from long file names, and does not hash files larger than 2GB to avoid causing performance issues with SQL Server's large alternate data streams it places on database files. </BODY></HTML> Thu, 27 Jun 2019 19:21:28 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-03/ba-p/726089 MarkRussinovich 2019-06-27T19:21:28Z Sysmon v7.02 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-02/ba-p/726088 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Apr 30, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v7.02 </A> <BR /> This update to Sysmon, an advanced security logging service, fixes memory leaks in its thread and process tracking callbacks. </BODY></HTML> Thu, 27 Jun 2019 19:21:23 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-02/ba-p/726088 MarkRussinovich 2019-06-27T19:21:23Z Process Monitor v3.50, Autoruns v13.82, Du v1.61, SDelete v2.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-50-autoruns-v13-82-du-v1-61-sdelete-v2-01/ba-p/726086 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 17, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Process Monitor v3.50 </A> <BR /> <SPAN> Process Monitor now includes a /runtime switch to control headless capture duration, correctly shows picoprocesses, displays details for file system APIs introduced in Windows 10, and includes numerous minor improvements and bug fixes. </SPAN> <BR /> <BR /> <A href="#" target="_blank"> Autoruns v13.82 </A> <BR /> <SPAN> This Autoruns release shows Onenote addins and fixes several bugs. </SPAN> <BR /> <BR /> <A href="#" target="_blank"> Du v1.61 </A> <BR /> This update to Disk Usage (Du) handles paths greater than MAX_PATH (260 characters) in length. <BR /> <BR /> <A href="#" target="_blank"> SDelete v2.01 </A> <BR /> SDelete v2.01 fixes a bug that could cause it to hang with the progress indicator at 100%. <BR /> <BR /> </BODY></HTML> Thu, 27 Jun 2019 19:21:17 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/process-monitor-v3-50-autoruns-v13-82-du-v1-61-sdelete-v2-01/ba-p/726086 MarkRussinovich 2019-06-27T19:21:17Z Bginfo v4.25 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-v4-25/ba-p/726085 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 19, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Bginfo v4.25 </A> <BR /> This release fixes a bug introduced in v4.20 that caused Bginfo to read ASCII text files incorrectly. </BODY></HTML> Thu, 27 Jun 2019 19:21:10 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-v4-25/ba-p/726085 MarkRussinovich 2019-06-27T19:21:10Z Bginfo https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo/ba-p/726083 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 19, 2018 </STRONG> <BR /> </BODY></HTML> Thu, 27 Jun 2019 19:21:05 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo/ba-p/726083 MarkRussinovich 2019-06-27T19:21:05Z Sysmon v7.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-01/ba-p/726082 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 05, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v7.01 </A> <BR /> This release fixes a bug in v7.01 that could cause the sysmon config change event to be corrupt, as well as one that prevented registry keys from being reported with abbreviated root key names (e.g. HKLM). </BODY></HTML> Thu, 27 Jun 2019 19:21:00 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-01/ba-p/726082 MarkRussinovich 2019-06-27T19:21:00Z Sysmon v7.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-0/ba-p/726081 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 02, 2018 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v7.0 </A> <BR /> <SPAN> Sysmon now logs file version information, and the option to dump the configuration schema adds the ability to dump an older schema or dump all historical schemas. </SPAN> </BODY></HTML> Thu, 27 Jun 2019 19:20:54 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v7-0/ba-p/726081 MarkRussinovich 2019-06-27T19:20:54Z Bginfo v4.24 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-v4-24/ba-p/726080 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 31, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Bginfo v4.24 </A> <BR /> This update to Bginfo fixes reported regressions in v4.23 and is compatible with all .bgi files except those created by v4.23. </BODY></HTML> Thu, 27 Jun 2019 19:20:46 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/bginfo-v4-24/ba-p/726080 MarkRussinovich 2019-06-27T19:20:46Z Autoruns v13.81, Bginfo v4.23, Handle v4.11 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-81-bginfo-v4-23-handle-v4-11/ba-p/726079 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 12, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Autoruns v13.81 <BR /> </A> This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths to result in 'file not found' errors, and expands the set of images not considered part of Windows for the Windows filter in order to reveal malicious files masquerading as Windows images. <BR /> <BR /> <A href="#" target="_blank"> Bginfo v4.23 </A> <BR /> This update to Bginfo fixes bugs that caused incorrect scaling on Windows 10 multimonitor systems. <BR /> <BR /> <A href="#" target="_blank"> Handle v4.11 </A> <BR /> When run on 64-bit systems, Handle now extracts the 64-bit version to the %TEMP% directory rather than the local directory. </BODY></HTML> Thu, 27 Jun 2019 19:20:39 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v13-81-bginfo-v4-23-handle-v4-11/ba-p/726079 MarkRussinovich 2019-06-27T19:20:39Z Sysmon v6.2, AccessChk 6.20, Sigcheck v2.60, Whois v1.20 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v6-2-accesschk-6-20-sigcheck-v2-60-whois-v1-20/ba-p/726078 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Nov 22, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6.20 </A> <BR /> <SPAN> This Sysmon release adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence. </SPAN> <BR /> <BR /> <A href="#" target="_blank"> AccessChk v6.20 </A> <BR /> This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, fixes a bug in that could cause it to crash when looking up account effective access checks. <BR /> <BR /> <A href="#" target="_blank"> Sigcheck v2.60 </A> <BR /> This release fixes catalog signing and timestamp reporting bugs, and no longer truncates publisher names that include commas. <BR /> <BR /> <A href="#" target="_blank"> Whois v1.20 </A> <BR /> <SPAN> Whois, a command-line utility that reports domain registration information for the specified domain, works with new whois registry server redirects. </SPAN> </BODY></HTML> Thu, 27 Jun 2019 19:20:33 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v6-2-accesschk-6-20-sigcheck-v2-60-whois-v1-20/ba-p/726078 MarkRussinovich 2019-06-27T19:20:33Z Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-10-process-monitor-v3-40-autoruns/ba-p/726077 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Sep 12, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6.10 </A> <BR /> This update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, adds monitoring of WMI filters and consumers, an autostart mechanism commonly used by malware, and fixes a bug in image load filtering. <BR /> <BR /> <A href="#" target="_blank"> Process Monitor v3.40 </A> <SPAN> <BR /> </SPAN> Process Monitor, a file system registry, process and network real-time monitor, now includes a /runtime switch for terminating monitoring after a specified amount of time, when in hexadecimal mode shows process tree process IDs in hexadecimal, and fixes a bug in automated boot log conversion. <BR /> <BR /> <A href="#" target="_blank"> Autoruns v13.80 </A> <SPAN> <BR /> </SPAN> This release of Autoruns, a utility for viewing and managing autostart execution points (ASEPs), adds additional autostart entry points, has asynchronous file saving, fixes a bug parsing 32-bit paths on 64-bit Windows, shows the display name for drivers and services, and fixes a bug in offline Virus Total scanning. <BR /> <BR /> <A href="#" target="_blank"> AccessChk v6.11 </A> <BR /> This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, adds a cache to improve queries that enumerate multiple objects, and has the -s switch start container enumeration at the specified container when -d is specified. </BODY></HTML> Thu, 27 Jun 2019 19:20:27 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-10-process-monitor-v3-40-autoruns/ba-p/726077 MarkRussinovich 2019-06-27T19:20:27Z Sysinternals Update: Sysmon v6.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-03/ba-p/726074 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jun 17, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6.03 <BR /> </A> This release of Sysmon fixes a bug that prevented imageload include filters from working in some configurations. </BODY></HTML> Thu, 27 Jun 2019 19:20:23 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-03/ba-p/726074 MarkRussinovich 2019-06-27T19:20:23Z Sysinternals Update: Sysmon v6.02, Sigcheck v2.55 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-02-sigcheck-v2-55/ba-p/726073 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 22, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6.02 </A> <BR /> This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, fixes a bug in the named pipe monitoring logic that could cause a bluescreen crash. <BR /> <BR /> <A href="#" target="_blank"> Sigcheck v2.55 </A> <BR /> This update to Sigcheck, a command-line utility that reports detailed information about images, includes a fix for a bug that caused the display of publisher names with commas to be truncated at the first comma. </BODY></HTML> Thu, 27 Jun 2019 19:20:17 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-sysmon-v6-02-sigcheck-v2-55/ba-p/726073 MarkRussinovich 2019-06-27T19:20:17Z Sysinternals Update: ProcDump v9, Autoruns v13.71, BgInfo v4.22, LiveKd v5.62, Process Monitor v3.33, Process Explorer v16.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-procdump-v9-autoruns-v13-71-bginfo-v4-22/ba-p/726072 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 16, 2017 </STRONG> <BR /> <A href="#" target="_blank"> ProcDump v9 </A> <BR /> This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process. <BR /> <BR /> <A href="#" target="_blank"> Autoruns v13.71 </A> <BR /> This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images. <BR /> <BR /> <A href="#" target="_blank"> BgInfo v4.22 </A> <BR /> This release of Bginfo honors Device Guard policy for VB scripts specified as the source of field data. <BR /> <BR /> <A href="#" target="_blank"> LiveKd v5.62 </A> <BR /> This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store. <BR /> <BR /> <A href="#" target="_blank"> Process Monitor v3.33 </A> <BR /> Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store. <BR /> <BR /> <A href="#" target="_blank"> Process Explorer v16.21 </A> <BR /> This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate. </BODY></HTML> Thu, 27 Jun 2019 19:20:13 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysinternals-update-procdump-v9-autoruns-v13-71-bginfo-v4-22/ba-p/726072 MarkRussinovich 2019-06-27T19:20:13Z Update Sysmon v6.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v6-01/ba-p/726071 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Mar 14, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6 </A> <BR /> This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, includes bug fixes that could cause blue screens with named pipe monitoring, maps HKEY_USERS to the standard HKU abbreviation, and </BODY></HTML> Thu, 27 Jun 2019 19:20:07 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v6-01/ba-p/726071 MarkRussinovich 2019-06-27T19:20:07Z Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor/ba-p/726068 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 17, 2017 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v6 </A> <BR /> This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “How to Go From Responding to Hunting with Sysinternals Sysmon.” <BR /> <BR /> <A href="#" target="_blank"> Autoruns v13.7 </A> <BR /> Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMI\Default namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays. <BR /> <BR /> <A href="#" target="_blank"> AccessChk v6.1 </A> <BR /> This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes. <BR /> <BR /> <A href="#" target="_blank"> Process Monitor v3.32 </A> <BR /> This update of Process Monitor, a file system registry, process and network real-time monitor, adds an option to display process and thread IDs in hexadecimal format, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10. <BR /> <BR /> <A href="#" target="_blank"> Process Explorer v16.2 </A> <BR /> The latest release of Process Explorer, a powerful process management and diagnostic utility, fixes a bug listing Wow64 thread stacks, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10. <BR /> <BR /> <A href="#" target="_blank"> LiveKd v5.61 </A> <BR /> This release of LiveKd, a live-system kernel debugger and dump generator, includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10. <BR /> <BR /> <A href="#" target="_blank"> BgInfo v4.21 </A> <BR /> This update to BgInfo, a utility that adds system information to the desktop background, fixes a bug that prevented the standalone 64-bit version from working. </BODY></HTML> Thu, 27 Jun 2019 19:20:03 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor/ba-p/726068 MarkRussinovich 2019-06-27T19:20:03Z Announcing a new book, Troubleshooting with the Windows Sysinternals Tools https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/announcing-a-new-book-troubleshooting-with-the-windows/ba-p/726066 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 01, 2016 </STRONG> <BR /> <A href="#" target="_blank"> Announcing a new book, Troubleshooting with the Windows Sysinternals Tools </A> <BR /> Become a Windows troubleshooting master and get the most out of the Sysinternals tools. Completely updated and expanded, this book by Sysinternals co-creator Mark Russinovich and Windows expert Aaaron Margosis covers all the tools, with full chapters on the major tools like Process Explorer, Process Monitor, Autoruns, and has 45 “case of the unexplained…” examples of the tools solving real-world problems </BODY></HTML> Thu, 27 Jun 2019 19:20:00 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/announcing-a-new-book-troubleshooting-with-the-windows/ba-p/726066 MarkRussinovich 2019-06-27T19:20:00Z Sysmon v5, Process Explorer v16.20, Procdump v8.2, LiveKd v5.6 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v5-process-explorer-v16-20-procdump-v8-2-livekd-v5-6/ba-p/726065 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 01, 2016 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v5 </A> <BR /> This major update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces file create and registry modification logging. These event types make it possible to configure filters that capture updates to critical system configuration as well as changes to autostart entry points used by malware. <BR /> <BR /> <A href="#" target="_blank"> Process Explorer v16.20 </A> <BR /> This release of Process Explorer, a powerful process management and diagnostic utility, adds reporting of process Control Flow Guard (CFG) status and dynamically updates to reflect changes to process Data Execution Prevention (DEP) configuration. <BR /> <BR /> <A href="#" target="_blank"> Procdump v8.2 </A> <BR /> Procdump, a command-line utility that generates process dumps on demand or based on triggers that include memory, CPU, exception and performance counter thresholds, adds a -kill option that terminates a process after its dump completes rather than allowing an exception to pass to Windows Error Reporting (WER), and a -wer switch to copy dumps to the WER queue. <BR /> <BR /> <A href="#" target="_blank"> LiveKd v5.6 </A> <BR /> LiveKd, a tool that enables interactive kernel debugger analysis of a live system or virtual machine, includes a batch-mode option designed for scripted analysis that omits the prompt to re-execute LiveKD after a debugger session terminates. </BODY></HTML> Thu, 27 Jun 2019 19:19:56 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/sysmon-v5-process-explorer-v16-20-procdump-v8-2-livekd-v5-6/ba-p/726065 MarkRussinovich 2019-06-27T19:19:56Z Update: Sysmon v4.12, Autologon v3.1, Sigcheck v2.54, Process Monitor v3.31 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v4-12-autologon-v3-1-sigcheck-v2-54-process/ba-p/726064 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Aug 29, 2016 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v4.12 </A> <BR /> This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, now reports the status of CRL checking and fixes a bug where certain configuration files could cause the driver to blue screen. <BR /> <BR /> <A href="#" target="_blank"> Sigcheck v2.5 </A> 4 <BR /> This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, fixes a bug that could result in it reporting signed files that have been modified as having a valid signature. <BR /> <BR /> <A href="#" target="_blank"> Autologon v3.1 </A> <BR /> Autologon, a utility that configures Windows to automatically log on a specified user account after booting, now validates the entered credentials before accepting them. <BR /> <BR /> <A href="#" target="_blank"> Process Monitor v3.31 </A> <BR /> This release of Process Monitor, an advanced real-time file system, registry, process, image and network monitoring tool, fixes a bugs that caused it to crash when processing some boot logs and when saving logged events to a backing file. </BODY></HTML> Thu, 27 Jun 2019 19:19:52 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v4-12-autologon-v3-1-sigcheck-v2-54-process/ba-p/726064 MarkRussinovich 2019-06-27T19:19:52Z Update: Sysmon v4, Procdump v8, Sigcheck v2.51 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v4-procdump-v8-sigcheck-v2-51/ba-p/726063 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Apr 28, 2016 </STRONG> <BR /> <A href="#" target="_blank"> Sysmon v4.0 </A> <BR /> This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, allowing for both include and exclude rules to be specified for specific events types, as well as complex matching on different event fields. <BR /> <BR /> <A href="#" target="_blank"> Procdump v8.0 </A> <BR /> Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, now creates a named event that can be signaled by another process to gracefully terminate it, does more intelligent default path searches for the debugging tools libraries, and makes trigger timing and repeat behaviors consistent across trigger types. <BR /> <BR /> <A href="#" target="_blank"> Sigcheck v2.51 </A> <BR /> This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now cleanses newline and other characters from CSV output to prevent line breaks. </BODY></HTML> Thu, 27 Jun 2019 19:19:47 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v4-procdump-v8-sigcheck-v2-51/ba-p/726063 MarkRussinovich 2019-06-27T19:19:47Z Update: Sigcheck v2.5, Process Explorer v16.11, Whois v1.13, RAMMap v1.5 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sigcheck-v2-5-process-explorer-v16-11-whois-v1-13-rammap/ba-p/726060 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 02, 2016 </STRONG> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.5 </A> <BR /> This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers. </P> <BR /> <P> <A href="#" target="_blank"> Sysmon v3.21 </A> <BR /> This update fixes a paged pool leak of token objects when image logging is enabled. </P> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.11 </A> <BR /> This release of Process Explorer, a powerful process management utility, fixes a bug that caused it to crash when it encountered an image with a path length longer than a few thousand characters. </P> <BR /> <P> <A href="#" target="_blank"> Whois v1.13 </A> <BR /> Whois, a command-line utility that reports domain name ownership information for the specified name or IP address, now includes a fix for a bug that would cause it to crash when passed an IP address with no DNS mapping. </P> <BR /> <P> <A href="#" target="_blank"> RAMMap v1.5 </A> <BR /> This update to RAMMap, a utility that shows detailed information about physical memory usage, works on the latest version of Windows 10. </P> </BODY></HTML> Thu, 27 Jun 2019 19:19:42 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sigcheck-v2-5-process-explorer-v16-11-whois-v1-13-rammap/ba-p/726060 MarkRussinovich 2019-06-27T19:19:42Z Update: Sigcheck v2.4, Sysmon v3.2, Process Explorer v16.1, Autoruns v13.51, AccessChk v6.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sigcheck-v2-4-sysmon-v3-2-process-explorer-v16-1-autoruns/ba-p/726059 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 05, 2016 </STRONG> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.4 </A> <BR /> This update to Sigcheck, a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the ability to take image information captured from Sigcheck on a system disconnected from the Internet and obtain VirusTotal status from one that’s connected. </P> <BR /> <P> <A href="#" target="_blank"> Sysmon v3.2 </A> <BR /> This release of Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, now has the option of logging raw disk and volume accesses, operations commonly performed by malicious toolkits to read information by bypassing higher-level security features. Thanks to David Magnotti for the contribution. </P> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.1 </A> <BR /> Process Explorer now includes a column in the handle view that reports the text version of handle access masks, as well as several bug fixes including one that would result in the suspension of .NET threads when viewed via the stack dialog. </P> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.51 </A> <BR /> This release of Autoruns, a comprehensive autostart entry manager, fixes a WMI command-line parsing bug, emits a UNICODE BOM in the file generated when saving results to a text file, and adds back the ability to selectively verify the signing status of individual entries. </P> <BR /> <P> <A href="#" target="_blank"> AccessChk v6.01 </A> <BR /> This release of AccessChk, a command-line utility that reports effective and actual access for many different object types including files, registry keys, and services, now handles accounts with long names, fixes a bug that prevented reporting of kernel object accesses when run elevated, and fixes the inadvertent creation of a registry key when querying a non-existent key. </P> </BODY></HTML> Thu, 27 Jun 2019 19:19:36 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sigcheck-v2-4-sysmon-v3-2-process-explorer-v16-1-autoruns/ba-p/726059 MarkRussinovich 2019-06-27T19:19:36Z Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-5-sigcheck-v2-3-rammap-v1-4-bginfo-v4-21/ba-p/726033 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 26, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.5 </A> <BR /> This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan. </P> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.30 </A> <BR /> Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents, includes updated Windows 10 certificate OIDs, support for checking corresponding MUI (internationalization strings) files for more accurate version data, and now shows the version company name as well as signature publisher for signed files. </P> <BR /> <P> <A href="#" target="_blank"> RAMMap v1.4 </A> <BR /> This release of RAMMap, a tool that reports detailed information about physical memory usage, is compatible with Windows 10 and includes a bug fix that could cause a crash when a long file name was scrolled into view in the file summary page. </P> <BR /> <P> <A href="#" target="_blank"> BgInfo v4.21 </A> <BR /> BgInfo, a utility that displays customization text and system information on the desktop wallpaper, now correctly reports Windows 10 and Windows Server 2016, and fixes a bug that could cause incorrect desktop bitmap sizes on systems with high DPI. </P> <BR /> <P> <A href="#" target="_blank"> Sysmon v3.11 </A> <BR /> Sysmon is a system utility that logs security relevant process, network and file events to the event log. This update fixes a memory leak for DLL image load event monitoring and removes a misleading warning when processing configuration files. </P> <BR /> <P> <A href="#" target="_blank"> ADInsight v1.2 </A> <BR /> ADInsight, a real-time monitoring tool, now includes support for 64-bt Windows as well as numerous bug fixes. </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:57 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-5-sigcheck-v2-3-rammap-v1-4-bginfo-v4-21/ba-p/726033 MarkRussinovich 2019-06-27T19:03:57Z Update: Sysmon v3.1, LogonSessions v1.3, VMMap v3.21 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v3-1-logonsessions-v1-3-vmmap-v3-21/ba-p/726032 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jul 22, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Sysmon v3.1 </A> <BR /> This update to Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, adds information about the thread initialization function for CreateRemoteThread events, including the DLL and function name and address. It also changes the format of timestamps to allow for simple string sorting and fixes several bugs. </P> <BR /> <P> <A href="#" target="_blank"> LogonSessions v1.3 </A> <BR /> LogonSessions, a command-line utility that reports information about Windows authentication sessions including the user, authenticating server, time a session was created, and processes running in a session, now includes options for emitting CSV and tab-delimited output for easy import into Excel and other applications. </P> <BR /> <P> <A href="#" target="_blank"> VMMap v3.21 </A> <BR /> This update to VMMap, an advanced utility that shows a detailed breakdown of a process’s virtual and physical memory usage, fixes a bug where unused memory was reported as commited, and another that omitted call-tree summary statistics. </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:40 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v3-1-logonsessions-v1-3-vmmap-v3-21/ba-p/726032 MarkRussinovich 2019-06-27T19:03:40Z Update: AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-accesschk-v6-0-autoruns-v13-4-process-monitor-v3-2-vmmap/ba-p/726030 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 26, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> AccessChk v6.0 </A> <BR /> This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations. </P> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.4 </A> <BR /> Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect. </P> <BR /> <P> <A href="#" target="_blank"> Process Monitor v3.2 </A> <BR /> Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10. </P> <BR /> <P> <A href="#" target="_blank"> VMMap v3.2 </A> <BR /> This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG). </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:33 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-accesschk-v6-0-autoruns-v13-4-process-monitor-v3-2-vmmap/ba-p/726030 MarkRussinovich 2019-06-27T19:03:33Z Update: Sysmon v3.0, Autornus v13.3, Regjump v1.1, Process Monitor v3.11 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v3-0-autornus-v13-3-regjump-v1-1-process-monitor/ba-p/726029 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Apr 20, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Sysmon v3.0 </A> <BR /> This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, adds the process name to process terminate events, reports remote thread creation events, and improves the simplicity and flexibility of filter settings. </P> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.3 </A> <BR /> Autoruns, a utility that shows what processes, DLLs, and drivers are configured to automatically load, adds reporting of GP extension DLLs and now shows the target of hosting processes like cmd.exe and rundll32.exe. </P> <BR /> <P> <A href="#" target="_blank"> Regjump v1.1 </A> <BR /> Regjump, a command-line utility that navigates Regedit to the registry path specified as a parameter, adds the -c option to jump to the path stored in the copy/paste clipboard. </P> <BR /> <P> <A href="#" target="_blank"> Process Monitor v3.11 </A> <BR /> This update to Process Monitor, an interactive system activity monitoring utility, fixes a bug that could cause a crash in the stack summary dialog and a bug that could prevent boot monitoring from working on Windows 10. </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:26 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-sysmon-v3-0-autornus-v13-3-regjump-v1-1-process-monitor/ba-p/726029 MarkRussinovich 2019-06-27T19:03:26Z Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-livekd-v5-4-autoruns-v13-2-sigcheck-v2-2-process-explorer/ba-p/726028 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Mar 10, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> LiveKd v5.4 </A> <BR /> This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2. </P> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.2 </A> <BR /> In addition to bug fixes to CSV and XML output, Autorunsc introduces import-hash reporting, and Autoruns now excludes command-line and other host processes from the Microsoft and Windows filters. </P> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.2 </A> <BR /> This release of Sigcheck, a command-line tool that reports file version, code signing, and hash information, introduces import-hash reporting and support for files larger than 4 GB. </P> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.05 </A> <BR /> Process Explorer now includes a Protection column that shows process protection status. </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:19 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-livekd-v5-4-autoruns-v13-2-sigcheck-v2-2-process-explorer/ba-p/726028 MarkRussinovich 2019-06-27T19:03:19Z Update: Autoruns v13.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-01/ba-p/726027 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 09, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.01 </A> </P> <BR /> <P> This release fixes a bug in v13 that caused autostart entry lines not to show when you enter a filter string into the toolbar's filter control </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:13 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-01/ba-p/726027 MarkRussinovich 2019-06-27T19:03:13Z Update: Autoruns v13.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-0/ba-p/726026 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 29, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Autoruns v13.0 </A> </P> <BR /> <P> This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines. It also includes a revamped scanning architecture that supports dynamic filters, including a free-form text filter, a greatly improved compare feature that highlights not just new items but deleted ones as well, and file saving and loading that preserves all the information of a scan </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:07 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v13-0/ba-p/726026 MarkRussinovich 2019-06-27T19:03:07Z Updates: Sysmon v2.0, Accesschk v5.21, RU v1.1 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-sysmon-v2-0-accesschk-v5-21-ru-v1-1/ba-p/726024 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 19, 2015 </STRONG> <BR /> <P> <A href="#" target="_blank"> Sysmon v2.0 </A> <BR /> This major update to Sysmon, a service that records process activity to the Windows event log for use by incident detection and forensic analysis, includes driver load and image load events with signature information, configurable hashing algorithm reporting, flexible filters for including and excluding events, and support for supplying configuration via a configuration file instead of the command line. </P> <BR /> <P> <A href="#" target="_blank"> AccessChk v5.21 </A> <BR /> This update to Accesschk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, adds an option to report permissions as SDDL strings, adds new process permission types, and fixes a bug with showing process security descriptors. </P> <BR /> <P> <A href="#" target="_blank"> RU v1.1 </A> <BR /> RU (Registry Usage), a command-line tool that shows registry usage by key, now supports loading hive files (with the side-effect of compressing them when done) and reports last write timestamp in CSV output. </P> </BODY></HTML> Thu, 27 Jun 2019 19:03:03 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-sysmon-v2-0-accesschk-v5-21-ru-v1-1/ba-p/726024 MarkRussinovich 2019-06-27T19:03:03Z Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-handle-v4-0-procdump-v7-01-procexp-v16-04-regjump-v1-02/ba-p/726023 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Sep 11, 2014 </STRONG> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Handle v4" target="_blank"> Handle v4 </A> : </SPAN> <SPAN style="font-family:'Calibri','sans-serif';font-size:11pt;"> Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes. </SPAN> </P> <BR /> <P> <SPAN style="font-family:'Calibri','sans-serif';font-size:11pt;"> </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="ProcDump v7.01" target="_blank"> ProcDump v7.01 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This release fixes several bugs, including one that affects the UI hang trigger, one that causes misnamed dump files for reflected dumps, and another that would cause .NET applications Procdump monitors for first-chance exceptions to terminate with Procdump. </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Process Explorer v16.04" target="_blank"> Process Explorer v16.04 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This update fixes a bug in Virus Total file submission that could cause a crash, and now shows Windows Store package names on the Image page of the process properties dialog. </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="RegJump v1.02" target="_blank"> RegJump v1.02 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> Regjump, a utility that opens Regedit to the registry key specified as a command-line argument, now works on 64-bit Windows. </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Autoruns v12.03" target="_blank"> Autoruns v12.03 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This update to Autoruns adds the registered HTML file extension, fixes a bug that could cause disabling of specific entry types to fail with a “path not found” error, and addresses another that could prevent the Jump-to-image function from opening the selected image on 64-bit Windows. </SPAN> </P> <BR /> <P> <SPAN style="font-family:'Calibri','sans-serif';font-size:11pt;"> <SPAN style="font-family:Times New Roman;font-size:medium;"> </SPAN> <BR /> </SPAN> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:57 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-handle-v4-0-procdump-v7-01-procexp-v16-04-regjump-v1-02/ba-p/726023 MarkRussinovich 2019-06-27T19:02:57Z Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v12-02-coreinfo-v3-31-sysmon-v1-01-whois-v1-12/ba-p/726022 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Aug 19, 2014 </STRONG> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Autoruns v12.02" target="_blank"> Autoruns v12.02 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC. </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Coreinfo v3.31" target="_blank"> Coreinfo v3.31 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This update fixes a bug that could prevent the Coreinfo driver from loading </SPAN> . </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Sysmon v1.01" target="_blank"> Sysmon v1.01 </A> : </SPAN> <SPAN style="font-family:Calibri;font-size:medium;"> This fixes the manifest registration so that Sysmon event logs can be interpreted without installing Sysmon, and now includes unique UDP connections within 15-minute intervals. </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> </SPAN> </P> <BR /> <P style="margin:0in 0in 0pt;"> <SPAN style="font-family:Calibri;font-size:medium;"> <A href="#" title="Whois v1.12" target="_blank"> Whois v1.12 </A> : </SPAN> <SPAN style="font-family:'Calibri','sans-serif';font-size:11pt;"> This release fixes the verbose output to not show the final record twice. </SPAN> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:51 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v12-02-coreinfo-v3-31-sysmon-v1-01-whois-v1-12/ba-p/726022 MarkRussinovich 2019-06-27T19:02:51Z New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/new-sysmon-v1-0-updates-autoruns-v12-01-coreinfo-v3-3-procexp/ba-p/726021 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Aug 08, 2014 </STRONG> <BR /> <P> <A href="#" title="Sysmon v1.0" target="_blank"> Sysmon v1.0 </A> : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers, and correlate events across your network to track them as they traverse your network. </P> <BR /> <P> </P> <BR /> <P> <A href="#" title="Autoruns v12.01" target="_blank"> Autoruns v12.01 </A> : This update to Autoruns, a utility that comes in Windows application and command-line forms, has numerous bug fixes, adds a profile attribute/column to CSV and XML output, and interprets the CodeBase value for COM object registrations. </P> <BR /> <P> </P> <BR /> <P> <A href="#" title="Coreinfo v3.3" target="_blank"> Coreinfo v3.3 </A> : Coreinfo is a command-line utility that reports comprehensive information about a system’s processors, including their cache sizes and topology, memory latency, and processor features, now reports virtual memory address width as well as support for many additional instructions, including PT, SHA, MPX, CFLUSHOPT, and AVX variants. </P> <BR /> <P> </P> <BR /> <P> <A href="#" title="Procexp v16.03" target="_blank"> Procexp v16.03 </A> : This release of Process Explorer, a process viewing and control utility, fixes several bugs, including one where moving the mouse over the information graphs could cause it to crash and another that could cause a crash when checking Virus Total results. </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:44 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/new-sysmon-v1-0-updates-autoruns-v12-01-coreinfo-v3-3-procexp/ba-p/726021 MarkRussinovich 2019-06-27T19:02:44Z Mark's Latest Novel and TechEd Presentations Now Available https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/mark-s-latest-novel-and-teched-presentations-now-available/ba-p/726020 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 28, 2014 </STRONG> <BR /> <P> <A href="#" title="Mark's Latest Novel: Rogue Code" target="_blank"> Mark's Latest Novel, <EM> Rogue Code </EM> </A> : The third book in Mark’s Jeff Aiken technothriller series was published on May 20. In <EM> Rogue Code </EM> , Jeff is hired to penetration test the New York Stock Exchange. When he reaches the heart of the trading engine he discovers malware that’s manipulating trades to skim money while blending in with high-frequency trading (HFT) algorithms. He’s accused of hacking and goes on the run in a race against the clock to clear his name and prevent a multi-billion dollar heist that could cause the collapse of the US financial system. As with his previous novels, Mark doesn’t compromise technical accuracy while building a thrilling story. <EM> Rogue Code </EM> is available in Audible, ebook, and hard cover versions. </P> <BR /> <P> <BR /> <A href="#" title="Mark&amp;rsquo;s TechEd&amp;nbsp;North America&amp;nbsp;Presentations" target="_blank"> Mark’s TechEd&nbsp;Presentations </A> : Mark delivered five top-rated and top-attended presentations at TechEd North America this year. They included: his latest edition of the ever-popular “Case of the Unexplained” on Windows troubleshooting; a new “Malware Hunting with the Sysinternals Tools” that highlights the latest malware trends; a presentation with Nathan Ide on pass-the-hash mitigations introduced in Windows 8.1; a talk on Azure’s security architecture and its design for hostile multitenancy; and a wide-ranging conversation with IT Pro luminary Mark Minasi on cloud computing trends and considerations. If you missed being there in person, you can watch them now on demand at the TechEd webcast site. </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:38 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/mark-s-latest-novel-and-teched-presentations-now-available/ba-p/726020 MarkRussinovich 2019-06-27T19:02:38Z Updates: Autoruns v12.0, Procdump v7.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v12-0-procdump-v7-0/ba-p/726019 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 13, 2014 </STRONG> <BR /> <P> </P> <BR /> <P> <A href="#" title="Autoruns v12.0" target="_blank"> Autoruns v12.0 </A> : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. </P> <BR /> <P> </P> <BR /> <P> <A href="#" title="Procdump v7.0" target="_blank"> Procdump v7.0 </A> :&nbsp;Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger. </P> <BR /> <P> </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:32 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v12-0-procdump-v7-0/ba-p/726019 MarkRussinovich 2019-06-27T19:02:32Z Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-accesschk-v5-2-psexec-v2-11-sigcheck-v2-1-vmmap-v3-12/ba-p/726017 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 02, 2014 </STRONG> <BR /> <P> <SPAN style="font-size:small;"> <SPAN style="font-family:Calibri;"> <A href="#" title="AccessChk v5.2" target="_blank"> AccessChk v5.2 </A> : </SPAN> <SPAN style="font-family:Calibri;"> This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it dumps security descriptors. </SPAN> </SPAN> </P> <BR /> <P> <SPAN style="font-size:small;"> <SPAN style="font-family:Calibri;"> <A href="#" title="PsExec v2.11" target="_blank"> PsExec v2.11 </A> : </SPAN> <SPAN style="font-family:Calibri;"> This release to PsExec, a command-line remote execution utility, fixes a bug in the implementation of the -s (execute as local system) option on Windows Server 2003. </SPAN> </SPAN> </P> <BR /> <P> <SPAN style="font-size:small;"> <SPAN style="font-family:Calibri;"> <A href="#" title="Sigcheck v2.1" target="_blank"> Sigcheck v2.1 </A> : </SPAN> <SPAN style="font-family:Calibri;"> This update to Sigcheck, a command-line utility that shows file version and digital signature information, now reports a file’s entropy (average bits/byte required to encode its data), can dump information about catalog files including the hashes they store, and can list the certificates installed in the per-user and machine certificate store. </SPAN> </SPAN> </P> <BR /> <P> <SPAN style="font-family:Calibri;font-size:small;"> <A href="#" title="VMMap v3.12" target="_blank"> VMMap v3.12 </A> : </SPAN> <SPAN style="font-family:Calibri;"> <SPAN style="font-size:medium;"> <SPAN style="font-size:small;"> This release of VMMap, a tool for analyzing process virtual and physical memory usage, fixes a bug affecting queries of files stored on file shares, fixes a bug in copy-to-clipboard of 64-bit addresses, now reports an error when attempting to open stacks on loaded traces, and fixes a bug in the reserved memory working set calculation. </SPAN> </SPAN> </SPAN> </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:26 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-accesschk-v5-2-psexec-v2-11-sigcheck-v2-1-vmmap-v3-12/ba-p/726017 MarkRussinovich 2019-06-27T19:02:26Z Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-02-process-monitor-v3-1-psexec-v2-1/ba-p/726016 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Mar 07, 2014 </STRONG> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.02 </A> : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. </P> <BR /> <P> <A href="#" target="_blank"> Process Monitor v.3.1 </A> : This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor apply the current filter to the output file as it saves it. </P> <BR /> <P> <A href="#" target="_blank"> PSExec v2.1 </A> : This update to PsExec, a command-line utility that enables you to execute programs on remote systems without preinstalling an agent, encrypts all communication between local and remote systems, including the transmission of command information such as the user name and password under which the remote program executes. </P> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.03 </A> : This version corrects a bug that caused the output of the –u switch to include signed files, and fixes several other minor bugs. </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:19 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-02-process-monitor-v3-1-psexec-v2-1/ba-p/726016 MarkRussinovich 2019-06-27T19:02:19Z Updates: Process Explorer v16.01, Sigcheck v2.02 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-01-sigcheck-v2-02/ba-p/726015 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 04, 2014 </STRONG> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.0 </A> : This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. </P> <BR /> <P> <A href="#" target="_blank"> Sigcheck 2.02 </A> : This release fixes a bug that caused the –u switch to filter results incorrectly. </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:13 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-01-sigcheck-v2-02/ba-p/726015 MarkRussinovich 2019-06-27T19:02:13Z Updates: Process Explorer v16.0, PsPing v2.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-0-psping-v2-01/ba-p/726014 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 29, 2014 </STRONG> <BR /> <P> <A href="#" target="_blank"> Process Explorer v16.0 </A> : Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning. </P> <BR /> <P> <A href="#" target="_blank"> PsPing v2.01 </A> : This minor update improves the usage help text. </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:07 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-process-explorer-v16-0-psping-v2-01/ba-p/726014 MarkRussinovich 2019-06-27T19:02:07Z Updates: Disk2vhd v2.01, PsPing v2.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-disk2vhd-v2-01-psping-v2-0/ba-p/726013 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 21, 2014 </STRONG> <BR /> <P> <A href="#" target="_blank"> Disk2vhd v2.01 </A> : This update fixes a bug that could result in Disk2vhd crashing when converting to VHDX format and adds a command-line switch, -c, to have Disk2vhd use online copy instead of Volume Shadow Copy. </P> <BR /> <P> <A href="#" target="_blank"> PsPing v2.0 </A> : This is a major release to PsPing, a command-line utility that tests network bandwidth and latency. Version 2.0 adds UDP latency and bandwidth testing, support for timed tests, introduces custom histogram support, has an option for automatically opening Windows firewall ports during execution, and includes usability enhancements. </P> </BODY></HTML> Thu, 27 Jun 2019 19:02:01 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-disk2vhd-v2-01-psping-v2-0/ba-p/726013 MarkRussinovich 2019-06-27T19:02:01Z Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-coreinfo-v3-21-disk2vhd-v2-0-livekd-v5-31/ba-p/726012 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 19, 2013 </STRONG> <BR /> <P> <A href="#" target="_blank"> Coreinfo v3.21 </A> : CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting. </P> <BR /> <P> <A href="#" target="_blank"> Disk2vhd v2.0 </A> : Disk2vhd, a utility for performing physical-to-virtual conversion of Windows systems, adds support for VHDX-formatted VHDs (thanks to Brendan Gruber for contributions), now supports WinRE volumes, can capture removable media, and includes an option to capture live volumes instead of relying on volume shadow copy (VSS). </P> <BR /> <P> <A href="#" target="_blank"> LiveKd v5.31 </A> : LiveKd is a utility for performing live kernel debugging of native systems and virtual machines from the host operating system. This release fixes a debugger help library search bug and fixes a bug in Windows 8/Windows Server 2012 mirror dump support. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:55 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-coreinfo-v3-21-disk2vhd-v2-0-livekd-v5-31/ba-p/726012 MarkRussinovich 2019-06-27T19:01:55Z Updates: RAMMap v1.32, Sigcheck v2.01 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-rammap-v1-32-sigcheck-v2-01/ba-p/726011 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Nov 01, 2013 </STRONG> <BR /> <P> <A href="#" target="_blank"> RAMMap v1.32 </A> : This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. </P> <BR /> <P> <A href="#" target="_blank"> Sigcheck v2.01 </A> : This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:48 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-rammap-v1-32-sigcheck-v2-01/ba-p/726011 MarkRussinovich 2019-06-27T19:01:48Z Update: RAMMap v1.31 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-rammap-v1-31/ba-p/726010 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 28, 2013 </STRONG> <BR /> <P> <A href="#" target="_blank"> RAMMap v1.31 </A> : This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:42 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-rammap-v1-31/ba-p/726010 MarkRussinovich 2019-06-27T19:01:42Z Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-psexec-v2-0-rammap-v1-3-sigcheck-v2-0/ba-p/726008 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 23, 2013 </STRONG> <BR /> <P> <A href="#" title="PsExec v2.0" target="_blank"> PsExec v2.0 </A> : PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service. </P> <BR /> <P> <A href="#" title="RAMMap v1.3" target="_blank"> RAMMap v1.3 </A> : RAMMap, a graphical utility that provides a comprehensive breakdown of physical memory usage by usage type and process, is updated to work on Windows 8.1. </P> <BR /> <P> <A href="#" title="Sigcheck v2.0" target="_blank"> Sigcheck v2.0 </A> : This major update to Sigcheck, a command-line file version and digital signature verification utility, adds integration with the <A href="#" target="_blank"> VirusTotal </A> antivirus scanner aggregation service. Sigcheck can now check the status of a file against over 40 antivirus engines and launch the associated online VirusTotal report, and even upload files for scanning that have not already been scanned by VirusTotal. This release also reports the machine type of executable images, whether 16-, 32-, or 64-bit. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:35 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-psexec-v2-0-rammap-v1-3-sigcheck-v2-0/ba-p/726008 MarkRussinovich 2019-06-27T19:01:35Z Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v11-70-bginfo-v4-20-disk2vhd-v1-64-process-explorer-v15/ba-p/726007 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Aug 01, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns V11.70" target="_blank"> Autoruns v11.70 </A> : This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that <BR /> Autoruns is running under. </P> <BR /> <P> <A href="#" title="Bginfo v4.20" target="_blank"> Bginfo v4.20 </A> : BgInfo, a utility that creates custom desktop backgrounds that display system information, now correctly reports version information for Windows 8.1 and Windows Server 2012 R2. </P> <BR /> <P> <A href="#" title="Disk2vhd v1.64" target="_blank"> Disk2vhd v1.64 </A> : This update to Disk2Vhd, a tool for converting physical system disks to VHDs for use by virtual machines, now supports disk sizes of up to 2 TB. </P> <BR /> <P> <A href="#" title="Process Explorer v15.40" target="_blank"> Process Explorer v15.40 </A> :&nbsp;Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a <BR /> process view column that shows process DPI awareness support on Windows 8.1 systems. </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:29 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/autoruns-v11-70-bginfo-v4-20-disk2vhd-v1-64-process-explorer-v15/ba-p/726007 MarkRussinovich 2019-06-27T19:01:29Z Update: Autoruns v11.62 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v11-62/ba-p/726006 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jul 01, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns v11.62" target="_blank"> Autoruns v11.62 </A> : This release fixes a bug in version 11.61’s jump-to-image functionality. </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:22 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v11-62/ba-p/726006 MarkRussinovich 2019-06-27T19:01:22Z Updates: Mark's TechEd Sessions, Autoruns v11.61, Strings v2.52, ZoomIt v4.5 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-mark-s-teched-sessions-autoruns-v11-61-strings-v2-52/ba-p/726005 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jun 20, 2013 </STRONG> <BR /> <P> <A href="#" title="Mark&amp;rsquo;s TechEd Session&amp;rsquo;s Available On-Demand" target="_blank"> Mark’s TechEd Sessions Available On-Demand </A> :&nbsp; Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations. </P> <BR /> <P> <A href="#" title="Autoruns v11.61" target="_blank"> Autoruns&nbsp;v11.61 </A> :&nbsp; Autoruns is a utility for managing autostarting applications, DLLs and services.&nbsp; This update adds more autostart locations, fixes a bug that could cause a crash when Autorunsc is directed to calculate file hashes, and fixes a bug in Autoruns’ jump-to-image functionality on 64-bit Windows. </P> <BR /> <P> <A href="#" title="Strings v2.52" target="_blank"> Strings v2.52 </A> :&nbsp; This release fixes a bug that prevented the previous one from running on Windows XP. </P> <BR /> <P> <A href="#" title="Zoomit v4.5" target="_blank"> Zoomit v4.5 </A> :&nbsp; Zoomit is a screen zooming and annotation tool for technical presentations. This release introduces better support for zooming in on Windows 8 Windows Store applications. </P> <BR /> <P> </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:16 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-mark-s-teched-sessions-autoruns-v11-61-strings-v2-52/ba-p/726005 MarkRussinovich 2019-06-27T19:01:16Z Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-6-procexp-v15-31-procmon-v3-05-sigcheck-v1/ba-p/726004 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jun 04, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns v11.6" target="_blank"> Autoruns v11.6 </A> : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points.&nbsp; This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. </P> <BR /> <P> <A href="#" title="Sigcheck v1.92" target="_blank"> Sigcheck v1.92 </A> : Sigcheck is a command-line utility for reporting image version and signature information.&nbsp; With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker. </P> <BR /> <P> <A href="#" title="Process Explorer v15.31" target="_blank"> Process Explorer&nbsp;v15.31 </A> : Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view. </P> <BR /> <P> <A href="#" title="Process Monitor v3.05" target="_blank"> Process Monitor v3.05 </A> : Process Monitor is a powerful file, registry, process, thread and network monitoring tool.&nbsp; This update adds a context-menu entry that opens the filter edit dialog with contents prepopulated with the specified row and column value. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:09 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-6-procexp-v15-31-procmon-v3-05-sigcheck-v1/ba-p/726004 MarkRussinovich 2019-06-27T19:01:09Z Updates: Accesschk v5.11, Procdump v6.0, RAMMap v1.22, Strings v2.51 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51/ba-p/726003 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on May 17, 2013 </STRONG> <BR /> <P> <A href="#" title="AccessChk v5.11" target="_blank"> AccessChk v5.11 </A> : AccessChk, a command line utility for <BR /> dumping the effective permissions and security descriptors for files, registry <BR /> keys, processes, tokens, object manager objects, now prefixes Windows 8 <BR /> application container SIDs with the word “Package”, and includes several minor <BR /> bug fixes. </P> <BR /> <P> <A href="#" title="Procdump v6.0" target="_blank"> Procdump v6.0 </A> : Procdump is an advanced utility for <BR /> capturing process memory dumps based on a variety of triggers including CPU <BR /> usage, memory usage, performance counter values, and exceptions. Version 6.0 is <BR /> a major upgrade that adds the ability to specify multiple filters, attach to a <BR /> process by service name, and display/filter on the message text of a CLR or <BR /> JScript exception. </P> <BR /> <P> <A href="#" title="RAMMap v1.22" target="_blank"> RAMMap v1.22 </A> : RAMMap is a graphic utility that shows <BR /> the breakdown of physical memory usage across different dimensions. This <BR /> release fixes a bug that could cause a crash when accessing the cached files <BR /> page when a cached file’s name exceeded a certain length. </P> <BR /> <P> <A href="#" title="Strings v2.51" target="_blank"> Strings v2.51 </A> : This update to Strings, a command-line <BR /> utility that prints a file’s embedded Unicode and ASCII strings, fixes a signed <BR /> file offset printing bug. </P> </BODY></HTML> Thu, 27 Jun 2019 19:01:03 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51/ba-p/726003 MarkRussinovich 2019-06-27T19:01:03Z Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-5-du-disk-usage-v1-5-procdump-v5-14-procmon/ba-p/726002 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Mar 27, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns v11.5" target="_blank"> Autoruns v11.5 </A> : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory. </P> <BR /> <P> <A href="#" title="Disk Usage (Du) v1.5" target="_blank"> Disk Usage (Du) v1.5 </A> : Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited. </P> <BR /> <P> <A href="#" title="ProcDump v5.14" target="_blank"> ProcDump v5.14 </A> : This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified. </P> <BR /> <P> <A href="#" title="Process Monitor v3.04" target="_blank"> Process Monitor v3.04 </A> : Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling. </P> <BR /> <P> <A href="#" title="Registry Usage (RU) v1.0" target="_blank"> Registry Usage (RU) v1.0 </A> : Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:55 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-5-du-disk-usage-v1-5-procdump-v5-14-procmon/ba-p/726002 MarkRussinovich 2019-06-27T19:00:55Z Updates: Pendmoves v1.2, Process Explorer v15.3, Sigcheck v1.91, Zoomit v4.42 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-pendmoves-v1-2-process-explorer-v15-3-sigcheck-v1-91/ba-p/726001 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Feb 04, 2013 </STRONG> <BR /> <P> <A href="#" title="Pendmoves v1.2" target="_blank"> Pendmoves v1.2 </A> : This update to Pendmoves adds support for 64-bit directories. </P> <BR /> <P> <A href="#" title="Process Explorer v15.3" target="_blank"> Process Explorer v15.3 </A> : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups&nbsp;in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting. </P> <BR /> <P> <A href="#" title="Sigcheck v1.91" target="_blank"> Sigcheck v1.91 </A> : This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner. </P> <BR /> <P> <A href="#" title="Zoomit v4.42" target="_blank"> Zoomit v4.42 </A> : Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:48 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-pendmoves-v1-2-process-explorer-v15-3-sigcheck-v1-91/ba-p/726001 MarkRussinovich 2019-06-27T19:00:48Z Update: Autoruns v11.42 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v11-42/ba-p/726000 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 30, 2013 </STRONG> <BR /> <P> <SPAN style="line-height: 115%; font-family: 'Calibri','sans-serif'; font-size: 11pt; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA; mso-ascii-theme-font: minor-latin; mso-fareast-theme-font: minor-fareast; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor-bidi;"> <A href="#" title="Autoruns v11.42" target="_blank"> Autoruns v11.42 </A> : This release fixes a bug in the parsing of network file paths introduced in v11.41. </SPAN> </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:41 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-autoruns-v11-42/ba-p/726000 MarkRussinovich 2019-06-27T19:00:41Z Updates: Autoruns v11.41, Handle v3.51, Movefile v1.01, Procdump v5.13, Sigcheck v1.9 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-41-handle-v3-51-movefile-v1-01-procdump-v5/ba-p/725999 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 24, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns v11.41" target="_blank"> Autoruns v11.41 </A> : This Autoruns update reports the hosting image target of link shortcut references. </P> <BR /> <P> <A href="#" title="Handle v3.51" target="_blank"> Handle v3.51 </A> : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting. </P> <BR /> <P> <A href="#" title="Movefile v1.01" target="_blank"> Movefile v1.01 </A> : Movefile, a utility for scheduling file delete and rename operations for when the system reboots, now correctly handles 64-bit system paths. </P> <BR /> <P> <A href="#" title="Procdump v5.13" target="_blank"> Procdump v5.13 </A> : This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value. </P> <BR /> <P> <A href="#" title="Sigcheck v1.9" target="_blank"> Sigcheck v1.9 </A> : Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:35 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-41-handle-v3-51-movefile-v1-01-procdump-v5/ba-p/725999 MarkRussinovich 2019-06-27T19:00:35Z Updates: Autoruns v11.4, ProcDump v5.12, SDelete v1.61 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-4-procdump-v5-12-sdelete-v1-61/ba-p/725997 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Jan 10, 2013 </STRONG> <BR /> <P> <A href="#" title="Autoruns v11.4" target="_blank"> Autoruns v11.4 </A> : Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. </P> <BR /> <P> <A href="#" title="Procdump v5.12" target="_blank"> Procdump v5.12 </A> : This Procdump update fixes a bug introduced in v5.11 where it doesn’t save information required by the !runaway debugger command. </P> <BR /> <P> <A href="#" title="SDelete v1.61" target="_blank"> SDelete v1.61 </A> : SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:28 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-autoruns-v11-4-procdump-v5-12-sdelete-v1-61/ba-p/725997 MarkRussinovich 2019-06-27T19:00:28Z Update: ZoomIt v4.41 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-zoomit-v4-41/ba-p/725996 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 06, 2012 </STRONG> <BR /> <P> <A href="#" title="ZoomIt v4.41" target="_blank"> ZoomIt v4.41 </A> : This update fixes a bug in ZoomIt v4.4 that prevented it from running on 32-bit Windows XP. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:21 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/update-zoomit-v4-41/ba-p/725996 MarkRussinovich 2019-06-27T19:00:21Z Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-debugview-v4-81-procdump-v5-11-zoomit-v4-4/ba-p/725995 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Dec 04, 2012 </STRONG> <BR /> <P> <A href="#" title="DebugView v4.81" target="_blank"> DebugView v4.81 </A> : Version 4.81 of DebugView, a utility that logs user and kernel-mode <BR /> debug output messages, &nbsp;fixes a bug that could cause it on some executions <BR /> to fail to capture debug output and enter a CPU-bound loop. </P> <BR /> <P> <A href="#" title="ProcDump v5.11" target="_blank"> ProcDump v5.11 </A> : This release of ProcDump fixes a bug introduced in version 5.1 that <BR /> prevented it from working on 32-bit Windows XP. </P> <BR /> <P> <A href="#" title="ZoomIt v4.4" target="_blank"> ZoomIt v4.4 </A> : This update to ZoomIt, a screen magnification and annotation utility, includes <BR /> smoother zooming behavior, adds the ability to specify the initial zoom level, <BR /> and maintains the window focus when initiating live zooming. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:15 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-debugview-v4-81-procdump-v5-11-zoomit-v4-4/ba-p/725995 MarkRussinovich 2019-06-27T19:00:15Z Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1/ba-p/725994 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Nov 16, 2012 </STRONG> <BR /> <P> <A href="#" title="AdExplorer v1.44" target="_blank"> AdExplorer v1.44 </A> : This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas. </P> <BR /> <P> <A href="#" title="Contig v1.7" target="_blank"> Contig v1.7 </A> : Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that enables creation of contiguous files larger than 8GB, and adds support for setting the valid data length on files to avoid zero-fill overhead. </P> <BR /> <P> <A href="#" title="Coreinfo v3.2" target="_blank"> Coreinfo v3.2 </A> : Coreinfo, a command-line utility that dumps processor topology and feature support, now reports the presence of many additional features, including SMAP, RDSEED, BMI1, ADX, HLE, RTM, and INVPCID. </P> <BR /> <P> <A href="#" title="Procdump v5.1" target="_blank"> Procdump v5.1 </A> : This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:08 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1/ba-p/725994 MarkRussinovich 2019-06-27T19:00:08Z Updates: Coreinfo v3.1, Desktops v2.0, Livekd v5.3, PsPasswd v1.23, Testlimit v5.22, Whois v1.11 https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-coreinfo-v3-1-desktops-v2-0-livekd-v5-3-pspasswd-v1-23/ba-p/725993 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 19, 2012 </STRONG> <BR /> <P> <A href="#" title="Coreinfo v3.1" target="_blank"> Coreinfo v3.1 </A> : This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep. </P> <BR /> <P> <A href="#" title="Desktops v2.0" target="_blank"> Desktops v2.0 </A> : Desktops, a virtual desktop utility for Windows that lets you create up to three additional workspaces, is now compatible with Windows 8, properly supporting Winkey hotkey sequences (like Winkey+R to bring up the Run dialog) on alternate desktops and switching back to the primary desktop’s start screen when you hit Winkey. </P> <BR /> <P> <A href="#" title="Livekd v5.3" target="_blank"> Livekd v5.3 </A> : LiveKd, a command-line utility that enables you to use the Windows kernel debuggers to examine live systems as well as virtual machines, now support Windows 8. </P> <BR /> <P> <A href="#" title="PsPasswd v1.23" target="_blank"> PsPasswd v1.23 </A> : PsPasswd, a Pstools utility for remoting changing local machine passwords, now includes support for changing domain account passwords. </P> <BR /> <P> <A href="#" title="Testlimit v5.22" target="_blank"> Testlimit v5.22 </A> : This release of TestLimit, an educational tool for testing the way Windows handles exhaustion of various resource types such as system commit, fixes an output formatting bug that could have it report KB instead of MB. </P> <BR /> <P> <A href="#" title="Whois v1.11" target="_blank"> Whois v1.11 </A> : Whois v1.11, a tool for looking up domain name registration information, includes bug fixes that could cause it to crash if provided with malformed domain name input strings. </P> </BODY></HTML> Thu, 27 Jun 2019 19:00:02 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/updates-coreinfo-v3-1-desktops-v2-0-livekd-v5-3-pspasswd-v1-23/ba-p/725993 MarkRussinovich 2019-06-27T19:00:02Z Windows Internals 6th Edition Part 2 Published, and Mark Talks Sysinternals History on Defrag Tools https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/windows-internals-6th-edition-part-2-published-and-mark-talks/ba-p/725992 <HTML> <HEAD></HEAD><BODY> <STRONG> First published on TechNet on Oct 05, 2012 </STRONG> <BR /> <P> <A href="#" title="Windows Internals 6th Edition, Part 2 Published" target="_blank"> Windows Internals 6th Edition, Part 2 Published </A> : Part 2 of Windows Internals 6th Edition, is now available. The 6th edition covers kernel and system changes in Windows 7 and Windows Server 2008 R2 and adds 250 pages of expanded feature coverage and hand-on experiments. </P> <BR /> <P> <A href="#" title="Mark Talks Sysinternals History on Defrag Tools" target="_blank"> Mark Talks Sysinternals History on Defrag Tools </A> : Defrag Tools, a Channel 9 series that features diagnostic and troubleshooting utilities including Sysinternals tools, invited Mark on to talk about how Sysinternals started, the evolution of the tools and how Mark decides when to add features and write new tools. </P> </BODY></HTML> Thu, 27 Jun 2019 18:59:56 GMT https://gorovian.000webhostapp.com/?exam=t5/sysinternals-blog/windows-internals-6th-edition-part-2-published-and-mark-talks/ba-p/725992 MarkRussinovich 2019-06-27T18:59:56Z