Sysmon v11.0, LiveKD v5.63, Process Explorer v16.32, Coreinfo v3.5

Published Apr 28 2020 12:45 PM 5,043 Views
Microsoft
Sysmon v11.0
This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.
 
LiveKD v5.63
This update fixes a regression with enumerating and dumping Hyper-V partitions on recent versions of Windows 10.
 
Coreinvo v3.5
This release of Coreinfo, a tool that shows system CPU, memory and cache topology and information, now reports the status of restricted guest virtualization on Intel platforms.
 
Process Explorer v16.32
This update resolves an issue where the application icon in the tree view was displayed incorrectly.
4 Comments
Senior Member

I am always happy to see an update for Process Explorer... which is the SysInternals tool I use most often..

Occasional Visitor

It would be great if Process Explorer could show historical charts - it is a great monitoring tool.

Unfortunately, charts are only limited to the width of popup window.

Visitor

A very helpful feature would be to put a searchbox above the process list in Process Explorer.  The Find menu item is only for finding DLLs or handle names; sometimes I want to filter to "w3wp.exe" processes, or just find a particular Title.  For now I get around it by sorting by that column and scrolling, but on some busy servers that's tedious.

Occasional Visitor

I second @RossPresser wish. Ideally, Process Explorer would adopt the highly advanced filtering mechanism from Process Monitor.

%3CLINGO-SUB%20id%3D%22lingo-sub-1345512%22%20slang%3D%22en-US%22%3ERe%3A%20Sysmon%20v11.0%2C%20LiveKD%20v5.63%2C%20Process%20Explorer%20v16.32%2C%20Coreinfo%20v3.5%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345512%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20always%20happy%20to%20see%20an%20update%20for%20%3CSPAN%3EProcess%20Explorer%3C%2FSPAN%3E...%20which%20is%20the%20SysInternals%20tool%20I%20use%20most%20often..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345153%22%20slang%3D%22en-US%22%3ESysmon%20v11.0%2C%20LiveKD%20v5.63%2C%20Process%20Explorer%20v16.32%2C%20Coreinfo%20v3.5%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345153%22%20slang%3D%22en-US%22%3ESysmon%26nbsp%3Bv11.0%20This%20major%20update%20to%20Sysmon%20includes%20file%20delete%20monitoring%20and%20archive%20to%20help%20responders%20capture%20attacker%20tools%2C%20adds%20an%20option%20to%20disable%20reverse%20DNS%20lookup%2C%20replaces%20empty%20fields%20with%20%E2%80%98-%E2%80%98%20to%20work%20around%20a%20WEF%20bug%2C%20fixes%20an%20issue%20that%20caused%20some%20ProcessAccess%20events%20to%20drop%2C%20and%20doesn%E2%80%99t%20hash%20main%20data%20streams%20that%20are%20marked%20as%20being%20stored%20in%20the%20cloud.%20%26nbsp%3B%20LiveKD%20v5.63%3CBR%20%2F%3EThis%20update%20fixes%20a%20regression%20with%20enumerating%20and%20dumping%20Hyper-V%20partitions%20on%20recent%20versions%20of%20Windows%2010.%20%26nbsp%3B%20Coreinvo%20v3.5%3CBR%20%2F%3EThis%20release%20of%20Coreinfo%2C%20a%20tool%20that%20shows%20system%20CPU%2C%20memory%20and%20cache%20topology%20and%20information%2C%20now%20reports%20the%20status%20of%20restricted%20guest%20virtualization%20on%20Intel%20platforms.%20%26nbsp%3B%20Process%20Explorer%20v16.32%3CBR%20%2F%3EThis%20update%20resolves%20an%20issue%20where%20the%20application%20icon%20in%20the%20tree%20view%20was%20displayed%20incorrectly.%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1345153%22%20slang%3D%22en-US%22%3E%3CP%3ELearn%20about%20the%20latest%20changes%20to%20Sysmon%20(v11.0)%2C%20LiveKD%20(v5.63)%2C%20Process%20Explorer%20(v16.32)%20and%20Coreinfo%20(v3.5)%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1458410%22%20slang%3D%22en-US%22%3ERe%3A%20Sysmon%20v11.0%2C%20LiveKD%20v5.63%2C%20Process%20Explorer%20v16.32%2C%20Coreinfo%20v3.5%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458410%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20would%20be%20great%20if%20Process%20Explorer%20could%20show%20historical%20charts%20-%20it%20is%20a%20great%20monitoring%20tool.%3C%2FP%3E%3CP%3EUnfortunately%2C%20charts%20are%20only%20limited%20to%20the%20width%20of%20popup%20window.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Apr 28 2020 12:45 PM
Updated by:
www.000webhost.com