TCPView v4.0, PsExec v2.33, WinObj v3.02 and Sysmon v13.02

Published Mar 23 2021 12:25 PM 15.3K Views
Microsoft

TCPView v4.0

This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
 

PsExec v2.33

This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
 

WinObj v3.02

This WinObj release fixes a bug that could cause it to crash.
 

Sysmon v13.02

This Sysmon update fixes a crash that could be caused by file deletion events, fixes the "is any" rule predicate, and adds several configuration parsing performance improvements.
 
7 Comments
Senior Member

Great improvement for a very useful tool. Thank you.

Occasional Visitor

tcpview suggestions:

 

  • "show unconnected" toggle from 3.x
  • column to show incoming vs outgoing tcp connection
  • highlighting (background color) of established tcp connections
    • different colors for incoming and outgoing
  • column reordering
  • minimize to tray

thanks

Regular Visitor

It seems the latest download from https://download.sysinternals.com/files/SysinternalsSuite.zip (published "March 23, 2021") contains two files named "Tcpview.exe" and "tcpview.exe". "tcpview.exe" appears to be the current version 4.0, while "Tcpview.exe" is the older version 3.5, which was built in 2011 according to its file properties.

Occasional Visitor

Bug:

TCPview 4.0 crashes when you only have TCP v4 selected and switch that off.

It does that too with TCP v6, only after some time.

 

Thanks

Senior Member

Any way to optimize ImageLoad events?  This really kills performance but it is a best practice recommendation from most security team guidance.  For example, https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml configuration has this enabled but decreases any server performance between 15-40% at any given time. 

 

Is there any hope to see an open source version that the community can hope to optimize?

 

Thanks!

 

Occasional Visitor

Can you please fix Process Explorer? Status bar displays "paused" when we press pause sometimes twice, sometimes in place of physical RAM or other value, sometimes not at all, so difficult to know if that task manager is paused. Also can you add feature so that it automatically pauses when in background or minimized, so it uses less CPU? So I want you to fix status bar, where various values disappear, or appear or get corrupted, and ability for auto pause, hope you understand.

Senior Member

Mark thanks for the update to TCPView

%3CLINGO-SUB%20id%3D%22lingo-sub-2230549%22%20slang%3D%22en-US%22%3ETCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2230549%22%20slang%3D%22en-US%22%3E%3CDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Ftcpview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ETCPView%20v4.0%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20major%20update%20to%20TCPView%20adds%20flexible%20filtering%2C%20support%20for%20searching%2C%20and%20now%20shows%20the%20Windows%20service%20that%20owns%20an%20endpoint.%20It%20is%20also%20the%20second%20Sysinternals%20tool%20to%20feature%20the%20new%20theme%20engine%20with%20dark%20mode.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fpsexec%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EPsExec%20v2.33%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20update%20to%20PsExec%20mitigates%20named%20pipe%20squatting%20attacks%20that%20can%20be%20leveraged%20by%20an%20attacker%20to%20intercept%20credentials%20or%20elevate%20to%20System%20privilege.%20the%20-i%20command%20line%20switch%20is%20now%20necessary%20for%20running%20processes%20interactively%2C%20for%20example%20with%20redirected%20IO.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fwinobj%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EWinObj%20v3.02%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20WinObj%20release%20fixes%20a%20bug%20that%20could%20cause%20it%20to%20crash.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fsysmon%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ESysmon%20v13.02%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20Sysmon%20update%20fixes%20a%20crash%20that%20could%20be%20caused%20by%20file%20deletion%20events%2C%20fixes%20the%20%22is%20any%22%20rule%20predicate%2C%20and%20adds%20several%20configuration%20parsing%20performance%20improvements.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2230549%22%20slang%3D%22en-US%22%3E%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3ELearn%26nbsp%3Babout%26nbsp%3Bthe%26nbsp%3Blatest%26nbsp%3Bupdates%26nbsp%3Bto%26nbsp%3BTCPView%26nbsp%3Bv4.0%2C%26nbsp%3BPsExec%26nbsp%3Bv2.33%2C%26nbsp%3BWinObj%26nbsp%3Bv3.02%26nbsp%3Band%26nbsp%3BSysmon%26nbsp%3Bv13.02%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2230549%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ERelease%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2231123%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2231123%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EGreat%20improvement%20for%20a%20very%20useful%20tool.%20Thank%20you.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2236896%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2236896%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20seems%20the%20latest%20download%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdownload.sysinternals.com%2Ffiles%2FSysinternalsSuite.zip%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdownload.sysinternals.com%2Ffiles%2FSysinternalsSuite.zip%3C%2FA%3E%20(published%20%22March%2023%2C%202021%22)%20contains%20two%20files%20named%20%22Tcpview.exe%22%20and%20%22tcpview.exe%22.%20%22tcpview.exe%22%20appears%20to%20be%20the%20current%20version%204.0%2C%20while%20%22Tcpview.exe%22%20is%20the%20older%20version%203.5%2C%20which%20was%26nbsp%3Bbuilt%20in%202011%20according%20to%20its%20file%20properties.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2233985%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2233985%22%20slang%3D%22en-US%22%3E%3CP%3Etcpview%20suggestions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%22show%20unconnected%22%20toggle%20from%203.x%3C%2FLI%3E%3CLI%3Ecolumn%20to%20show%20incoming%20vs%20outgoing%20tcp%20connection%3C%2FLI%3E%3CLI%3Ehighlighting%20(background%20color)%20of%20established%20tcp%20connections%3CBR%20%2F%3E%3CUL%3E%3CLI%3Edifferent%20colors%20for%20incoming%20and%20outgoing%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3Ecolumn%20reordering%3C%2FLI%3E%3CLI%3Eminimize%20to%20tray%3C%2FLI%3E%3C%2FUL%3E%3CP%3Ethanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246808%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246808%22%20slang%3D%22en-US%22%3E%3CP%3EBug%3A%3C%2FP%3E%3CP%3ETCPview%204.0%20crashes%20when%20you%20only%20have%20TCP%20v4%20selected%20and%20switch%20that%20off.%3C%2FP%3E%3CP%3EIt%20does%20that%20too%20with%20TCP%20v6%2C%20only%20after%20some%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2248211%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2248211%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20way%20to%20optimize%20ImageLoad%20events%3F%26nbsp%3B%20This%20really%20kills%20performance%20but%20it%20is%20a%20best%20practice%20recommendation%20from%20most%20security%20team%20guidance.%26nbsp%3B%20For%20example%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSwiftOnSecurity%2Fsysmon-config%2Fblob%2Fmaster%2Fsysmonconfig-export.xml%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSwiftOnSecurity%2Fsysmon-config%2Fblob%2Fmaster%2Fsysmonconfig-export.xml%3C%2FA%3E%26nbsp%3Bconfiguration%20has%20this%20enabled%20but%20decreases%20any%20server%20performance%20between%2015-40%25%20at%20any%20given%20time.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20hope%20to%20see%20an%20open%20source%20version%20that%20the%20community%20can%20hope%20to%20optimize%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2254000%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2254000%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20please%20fix%20Process%20Explorer%3F%20Status%20bar%20displays%20%22paused%22%20when%20we%20press%20pause%20sometimes%20twice%2C%20sometimes%20in%20place%20of%20physical%20RAM%20or%20other%20value%2C%20sometimes%20not%20at%20all%2C%20so%20difficult%20to%20know%20if%20that%20task%20manager%20is%20paused.%20Also%20can%20you%20add%20feature%20so%20that%20it%20automatically%20pauses%20when%20in%20background%20or%20minimized%2C%20so%20it%20uses%20less%20CPU%3F%20So%20I%20want%20you%20to%20fix%20status%20bar%2C%20where%20various%20values%20disappear%2C%20or%20appear%20or%20get%20corrupted%2C%20and%20ability%20for%20auto%20pause%2C%20hope%20you%20understand.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2258130%22%20slang%3D%22en-US%22%3ERe%3A%20TCPView%20v4.0%2C%20PsExec%20v2.33%2C%20WinObj%20v3.02%20and%20Sysmon%20v13.02%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2258130%22%20slang%3D%22en-US%22%3E%3CP%3EMark%20thanks%20for%20the%20update%20to%20TCPView%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Mar 23 2021 12:25 PM
Updated by:
www.000webhost.com