News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Sysinternals Suite Update

    Home » Forums » Tools » Sysinternals Suite Update

    Author
    Topic
    #115784

    Sysinternals has been updated as follows:

    ProcDump v9

    This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.

    Autoruns v13.71

    This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images.

    BgInfo v4.22

    This release of Bginfo honors applocker policy for VB scripts specified as the source of field data.

    LiveKd v5.62

    This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store.

    Process Monitor v3.33

    Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store.

    Process Explorer v16.21

    This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate.

    https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

    9 users thanked author for this post.
    Viewing 43 reply threads
    Author
    Replies
    • #205886

      I use this tool frequently. psexec is the one I use the most, very handy for deploying scripts,  commands, and some basic installs , to remote machines.

      Group A | Windows 7 Pro 64-bit | Windows 10 Pro 1809 64-bit
    • #240507

      Latest update December 9, 2018

      Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version.
      Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen.
      ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen.
      Sdelete 2.02 SDelete now includes a progress filter that reports progress for the disk cleaning phase that purges MFT resident files.
      Sigcheck 2.71 This release fixes a crash when attempting to scan small files (< 512 bytes) and resolves issue with incorrect timestamp being reported.
      Sysmon 8.2 This Sysmon release fixes several filtering bugs, resolves a handle leak and high CPU usage for certain filters when on Windows 7 and Windows Server 2008, and fixes a bug that could cause the service process to crash.
      VMMap 3.25 This VMMap update fixes a bug that prevented profiling a 32-bit application on a 64-bit OS.

       

       

      --Joe

    • #244327

      Sysmon 8.04 released December 18, 2018

      What’s New (December 18, 2018)

      Reverted the filtering change made in 8.02 as this broke a number of configuration files. We are planning to revisit and enhance the filtering in the new year

      Fixed BSOD in legacy named pipe filter used on Windows 7 and earlier

      Fixed kernel memory leak that occurred when the configuration is reloaded

      --Joe

      1 user thanked author for this post.
    • #329636

      Updates released 2019/02/18

      Sysmon 9.0
      Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification.

       

      Autoruns 13.94
      This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and cmd.exe. 

       

      --Joe

      1 user thanked author for this post.
    • #349100

      Released 2019/03/05
      Sigcheck 2.72
      PsLogList 2.81

      Released 2019/03/11
      Sysmon 9.1

      Released 2019/03/16
      BgInfo 4.26

      Released 2019/03/24
      ProcMon 3.52

      Released 2019/04/04
      RAMMap 1.52

      --Joe

      1 user thanked author for this post.
    • #1628256

      Released 2019/04/23

      Dbgview 4.90

      --Joe

    • #1841386

      From Sysinternals blog 2019-06-12:

      Sysmon 10.0
      This release of Sysmon adds DNS query logging, reports OriginalFileName in process create and load image events, adds ImageName to named pipe events, logs pico process creates and terminates, and fixes several bugs.

      Autoruns 13.95
      This Autoruns update adds support for user Shell folders redirections.

      VMMap 3.26
      This update to VMMap, a tool for looking at the virtual and physical memory usage of a process, fixes a bug in 64-bit CLR heap reporting.

      --Joe

    • #1844752

      From the Sysinternals blog 2019-06-15

      Handle v4.22
      This release of Handle fixes a race condition in the driver that could lead to a crash.

      Notmyfault v4.20
      Notmyfaultc now includes a flag that makes it wait until an event named Notmyfault is signaled before proceeding to crash or leak.

      Process Explorer v16.25
      This update to Process Explorer fixes a potential buffer overflow when processing abnormally large environment variable blocks.

      Sysmon v10.01
      This update to Sysmon fixes a memory leak in image load events that v10.0 introduced.

      --Joe

      • This reply was modified 2 years, 4 months ago by joep517. Reason: correct date
    • #1863340

      2019-06-28 Updates:

      RAMMAP 1.52
      PROCEXP 16.26
      AUTORUNS 13.96
      SYSMON 10.0.0.2

      Unfortunately, I can’t find any change descriptions.

      --Joe

      1 user thanked author for this post.
      • #1863429

        Descriptions here (via Günter Born).

        Autoruns v13.96
        This release of Autoruns improves the security of loading system libraries

        Process Explorer v16.26
        This update to Process Explorer fixes a memory leak when showing CPU and/or GPU history graphs, display of overflowing metrics on the process properties tab and improves security of loading system libraries.

        RAMMap v1.52
        The ARM64 version of RAMMap “RAMMap64a.exe” is now included.

        Sysmon v10.2
        This update to Sysmon includes the following fixes:
        Fixed an XML parsing error when there is a comment after a RuleGroup element
        A config dump issue when both include and exclude rules are used
        A BSOD on Windows 7 when using named-pipes

        1 user thanked author for this post.
    • #1956657

      2019-09-05 updates:

      Sysmon v10.4
      This major update to Sysmon, a security event monitoring service, adds nested rule support to rule groups and “contains any” and “contains all” rule conditions for more flexible filtering, as well as several bug fixes.

      Process Explorer v16.30
      This update to Process Explorer adds a Shared Commit column to the process view, fixes a bug that caused it to terminate when it is configured to run at logon and the system went to battery, and fixes bugs that prevented the system CPU graph from correctly showing multiple sockets.

      --Joe

    • #1956663

      2019-06-16 update:

      Sysmon v10.41
      Resolves a config parsing issue with 10.4.

      --Joe

      1 user thanked author for this post.
    • #2019030

      2019-12-11 updates:

      Sysmon v10.42
      This update to Sysmon addresses a number of memory leaks, introduces the “Excludes Any” and “Excludes All” filtering conditions and resolves a number of bugs.

      Zoomit v4.52
      This update to Zoomit resolves a number of dual-monitor related issues.

      Whois v1.21
      This refresh of Whois contains various bug fixes.

      --Joe

      1 user thanked author for this post.
    • #2021474

      2019-12-19 updates:

      Process Monitor v3.53
      This update to Process Monitor includes the following changes:

      Resolves a crash when reloading a saved file
      Fixes issues where profiling events and/or process activity summary stopped working after the GUI is closed and reopened
      Adds file information class for IRP_MN_QUERY_DIRECTORY

      Process Explorer v16.31
      This update to Process Explorer resolves a number of crashes and addresses a GDI exhaustion issue on busy systems.

      --Joe

    • #2297189

      What’s New (September 17, 2020)
      Sysmon v12.0
      In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.

      Process Monitor v3.60
      This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.

      Procdump v10.0
      This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.

      ARM64 ports
      In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

      What’s New (June 24, 2020)
      Sysmon v11.10
      This update to Sysmon now captures stream content for alternate data streams into logged events, which is useful for investigating downloads tagged with ‘Mark of the Web’ (MOTW) streams, introduces an ‘is-any’ filter condition, and fixes several bugs.

      Sigcheck v2.80
      Sigcheck, a flexible tool for showing file versions, file signatures, and certificate stores, introduces a -p option for specifying a trust GUID for signature verification, and it now shows certificate signing chains even when a certificate in the chain is untrusted.

      Sysinternals June 24 Update Video
      Mark Russinovich covers what’s new in this update, with demos of Sysmon’s alternate data stream content capture and new features in Sigcheck.

      What’s New (April 28, 2020)
      Sysmon v11.0
      This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.

      Sysinternals April 27 Update Video
      Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability.

      --Joe

      5 users thanked author for this post.
    • #2304703

      System Internals Updated: October 15, 2020:
      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Sysmon v12.01, VMMap 3.30, RAMMap v1.60, AccessChk v6.13 and DiskView v2.41

      VMMap v3.30
      This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.

      RAMMap
      This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.

      Sysmon v12.01
      Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.

      ARM64 ports
      New ARM64 releases for AccessChk v6.13, DiskView v2.41 and VMMap v3.30. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

      | Quality over Quantity |
    • #2309654

      System Internals Updated: November 4, 2020:
      https://download.sysinternals.com/files/SysinternalsSuite.zip

      AD Explorer v1.50, Disk Usage v1.62, VMMap v3.31 and Sysmon v12.02

      AD Explorer v1.50
      This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the “Compare” dialog and is now available for x64 and ARM64.

      Disk Usage v1.62
      This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.

      VMMap v3.31
      This update to VMMap, a utility that reports the virtual memory layout of a process, fixes a Thread Environment Block bug on Windows 10 systems.

      Sysmon v12.02
      This update to Sysmon fixes several configuration parsing bugs.

      ARM64 ports
      New ARM64 releases for AdExplorer v1.50 and DU v1.62. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

      --Joe

      1 user thanked author for this post.
    • #2315078

      System Internals Suite updated November 25, 2020

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Sysmon v12.03

      This version of Sysmon fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules.

      SDelete v2.04

      This update to SDelete, a command line utility for secure file deletion, provides a new switch, -f, to to avoid file/directory versus drive ambiguity.

      WinObj v2.23

      This update to WinObj, a utility to explore the Windows NT Object Manager’s namespace, brings bug fixes and is now available for x64 and ARM64.

      ARM64 ports

      New ARM64 releases for ADRestore v1.2, LogonSessions v1.41 and WinObj v2.23. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

      --Joe

    • #2330231

      System Internals Suite updated January 11, 2021

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Sysmon v13.00

      This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.

      Process Monitor v3.61

      This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.

      PsExec v2.21

      This update to PsExec, a command line utility for remotely launching processes on Windows computers, removes some MAX_PATH related limits and now mandates the -i flag for interactive sessions.

      --Joe

      2 users thanked author for this post.
    • #2334039

      System Internals Suite updated January 12, 2021

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Sysmon v13.01

      This bugfix update to Sysmon resolves a series of config parsing issues.

      PsExec v2.30

      Previous versions of PsExec are susceptible to a named pipe squatting attack. If a low-privileged attacker creates a named pipe on a server to which a PsExec client connects, they could intercept explicit authentication credentials or sensitive command-line arguments sent by the client. The PsExec client now drops a key into file protected with an administrator-only security descriptor with a name formatted as PSEXEC-.key into the Windows directory on the remote system that the PsExec service uses to authenticate to the client.

      --Joe

      2 users thanked author for this post.
    • #2334851

      System Internals Suite updated January 15, 2021

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      PsExec v2.32

      This update to PsExec fixes a bug where the -r option was not honored.

      --Joe

      3 users thanked author for this post.
    • #2346007

      Updates 2021-02-22

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      What’s New
      WinObj v3.0
      This major update to WinObj adds dynamic updates, quick search, full search, properties for more object types, as well as performance improvements. It’s also the first Sysinternals tool to feature a dark theme.

      Coreinfo v3.52
      This update to CoreInfo adds reporting for CET (shadow stack) support.

      --Joe

      • This reply was modified 7 months, 4 weeks ago by joep517.
      2 users thanked author for this post.
    • #2347467

      Updates 2021-03-01

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      What’s New
      WinObj v3.01

      This minor update to WinObj fixes a crash on exit.

      --Joe

    • #2352682

      Sysinternals Suite 2021.03.23

      Changes in Sysinternals Suite 2021.03.23:

      TCPView v4.0 – This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
      PsExec v2.33 – This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
      WinObj v3.02 – This WinObj release fixes a bug that could cause it to crash.
      Sysmon v13.02 – This Sysmon update fixes a crash that could be caused by file deletion events, fixes the “is any” rule predicate, and adds several configuration parsing performance improvements.

      http://technet.microsoft.com/en-us/sysinternals/bb842062

      1 user thanked author for this post.
    • #2359676

      Sysinternals Suite 2021-04-21

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Procmon v3.70

      This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.

      Sysmon v13.10

      This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn’t archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.

      Autoruns v13.99

      This update to Autoruns fixes a bug that resulted in some empty locations being hidden when the Include Empty Locations option is selected.

      TCPView v4.01

      This update to TCPView refines Quick search to look in IP addresses and ports.

      Theme Engine

      This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TcpView have been updated. Expect more tools using the theme engine in the near future!

      --Joe

    • #2367112

      Sysinternals Suite 2021.05.25

      Changes in Sysinternals Suite 2021.05.25:

      Process Monitor v3.80 – Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.

      Sysmon v13.20 – This update to Sysmon, an advanced system security monitor, adds “not begin with” and “not end with” filter conditions and fixes a regression for rule include/exclude logic.

      TCPView v4.10 – This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.

      Process Explorer v16.40 – This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.

      PsExec v2.34 – This PsExec release reverts to sending all PsExec output to stderr so that only target process output emits to stdout.

      Sigcheck v2.81 – fixes a bug in filtering output for unsigned VirusTotal unknown files and now reports the signing time for files with untrusted certificate signatures.

      WinObj v3.10 – This WinObj update extends search functionality to include symbolic link targets.

      1 user thanked author for this post.
    • #2367204

      Sysinternals update 2021-05-26

      https://download.sysinternals.com/files/SysinternalsSuite.zip

      Changes in Sysinternals suite 2021-05-26

      Process Monitor v3.81

      This bugfix update for Process Monitor addresses some regressions introduced with v3.80.

      TCPView v4.11

      This update to TCPView fixes a crash occurring when items were copied.

      Process Explorer v16.41

      This update to Process Explorer fixes a startup crash.

      --Joe

      2 users thanked author for this post.
    • #2367235

      I generally use WSCC to update Sysinternals. It also updates NirSoft & MiTEC utilities. It is portable too.

      I also like WSCC and use it from within the Portable Apps Platform in my take everywhere 32 GB thumb drive. I have 28 Portable Apps in there, and it is handy, but only occaisionally used when visiting friends.
      Note the WSCC gets regular updates also:

      WSCC – Windows System Control Center
      Latest Version 4.0.7.2 – May 17, 2021
      new keyboard shortcuts, and minor fixes and improvements

      WSCC Version History

      “WSCC allows you to install, update, execute and organize the utilities from various system utility suites. WSCC can install and update the supported utilities automatically. The portable edition doesn’t require installation and can be run directly from a USB drive.”

      https://www.kls-soft.com/wscc/downloads.php

      https://portableapps.com/

      I downloaded WSCC from kls-soft website, the wsccportable.paf.exe bottom download, then manually installed into Portable Apps Platform from the Apps – Install a New App (paf.exe) button, just because I wanted a lot of utilities all together in Portable Apps, but this is not necessary because you can also just download a standalone portable.
      I may be over sharing too much info, hope it may benefit someone.

    • #2368467

      Sysinternals Suite 2021.06.01

      Changes in Sysinternals Suite 2021.06.01:

      Process Monitor v3.82 – This update to Process Monitor fixes “go to event” from context menu and introduces some UI improvements for the dark theme.

      TCPView v4.12 – This update to TCPView fixes a bug where columns would be drawn twice.

      Process Explorer v16.42 – This update to Process Explorer fixes a bug with signature checks.

      Sysmon v13.21 – This update to Sysmon fixes a rare crash on process startup on x86 systems.

      1 user thanked author for this post.
    • #2372819

      Sysinternals Suite 2021.06.22

      Changes in Sysinternals Suite 2021.06.22:

      RDCMan v2.8

      RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!

      AccessChk v6.14

      This AccessChk version adds support for NULL DACL reporting.

      Process Monitor v3.83

      ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.

      Strings v2.54

      This Strings update improves handling of files containing long strings.

      Sysmon v13.22

      This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.

      TCPView v4.13

      This TCPView update fixes a bug with connection state filtering.

      --Joe

      2 users thanked author for this post.
    • #2373283

      Sysinternals Suite 2021.06.24

      Changes in Sysinternals Suite 2021.06.24:

      RDCMan v2.81

      This update to RDCMan, a utility for managing multiple remote desktop connections, resolves a crash happening on failure to connect to server groups.

       

      --Joe

      1 user thanked author for this post.
    • #2384544

      Sysinternals Suite 2021.08.18

      Changes in Sysinternals Suite 2021.08.18:

      Autoruns v14.0

      Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.

      RDCMan v2.83

      This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.

      ProcDump v10.11

      This update to ProcDump fixes a “The parameter is incorrect” error on Windows Server 2016 systems.

      Winobj v3.11

      WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      TCPView v4.14

      TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      Process Monitor v3.84

      Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      Process Explorer v16.43

      This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, “medium+” for process integrity levels and has some display tweaks for systems with large memory capacity.

      Sysmon v13.24

      This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.

      --Joe

      1 user thanked author for this post.
    • #2387305

      Sysinternals Suite 2021.09.01

      Changes in Sysinternals Suite 2021.09.01:

      Autoruns v14.01

      This update for Autoruns fixes a regression with VirusTotal submissions introduced in v14.0.

      --Joe

    • #2387648

      Let’s hope that the well-known ProcMon bugs have been squished.

      IMO it’s been fairly useless since v3.50… about the time that Mark Russinovich relinquished control to someone else.

      I get that he’s now one of the head honchos within Azure so has little or no time for anything else. Perhaps ProcMon should have been frozen?

    • #2391349

      Sysinternals Suite 2021.09.22

      Changes in Sysinternals Suite 2021.09.22:

      Autoruns v14.02

      Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.

      WinObj v3.12

      WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      Tcpview v4.15

      TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      Process Monitor v3.85

      Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

      --Joe

      1 user thanked author for this post.
    • #2392665

      Sysinternals Suite 2021.09.30

      Changes in Sysinternals Suite 2021.09.30:

      Autoruns v14.03

      This update for Autoruns restores entries previously shown in v13.100, improves Wow64 redirection handling and entry name resolution.

       

      --Joe

      3 users thanked author for this post.
    • #2395642

      Sysinternals Suite 2021.10.13

      Change Log :

      Autoruns v14.04 – This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.

      WinObj v3.13, Tcpview v4.16 and Process Monitor v3.86 get high DPI application icons.

      AccessEnum v1.33, CacheSet v1.01, Contig v1.81, Desktops v2.01, Disk2vhd v2.02, DiskMon v2.02, EFSDump v1.03, LoadOrder v1.02, PsShutdown v2.53, RegJump v1.11, ShareEnum v1.61, ShellRunas v1.02 get new builds with updated Windows libraries.

    • #2395671

      I’ve just tried Process Monitor 3.86 (ProcMon) from the newly-updated suite.

      The bad news is that the Cross Reference Summary Listview bug reported in ProcMon 3.85 is still present.

      The good news is… the long-standing but obscure Event Properties page \ Process tab bug (only present when viewing *saved* PML files) reported in ProcMon 3.83 (but present at least as far back as ProcMon 3.50) has *finally* been fixed.

      Still no method to swap the new (since ProcMon 3.83awful-looking toolbar icons back to the old ones that were clear and well-understood.

      I’ve reverted back to ProcMon 3.50… again. At least that works (except for the obscure Event Properties page \ Process tab bug when viewing saved PML files) and the purpose of the icons is clear.

    • #2395673

      Autoruns v14.04 – This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.

      Just be aware that Autoruns 14.04 in yesterday’s suite update has already had a bug reported – Autoruns 14.04 cannot open (or compare with) the output files it creates (“Failed to load scanned data” error) 🙁

       

      1 user thanked author for this post.
    • #2395812

      Looking around, it appears that the last trouble-free version of Autoruns was 13.98.

      I haven’t yet been able to find a *reliable* source for that (there’s a lot of very sketchy sites out there).

      EDIT: I finally found Autoruns 13.98… on the Wayback Machine (Internet Archive).

      EDIT: MS have now released an incremental point update to 14.05. There’s no posts at this time about 14.05 in the Autoruns forum but a post on TenForums says the Compare function is now working.

    • #2395827

      An update: I tested Autoruns 14.05 out myself:

      1. Ran Autoruns 14.05 (as Administrator) and saved ARN file.
      2. Rebooted. Windows 10 shows ‘Configuring new updates’ WTH!
      3. Ran Autoruns again and used Compare to point to previously saved ARN file… nothing, just a completely blank Autoruns Entry pane.
      4. Used Compare again and pointed to the same previously saved ARN file… success, it now shows changed entries (highlit in bright red) in Autoruns Entry pane.
      5. Clicked Refresh… changed entries now show clearly in Autoruns Entry pane but without the previous red highlighting).
      6. Clicked on File in the menu.. File options appeared but were all distorted. All I could see was the first letter of each option. Scrolled across other menubar entries and it was the same… just the first letter of each option showing.
      7. Took screenshot using PrtScr key.
      8. Pasted into Paint (Windows Accessories, not Paint3D). The paste just showed a completely black screen.
      9. Tried again… the paste into Paint just shows a completely black screen.

      Conclusion… I need to do a clean install of my test laptop (grrr!). It’s impossible to tell whether Autoruns 14.05 is borked or whether the Patch Tuesday Windows 10 update borked Autoruns.

    • #2395829

      Carried out clean install of Windows 10 Pro 21H1 into unallocated space. Now, after 2 reboots, I’m still sat looking (30 minutes so far) at all the unknown devices in Device Manager whilst Windows Update tells me it’s looking for updates.

      I’ve NEVER had a clean install go so slowly once its reached the update stage. It looks like the CU (KB5006670) is the problem… the install is just stuck at 21%.

    • #2395850

      Well, that was the most painful clean install ever. I’m used to about 20-30 minutes from start to finish… that took well over an hour and half and I still have two hardware devices showing problems.

      (And, ‘cos I did the clean install purely to test Autoruns, I didn’t bother pausing OOBE to run my usual Windows 10 Decrapifier script… so I’m going to have to redo the clean install anyway or just restore a Macrium image of the previous version.)

      EDIT: And now I’ve found that left-clicking on the Start button does nothing. I restarted using a right-click on it and, after a restart, left-clicking now works… and I finally have an Windows 21H1 19043.1288 install and no pending Windows Updates.

      So, finally, back to testing Autoruns.

      1. I ran Autoruns 14.05 (as ‘Administrator’), removed all entries from the top two categories (HKCU\…\Run and HKLM\…\Run) and saved an ARN file.

      2. Rebooted.

      3. I ran Autoruns again and used Compare to point to previously saved ARN file… Autoruns Entry pane showed a Services entry (under Everthing) and nothing else. I took a screenshot using PrtScr.

      autoruns1

      However it couldn’t be expanded and clicking on it made it disappear… leaving a completely blank Autoruns Entry pane.

      4. I used Compare again and pointed to the same previously saved ARN file… This time the Open Autruns File to Compare ‘browse’ dialog was completely blank except for a dropdown and  a button that showed Open 6. Worse, PrtScr had stopped working… but I managed to get a screenshot using ALT+PrtScr.

      autoruns2

      5. I clicked on File in the menu. The File options list was completely empty! Tried PrtScr but this didn’t work (and ALT+PrtScr just undoes the focus on File).  Clicked on File again and this time the File entries just showed the first letter. I managed to get a screenshot using timer mode of the Snipping Tool.

      autoruns3

      6. I closed and re-opened Autoruns then tried Compare again… and it finally worked, but showed many more changes than the ones I had made to the two Run keys. I assume this is the residual effects of the Patch Tuesday Cumulative Update.

      autoruns4

      Conclusion… 14.05 is *not* fixed. If anything it’s worse than 14.04 and I’ll be sticking with 13.98.

      Hope this helps…

      1 user thanked author for this post.
    • #2395876

      Fun Fact – Today is Sysinternals’ 25th Anniversary.

    • #2395928

      FWIW,

      If you install from the store you should get updates automatically. BUT, I do not want them installed.

       

      --Joe

      • #2395941

        I use SysInternalsUpdater to manually update the package.
        Its 2016 old app. Latest version 2.0.4

      • #2396010

        FWIW,

        If you install from the store you should get updates automatically. BUT, I do not want them installed.

         

        I’m very sorry Joe but I have to disagree with you. Some of the entries in the current Sysinternals suite are badly flawed (and have been for several incremental point releases) and can no longer be trusted. IMO, the only safe way forward is to install suite entries individually after reading up on the bugs widely.

        I used to use WSCC too, for years… but that was when the quality of the Sysinternals suite components never varied and were consistently bug-free. That hasn’t been the case since Mark Russinovich moved from the Windows division to Azure and quite obviously relinquished oversight of the suite and its components.

        What used to be ‘go to’ utilities have, IMO, become ‘avoid unless you’re prepared to put the time in to working out which version you can still trust’. Process Monitor and Autoruns spring to mind. These days I would *never* download the Sysinternals suite.

        More worrying, Mark Russinovich made a comment many years ago that Microsoft relied upon his and Bryce Cogswell’s utilities internally so much that it bought the company.

        Does Microsoft still rely upon some of these now so obviously flawed utilities? That’s scary.

        • #2396030

          Rick,

          I am not necessarily advocating the store or winget. Just putting it out there for those who may prefer one of those methods. These days, I use the tools less frequently. I tinker with my systems much less than I used to. The compare problem in Autoruns does not affect me as I don’t use compare. I mainly have the tools around to help troubleshoot other PCs when friends or family call.

           

          --Joe

    Viewing 43 reply threads
    Reply To: Sysinternals Suite Update

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.