Sysinternals Suite Update

Topic

New Reply

Sysinternals has been updated as follows:

ProcDump v9

This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.

Autoruns v13.71

This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images.

BgInfo v4.22

This release of Bginfo honors applocker policy for VB scripts specified as the source of field data.

LiveKd v5.62

This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store.

Process Monitor v3.33

Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store.

Process Explorer v16.21

This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate.

https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

11 users thanked author for this post.

TechTango, JohnW, RetiredGeek, wavy, Microfix, doriel, BATcher, Lugh, geekdom, Elly, MrBrian

Reply | Quote

Replies

I use this tool frequently. psexec is the one I use the most, very handy for deploying scripts,  commands, and some basic installs , to remote machines.

Group A | Windows 7 Pro 64-bit | Windows 10 Pro 1809 64-bit

Reply | Quote

Latest update December 9, 2018

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version.

Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen.

ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen.

Sdelete 2.02 SDelete now includes a progress filter that reports progress for the disk cleaning phase that purges MFT resident files.

Sigcheck 2.71 This release fixes a crash when attempting to scan small files (< 512 bytes) and resolves issue with incorrect timestamp being reported.

Sysmon 8.2 This Sysmon release fixes several filtering bugs, resolves a handle leak and high CPU usage for certain filters when on Windows 7 and Windows Server 2008, and fixes a bug that could cause the service process to crash.

VMMap 3.25 This VMMap update fixes a bug that prevented profiling a 32-bit application on a 64-bit OS.

 

 

--Joe

Reply | Quote

Sysmon 8.04 released December 18, 2018

What’s New (December 18, 2018)

Reverted the filtering change made in 8.02 as this broke a number of configuration files. We are planning to revisit and enhance the filtering in the new year

Fixed BSOD in legacy named pipe filter used on Windows 7 and earlier

Fixed kernel memory leak that occurred when the configuration is reloaded

--Joe

1 user thanked author for this post.

RockE

Reply | Quote

Updates released 2019/02/18

Sysmon 9.0
Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification.

 

Autoruns 13.94
This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and cmd.exe. 

 

--Joe

1 user thanked author for this post.

Lars220

Reply | Quote

Released 2019/03/05
Sigcheck 2.72
PsLogList 2.81

Released 2019/03/11
Sysmon 9.1

Released 2019/03/16
BgInfo 4.26

Released 2019/03/24
ProcMon 3.52

Released 2019/04/04
RAMMap 1.52

--Joe

1 user thanked author for this post.

satrow

Reply | Quote

I use Portable SysInternalsUpdater to update the suite.

Reply | Quote

I generally use WSCC to update Sysinternals. It also updates NirSoft & MiTEC utilities. It is portable too.

You can check it out at http://www.kls-soft.com/wscc/index.php

--Joe

2 users thanked author for this post.

Alex5723, satrow

Reply | Quote

Released 2019/04/23

Dbgview 4.90

--Joe

Reply | Quote

From Sysinternals blog 2019-06-12:

Sysmon 10.0
This release of Sysmon adds DNS query logging, reports OriginalFileName in process create and load image events, adds ImageName to named pipe events, logs pico process creates and terminates, and fixes several bugs.

Autoruns 13.95
This Autoruns update adds support for user Shell folders redirections.

VMMap 3.26
This update to VMMap, a tool for looking at the virtual and physical memory usage of a process, fixes a bug in 64-bit CLR heap reporting.

--Joe

Reply | Quote

[joep517]

From the Sysinternals blog 2019-06-15

Handle v4.22
This release of Handle fixes a race condition in the driver that could lead to a crash.

Notmyfault v4.20
Notmyfaultc now includes a flag that makes it wait until an event named Notmyfault is signaled before proceeding to crash or leak.

Process Explorer v16.25
This update to Process Explorer fixes a potential buffer overflow when processing abnormally large environment variable blocks.

Sysmon v10.01
This update to Sysmon fixes a memory leak in image load events that v10.0 introduced.

--Joe

• This reply was modified 3 years, 9 months ago by joep517. Reason: correct date

Reply | Quote

2019-06-28 Updates:

RAMMAP 1.52
PROCEXP 16.26
AUTORUNS 13.96
SYSMON 10.0.0.2

Unfortunately, I can’t find any change descriptions.

--Joe

1 user thanked author for this post.

satrow

Reply | Quote

Descriptions here (via Günter Born).

Autoruns v13.96
This release of Autoruns improves the security of loading system libraries

Process Explorer v16.26
This update to Process Explorer fixes a memory leak when showing CPU and/or GPU history graphs, display of overflowing metrics on the process properties tab and improves security of loading system libraries.

RAMMap v1.52
The ARM64 version of RAMMap “RAMMap64a.exe” is now included.

Sysmon v10.2
This update to Sysmon includes the following fixes:
Fixed an XML parsing error when there is a comment after a RuleGroup element
A config dump issue when both include and exclude rules are used
A BSOD on Windows 7 when using named-pipes

1 user thanked author for this post.

joep517

Reply | Quote

2019-09-05 updates:

Sysmon v10.4
This major update to Sysmon, a security event monitoring service, adds nested rule support to rule groups and “contains any” and “contains all” rule conditions for more flexible filtering, as well as several bug fixes.

Process Explorer v16.30
This update to Process Explorer adds a Shared Commit column to the process view, fixes a bug that caused it to terminate when it is configured to run at logon and the system went to battery, and fixes bugs that prevented the system CPU graph from correctly showing multiple sockets.

--Joe

Reply | Quote

2019-06-16 update:

Sysmon v10.41
Resolves a config parsing issue with 10.4.

--Joe

1 user thanked author for this post.

geekdom

Reply | Quote

2019-12-11 updates:

Sysmon v10.42
This update to Sysmon addresses a number of memory leaks, introduces the “Excludes Any” and “Excludes All” filtering conditions and resolves a number of bugs.

Zoomit v4.52
This update to Zoomit resolves a number of dual-monitor related issues.

Whois v1.21
This refresh of Whois contains various bug fixes.

--Joe

1 user thanked author for this post.

satrow

Reply | Quote

2019-12-19 updates:

Process Monitor v3.53
This update to Process Monitor includes the following changes:

Resolves a crash when reloading a saved file
Fixes issues where profiling events and/or process activity summary stopped working after the GUI is closed and reopened
Adds file information class for IRP_MN_QUERY_DIRECTORY

Process Explorer v16.31
This update to Process Explorer resolves a number of crashes and addresses a GDI exhaustion issue on busy systems.

--Joe

Reply | Quote

What’s New (September 17, 2020)
Sysmon v12.0
In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.

Process Monitor v3.60
This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.

Procdump v10.0
This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.

ARM64 ports
In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

What’s New (June 24, 2020)
Sysmon v11.10
This update to Sysmon now captures stream content for alternate data streams into logged events, which is useful for investigating downloads tagged with ‘Mark of the Web’ (MOTW) streams, introduces an ‘is-any’ filter condition, and fixes several bugs.

Sigcheck v2.80
Sigcheck, a flexible tool for showing file versions, file signatures, and certificate stores, introduces a -p option for specifying a trust GUID for signature verification, and it now shows certificate signing chains even when a certificate in the chain is untrusted.

Sysinternals June 24 Update Video
Mark Russinovich covers what’s new in this update, with demos of Sysmon’s alternate data stream content capture and new features in Sigcheck.

What’s New (April 28, 2020)
Sysmon v11.0
This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.

Sysinternals April 27 Update Video
Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability.

--Joe

5 users thanked author for this post.

WSNumer8tor, wavy, RetiredGeek, Alex5723, ScotchJohn

Reply | Quote

System Internals Updated: October 15, 2020:
https://download.sysinternals.com/files/SysinternalsSuite.zip

Sysmon v12.01, VMMap 3.30, RAMMap v1.60, AccessChk v6.13 and DiskView v2.41

VMMap v3.30
This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.

RAMMap
This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.

Sysmon v12.01
Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.

ARM64 ports
New ARM64 releases for AccessChk v6.13, DiskView v2.41 and VMMap v3.30. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

Keep IT Lean, Clean and Mean!

Reply | Quote

System Internals Updated: November 4, 2020:
https://download.sysinternals.com/files/SysinternalsSuite.zip

AD Explorer v1.50, Disk Usage v1.62, VMMap v3.31 and Sysmon v12.02

AD Explorer v1.50
This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the “Compare” dialog and is now available for x64 and ARM64.

Disk Usage v1.62
This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.

VMMap v3.31
This update to VMMap, a utility that reports the virtual memory layout of a process, fixes a Thread Environment Block bug on Windows 10 systems.

Sysmon v12.02
This update to Sysmon fixes several configuration parsing bugs.

ARM64 ports
New ARM64 releases for AdExplorer v1.50 and DU v1.62. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

--Joe

1 user thanked author for this post.

wavy

Reply | Quote

System Internals Suite updated November 25, 2020

https://download.sysinternals.com/files/SysinternalsSuite.zip

Sysmon v12.03

This version of Sysmon fixes reporting and a possible crash condition for PipeEvent and RegistryEvent rules.

SDelete v2.04

This update to SDelete, a command line utility for secure file deletion, provides a new switch, -f, to to avoid file/directory versus drive ambiguity.

WinObj v2.23

This update to WinObj, a utility to explore the Windows NT Object Manager’s namespace, brings bug fixes and is now available for x64 and ARM64.

ARM64 ports

New ARM64 releases for ADRestore v1.2, LogonSessions v1.41 and WinObj v2.23. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

--Joe

Reply | Quote

System Internals Suite updated January 11, 2021

https://download.sysinternals.com/files/SysinternalsSuite.zip

Sysmon v13.00

This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.

Process Monitor v3.61

This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.

PsExec v2.21

This update to PsExec, a command line utility for remotely launching processes on Windows computers, removes some MAX_PATH related limits and now mandates the -i flag for interactive sessions.

--Joe

2 users thanked author for this post.

satrow, geekdom

Reply | Quote

System Internals Suite updated January 12, 2021

https://download.sysinternals.com/files/SysinternalsSuite.zip

Sysmon v13.01

This bugfix update to Sysmon resolves a series of config parsing issues.

PsExec v2.30

Previous versions of PsExec are susceptible to a named pipe squatting attack. If a low-privileged attacker creates a named pipe on a server to which a PsExec client connects, they could intercept explicit authentication credentials or sensitive command-line arguments sent by the client. The PsExec client now drops a key into file protected with an administrator-only security descriptor with a name formatted as PSEXEC-.key into the Windows directory on the remote system that the PsExec service uses to authenticate to the client.

--Joe

2 users thanked author for this post.

Alex5723, geekdom

Reply | Quote

System Internals Suite updated January 15, 2021

https://download.sysinternals.com/files/SysinternalsSuite.zip

PsExec v2.32

This update to PsExec fixes a bug where the -r option was not honored.

--Joe

3 users thanked author for this post.

BATcher, Trev, Alex5723

Reply | Quote

[joep517]

Updates 2021-02-22

https://download.sysinternals.com/files/SysinternalsSuite.zip

What’s New
WinObj v3.0
This major update to WinObj adds dynamic updates, quick search, full search, properties for more object types, as well as performance improvements. It’s also the first Sysinternals tool to feature a dark theme.

Coreinfo v3.52
This update to CoreInfo adds reporting for CET (shadow stack) support.

--Joe

• This reply was modified 2 years ago by joep517.

2 users thanked author for this post.

Alex5723, RetiredGeek

Reply | Quote

Updates 2021-03-01

https://download.sysinternals.com/files/SysinternalsSuite.zip

What’s New
WinObj v3.01

This minor update to WinObj fixes a crash on exit.

--Joe

Reply | Quote

Sysinternals Suite 2021.03.23

Changes in Sysinternals Suite 2021.03.23:

TCPView v4.0 – This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
PsExec v2.33 – This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
WinObj v3.02 – This WinObj release fixes a bug that could cause it to crash.
Sysmon v13.02 – This Sysmon update fixes a crash that could be caused by file deletion events, fixes the “is any” rule predicate, and adds several configuration parsing performance improvements.

http://technet.microsoft.com/en-us/sysinternals/bb842062

1 user thanked author for this post.

doriel

Reply | Quote

Sysinternals Suite 2021-04-21

https://download.sysinternals.com/files/SysinternalsSuite.zip

Procmon v3.70

This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.

Sysmon v13.10

This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn’t archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.

Autoruns v13.99

This update to Autoruns fixes a bug that resulted in some empty locations being hidden when the Include Empty Locations option is selected.

TCPView v4.01

This update to TCPView refines Quick search to look in IP addresses and ports.

Theme Engine

This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TcpView have been updated. Expect more tools using the theme engine in the near future!

--Joe

Reply | Quote

Warning: this suite contains Autoruns v13.99 which has been known to CrAsH! on W10.
I’d continue with the older autoruns until fixed, no doubt within the next couple of days. That doesn’t stop you from downloading the suite though 🙂
Ref: BleepingComputer-Lawrence Abrams

Keep IT Lean, Clean and Mean!

Reply | Quote

Autoruns v13.100

This update to Autoruns fixes a crash reported in v13.99.

Autoruns for Windows – Windows Sysinternals | Microsoft Docs

--Joe

2 users thanked author for this post.

BATcher, GoneToPlaid

Reply | Quote

Sysinternals Suite 2021.05.25

Changes in Sysinternals Suite 2021.05.25:

Process Monitor v3.80 – Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.

Sysmon v13.20 – This update to Sysmon, an advanced system security monitor, adds “not begin with” and “not end with” filter conditions and fixes a regression for rule include/exclude logic.

TCPView v4.10 – This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.

Process Explorer v16.40 – This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.

PsExec v2.34 – This PsExec release reverts to sending all PsExec output to stderr so that only target process output emits to stdout.

Sigcheck v2.81 – fixes a bug in filtering output for unsigned VirusTotal unknown files and now reports the signing time for files with untrusted certificate signatures.

WinObj v3.10 – This WinObj update extends search functionality to include symbolic link targets.

1 user thanked author for this post.

Lars220

Reply | Quote

Sysinternals update 2021-05-26

https://download.sysinternals.com/files/SysinternalsSuite.zip

Changes in Sysinternals suite 2021-05-26

Process Monitor v3.81

This bugfix update for Process Monitor addresses some regressions introduced with v3.80.

TCPView v4.11

This update to TCPView fixes a crash occurring when items were copied.

Process Explorer v16.41

This update to Process Explorer fixes a startup crash.

--Joe

2 users thanked author for this post.

Alex5723, Lars220

Reply | Quote

joep517 wrote:

I generally use WSCC to update Sysinternals. It also updates NirSoft & MiTEC utilities. It is portable too.

I also like WSCC and use it from within the Portable Apps Platform in my take everywhere 32 GB thumb drive. I have 28 Portable Apps in there, and it is handy, but only occaisionally used when visiting friends.
Note the WSCC gets regular updates also:

WSCC – Windows System Control Center
Latest Version 4.0.7.2 – May 17, 2021
new keyboard shortcuts, and minor fixes and improvements

WSCC Version History

“WSCC allows you to install, update, execute and organize the utilities from various system utility suites. WSCC can install and update the supported utilities automatically. The portable edition doesn’t require installation and can be run directly from a USB drive.”

https://www.kls-soft.com/wscc/downloads.php

https://portableapps.com/

I downloaded WSCC from kls-soft website, the wsccportable.paf.exe bottom download, then manually installed into Portable Apps Platform from the Apps – Install a New App (paf.exe) button, just because I wanted a lot of utilities all together in Portable Apps, but this is not necessary because you can also just download a standalone portable.
I may be over sharing too much info, hope it may benefit someone.

Reply | Quote

Sysinternals Suite 2021.06.01

Changes in Sysinternals Suite 2021.06.01:

Process Monitor v3.82 – This update to Process Monitor fixes “go to event” from context menu and introduces some UI improvements for the dark theme.

TCPView v4.12 – This update to TCPView fixes a bug where columns would be drawn twice.

Process Explorer v16.42 – This update to Process Explorer fixes a bug with signature checks.

Sysmon v13.21 – This update to Sysmon fixes a rare crash on process startup on x86 systems.

1 user thanked author for this post.

RetiredGeek

Reply | Quote

Sysinternals Suite 2021.06.22

Changes in Sysinternals Suite 2021.06.22:

RDCMan v2.8

RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!

AccessChk v6.14

This AccessChk version adds support for NULL DACL reporting.

Process Monitor v3.83

ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.

Strings v2.54

This Strings update improves handling of files containing long strings.

Sysmon v13.22

This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.

TCPView v4.13

This TCPView update fixes a bug with connection state filtering.

--Joe

2 users thanked author for this post.

RetiredGeek, Alex5723

Reply | Quote

Sysinternals Suite 2021.06.24

Changes in Sysinternals Suite 2021.06.24:

RDCMan v2.81

This update to RDCMan, a utility for managing multiple remote desktop connections, resolves a crash happening on failure to connect to server groups.

 

--Joe

1 user thanked author for this post.

Alex5723

Reply | Quote

Sysinternals Suite 2021.08.18

Changes in Sysinternals Suite 2021.08.18:

Autoruns v14.0

Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.

RDCMan v2.83

This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.

ProcDump v10.11

This update to ProcDump fixes a “The parameter is incorrect” error on Windows Server 2016 systems.

Winobj v3.11

WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

TCPView v4.14

TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

Process Monitor v3.84

Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

Process Explorer v16.43

This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, “medium+” for process integrity levels and has some display tweaks for systems with large memory capacity.

Sysmon v13.24

This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.

--Joe

1 user thanked author for this post.

RetiredGeek

Reply | Quote

Sysinternals Suite 2021.09.01

Changes in Sysinternals Suite 2021.09.01:

Autoruns v14.01

This update for Autoruns fixes a regression with VirusTotal submissions introduced in v14.0.

--Joe

Reply | Quote

Let’s hope that the well-known ProcMon bugs have been squished.

IMO it’s been fairly useless since v3.50… about the time that Mark Russinovich relinquished control to someone else.

I get that he’s now one of the head honchos within Azure so has little or no time for anything else. Perhaps ProcMon should have been frozen?

Reply | Quote

Sysinternals Suite 2021.09.22

Changes in Sysinternals Suite 2021.09.22:

Autoruns v14.02

Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.

WinObj v3.12

WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

Tcpview v4.15

TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

Process Monitor v3.85

Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

--Joe

1 user thanked author for this post.

Alex5723

Reply | Quote

Sysinternals Suite 2021.09.30

Changes in Sysinternals Suite 2021.09.30:

Autoruns v14.03

This update for Autoruns restores entries previously shown in v13.100, improves Wow64 redirection handling and entry name resolution.

 

--Joe

3 users thanked author for this post.

Alex5723, BATcher, RetiredGeek

Reply | Quote

Sysinternals Suite 2021.10.13

Change Log :

Autoruns v14.04 – This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.

WinObj v3.13, Tcpview v4.16 and Process Monitor v3.86 get high DPI application icons.

AccessEnum v1.33, CacheSet v1.01, Contig v1.81, Desktops v2.01, Disk2vhd v2.02, DiskMon v2.02, EFSDump v1.03, LoadOrder v1.02, PsShutdown v2.53, RegJump v1.11, ShareEnum v1.61, ShellRunas v1.02 get new builds with updated Windows libraries.

Reply | Quote

I’ve just tried Process Monitor 3.86 (ProcMon) from the newly-updated suite.

The bad news is that the Cross Reference Summary Listview bug reported in ProcMon 3.85 is still present.

The good news is… the long-standing but obscure Event Properties page \ Process tab bug (only present when viewing *saved* PML files) reported in ProcMon 3.83 (but present at least as far back as ProcMon 3.50) has *finally* been fixed.

Still no method to swap the new (since ProcMon 3.83)  awful-looking toolbar icons back to the old ones that were clear and well-understood.

I’ve reverted back to ProcMon 3.50… again. At least that works (except for the obscure Event Properties page \ Process tab bug when viewing saved PML files) and the purpose of the icons is clear.

Reply | Quote

Alex5723 wrote:

Autoruns v14.04 – This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.

Just be aware that Autoruns 14.04 in yesterday’s suite update has already had a bug reported – Autoruns 14.04 cannot open (or compare with) the output files it creates (“Failed to load scanned data” error) 🙁

 

1 user thanked author for this post.

Alex5723

Reply | Quote

Looking around, it appears that the last trouble-free version of Autoruns was 13.98.

I haven’t yet been able to find a *reliable* source for that (there’s a lot of very sketchy sites out there).

EDIT: I finally found Autoruns 13.98… on the Wayback Machine (Internet Archive).

EDIT: MS have now released an incremental point update to 14.05. There’s no posts at this time about 14.05 in the Autoruns forum but a post on TenForums says the Compare function is now working.

Reply | Quote

An update: I tested Autoruns 14.05 out myself:

1. Ran Autoruns 14.05 (as Administrator) and saved ARN file.
2. Rebooted. Windows 10 shows ‘Configuring new updates’ WTH!
3. Ran Autoruns again and used Compare to point to previously saved ARN file… nothing, just a completely blank Autoruns Entry pane.
4. Used Compare again and pointed to the same previously saved ARN file… success, it now shows changed entries (highlit in bright red) in Autoruns Entry pane.
5. Clicked Refresh… changed entries now show clearly in Autoruns Entry pane but without the previous red highlighting).
6. Clicked on File in the menu.. File options appeared but were all distorted. All I could see was the first letter of each option. Scrolled across other menubar entries and it was the same… just the first letter of each option showing.
7. Took screenshot using PrtScr key.
8. Pasted into Paint (Windows Accessories, not Paint3D). The paste just showed a completely black screen.
9. Tried again… the paste into Paint just shows a completely black screen.

Conclusion… I need to do a clean install of my test laptop (grrr!). It’s impossible to tell whether Autoruns 14.05 is borked or whether the Patch Tuesday Windows 10 update borked Autoruns.

Reply | Quote

Carried out clean install of Windows 10 Pro 21H1 into unallocated space. Now, after 2 reboots, I’m still sat looking (30 minutes so far) at all the unknown devices in Device Manager whilst Windows Update tells me it’s looking for updates.

I’ve NEVER had a clean install go so slowly once its reached the update stage. It looks like the CU (KB5006670) is the problem… the install is just stuck at 21%.

Reply | Quote

Well, that was the most painful clean install ever. I’m used to about 20-30 minutes from start to finish… that took well over an hour and half and I still have two hardware devices showing problems.

(And, ‘cos I did the clean install purely to test Autoruns, I didn’t bother pausing OOBE to run my usual Windows 10 Decrapifier script… so I’m going to have to redo the clean install anyway or just restore a Macrium image of the previous version.)

EDIT: And now I’ve found that left-clicking on the Start button does nothing. I restarted using a right-click on it and, after a restart, left-clicking now works… and I finally have an Windows 21H1 19043.1288 install and no pending Windows Updates.

So, finally, back to testing Autoruns.

1. I ran Autoruns 14.05 (as ‘Administrator’), removed all entries from the top two categories (HKCU\…\Run and HKLM\…\Run) and saved an ARN file.

2. Rebooted.

3. I ran Autoruns again and used Compare to point to previously saved ARN file… Autoruns Entry pane showed a Services entry (under Everthing) and nothing else. I took a screenshot using PrtScr.

However it couldn’t be expanded and clicking on it made it disappear… leaving a completely blank Autoruns Entry pane.

4. I used Compare again and pointed to the same previously saved ARN file… This time the Open Autruns File to Compare ‘browse’ dialog was completely blank except for a dropdown and  a button that showed Open 6. Worse, PrtScr had stopped working… but I managed to get a screenshot using ALT+PrtScr.

5. I clicked on File in the menu. The File options list was completely empty! Tried PrtScr but this didn’t work (and ALT+PrtScr just undoes the focus on File).  Clicked on File again and this time the File entries just showed the first letter. I managed to get a screenshot using timer mode of the Snipping Tool.

6. I closed and re-opened Autoruns then tried Compare again… and it finally worked, but showed many more changes than the ones I had made to the two Run keys. I assume this is the residual effects of the Patch Tuesday Cumulative Update.

Conclusion… 14.05 is *not* fixed. If anything it’s worse than 14.04 and I’ll be sticking with 13.98.

Hope this helps…

1 user thanked author for this post.

Alex5723

Reply | Quote

Fun Fact – Today is Sysinternals’ 25th Anniversary.

Reply | Quote

FWIW,

• Install Sysinternals Suite from the Microsoft Store
  Sysinternals Suite is now available in the Microsoft Store and Windows Package Manager (winget).
  PowerShellCopy

  PS C:\> winget install sysinternals
  

If you install from the store you should get updates automatically. BUT, I do not want them installed.

 

--Joe

Reply | Quote

I use SysInternalsUpdater to manually update the package.
Its 2016 old app. Latest version 2.0.4

Reply | Quote

I use KLS SOFT – WSCC – Windows System Control Center (kls-soft.com) to update Sysinternals, Nirsoft, and MiTec. It is free for personal use.

--Joe

1 user thanked author for this post.

Alex5723

Reply | Quote

joep517 wrote:

FWIW,

• Install Sysinternals Suite from the Microsoft Store
  Sysinternals Suite is now available in the Microsoft Store and Windows Package Manager (winget).
  PowerShellCopy

  PS C:\> winget install sysinternals
  

If you install from the store you should get updates automatically. BUT, I do not want them installed.

 

I’m very sorry Joe but I have to disagree with you. Some of the entries in the current Sysinternals suite are badly flawed (and have been for several incremental point releases) and can no longer be trusted. IMO, the only safe way forward is to install suite entries individually after reading up on the bugs widely.

I used to use WSCC too, for years… but that was when the quality of the Sysinternals suite components never varied and were consistently bug-free. That hasn’t been the case since Mark Russinovich moved from the Windows division to Azure and quite obviously relinquished oversight of the suite and its components.

What used to be ‘go to’ utilities have, IMO, become ‘avoid unless you’re prepared to put the time in to working out which version you can still trust’. Process Monitor and Autoruns spring to mind. These days I would *never* download the Sysinternals suite.

More worrying, Mark Russinovich made a comment many years ago that Microsoft relied upon his and Bryce Cogswell’s utilities internally so much that it bought the company.

Does Microsoft still rely upon some of these now so obviously flawed utilities? That’s scary.

Reply | Quote

Rick,

I am not necessarily advocating the store or winget. Just putting it out there for those who may prefer one of those methods. These days, I use the tools less frequently. I tinker with my systems much less than I used to. The compare problem in Autoruns does not affect me as I don’t use compare. I mainly have the tools around to help troubleshoot other PCs when friends or family call.

 

--Joe

Reply | Quote

Sysinternals Suite 2021.10.26

https://download.sysinternals.com/files/SysinternalsSuite.zip

Autoruns v14.06 – This Autoruns release fixes a crash happening for scheduled tasks containing spaces.
Sysmon v13.30 – This Sysmon update adds user fields for events, fixes a series of crash-causing bugs – for example with the Visual Studio debugger – and improves memory usage and management in the driver.

1 user thanked author for this post.

joep517

Reply | Quote

Sysinternals Suite 2021.12.16

https://download.sysinternals.com/files/SysinternalsSuite.zip

Active Directory Explorer v1.51

This Active Directory Explorer update fixes a Windows Store packaging crash.

Autoruns v14.07

This Autoruns update can open .arn files from the command line, fixes RunDll32 parameter handling in some cases, supports toggling Active Setup entries, fixes a crash when no ProcExp can be found in the path and improves 32/64 bit redirection.

CacheSet v1.02

This CacheSet update fixes a 64 bit OS regression.

Process Monitor v3.87

This Process Monitor update fixes a series of bugs with filter file loading, ring buffer handling and improves filter dialog navigation, some UI interactions with column headers and the About dialog.

Sysmon v13.31

This Sysmon release improves handle management in the service code and restores event ID 16 contents.

--Joe

2 users thanked author for this post.

JohnW, Alex5723

Reply | Quote

I had 24 components updated.

Reply | Quote

Sysinternals Suite 2022.01.27

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ZoomIt v5.0 – ZoomIt, a screen zoom and annotation tool, now supports Windows 11 and antialiased line drawing. Note that under Windows 11 and Windows Server 2022 some UI elements might not react to mouse clicks when zoomed. The temporary workaround until a future Windows update is to store the ZoomIt executable under the Windows or the Program Files directories.

RDCMan v2.90 – RDCMan, a tool for managing and connecting to Remote Desktop sessions, receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.

Autoruns v14.08 – This Autoruns update fixes a series of application crashes, now correctly parses paths with spaces passed as command line arguments and improves .arn import functionality.

TCPView v4.17 – This TCPView update fixes a crash related to filtering by TCP version.

VMMap v3.32 – VMMap, a tool that reports the virtual memory layout of a process, now supports Windows 11.

Sysmon v13.32 – This Sysmon update fixes a conflict with FileDelete and FileDeleteDetected events in the same config.

WinObj v3.14 – This WinObj update makes the behavior of the object tree control more consistent with Windows when handling right clicks.

2 users thanked author for this post.

oldfry, joep517

Reply | Quote

Sysinternals Suite 2022.02.16

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

Autoruns v14.09

This Autoruns update fixes a bug preventing the enabling/disabling of startup folder items.

Process Monitor v3.89

This Process Monitor update fixes a crash related to context menus.

Sysmon v13.33

This Sysmon update fixes a crash occurring on Windows Server 2012 and improves memory handling for the service.

ZoomIt v5.10

This update to ZoomIt, a screen magnification and annotation tool, now supports pen and touch drawing.

--Joe

1 user thanked author for this post.

Alex5723

Reply | Quote

Sysinternals Suite 2022.05.11

“AccessChk v6.15 – This update for AccessChk, a tool that shows what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services, fixes a crash with passing long strings on the command line. Parameters previously limited to MAX_PATH characters have no length restrictions now.

RAMMAp v1.61 – This update for RAMMap, a utility that analyzes and displays physical memory usage, fixes problems with the processes tab under Windows 11 and improves the UI on scaled displays.

Sysmon v13.34 – This Sysmon update improves performance for UDP network event tracing (the NetworkConnect global option), solves a rare system hang (blue screen) when monitoring ProcessCreate events and a memory/handle leak on ImageLoad events with several exclude clauses.”

1 user thanked author for this post.

joep517

Reply | Quote

Sysinternals Suite 2022.07.19

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ZoomIt v6.0

This major update to ZoomIt, a screen magnification and annotation tool, adds built-in screen recording for easy demo recordings, and now supports Unicode typing input.

BgInfo v4.30

This update to BgInfo, a tool for writing various system information to the desktop wallpaper, now correctly reports Windows 11 and Windows Server 2022 versions.

PsExec v2.40

This update to PsExec, a command line utility for remotely launching processes on Windows computers, adds a new option, -g, for selecting the processor group.

ProcMon v3.90

This Process Monitor update improves event list filtering performance.

Sigcheck v2.90

Sigcheck, a command-line utility that shows file version, timestamp and signatures, now supports custom code integrity policy file checks.

 

--Joe

3 users thanked author for this post.

alejr, Alex5723, JohnW

Reply | Quote

Sysinternals Suite 2022.07.30

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ZoomIt v6.01

This release for ZoomIt fixes a 32 bit bug.

BgInfo v4.31

This release for BgInfo fixes a 32 bit crash.

ProcMon v3.91

This release for Process Monitor fixes an ARM64 driver load error.

 

--Joe

2 users thanked author for this post.

alejr, Alex5723

Reply | Quote

Sysinternals Suite 2022.08.16

“Sysmon v14.0 – This major update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockExecutable that prevents processes from creating executable files in specified locations. It also includes several performance improvements and bug fixes.

AccessEnum v1.34 – AccessEnum, a tool for enumerating file system and registry permissions, now supports paths longer than MAX_PATH characters.

Coreinfo v3.53 – This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now handles NUMA nodes with more than 64 processors.”

Reply | Quote

Sysinternals Suite Updated: September 29, 2022

Sysmon v14.1 – This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.

Coreinfo v3.6 – This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in counter ticks.

AccessEnum v1.35 – This update to AccessEnum, a tool that summarizes account permissions on files and folders, fixes a version number mismatch in its version information.

BgInfo v4.32 – This update to BgInfo, a tool for displaying system information on screen desktop, correctly reports Windows 11 Insider versions.

NotMyFault v4.21 – This update to NotMyFault, a tool used to crash, hang, and cause kernel memory leaks on Windows, now works on ARM64 systems.

1 user thanked author for this post.

joep517

Reply | Quote

Sysinternals Suite 2022.10.12

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ZoomIt

This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.

--Joe

1 user thanked author for this post.

Alex5723

Reply | Quote

Sysinternals Suite 2022.10.13

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ZoomIt

This update to ZoomIt fixes a crash with right-justified text input and improves multiline text handling.

--Joe

2 users thanked author for this post.

NaNoNyMouse, Alex5723

Reply | Quote

Sysinternals Suite 2022.10.26

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

Process Explorer

This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more.

Handle

This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g.

Process Monitor

This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver’s altitude.

Sysmon

This update to Sysmon, an advanced host monitoring tool, fixes a bug preventing FileDeleteDetected events reporting and adds support for ARM64.

--Joe

3 users thanked author for this post.

alejr, Alex5723, satrow

Reply | Quote

Sysinternals Suite 2022.11.03

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

ProcDump v11.0

This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds ModuleLoad/Unload and Thread Create/Exit triggers, removes Internet Explorer JavaScript support, and improves descriptive text messages.

ProcDump 1.3 for Linux

This update to ProcDump for Linux changes the CLI interface to match ProcDump for Windows, and adds a new process group trigger (-pgid) to allow monitoring all processes running in the same process group.

Process Explorer v17.01

This update to Process Explorer fixes a crash when right-clicking an empty area of the lower pane threads tab and improves menu rendering.

--Joe

3 users thanked author for this post.

JohnW, alejr, Alex5723

Reply | Quote

Sysinternals Suite 2022.11.10

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

Process Explorer v17.02

This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case.

Sysmon v14.12

This update to Sysmon fixes a bug related to volumes without file system security.

 

--Joe

1 user thanked author for this post.

alejr

Reply | Quote

Just be aware that the latest version of ProcMon (v3.92 – last updated ~October 26 in Sysinternals Suite 2022.10.26) has a bug (reported 9 days ago).

You cannot shift-click on multiple process names then use *right*-click Exclude > Process to exclude all the selected processes at once. My own tests have confirmed this.

Until things improve with QAT (Quality Assurance Testing) of Sysinternals tools – if ever – I’m going to continue using ProcMon 3.50.

1 user thanked author for this post.

Alex5723

Reply | Quote

joep517 wrote:

Process Explorer v17.02 This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case.

Be aware that a comment was added yesterday about discrepancies between Process Explorer and Task Manager‘s reporting of CPU usage They just don’t correlate as they should. For example, on my laptop:

Here Task Manager shows CPU usage running at 43% whilst Process Explorer 17.02 shows only 23.65%… a huge difference between the two.

See the last comment in 400% difference in CPU usage between “Task Manager” and “Sysinternal’s Process Explorer” for more info. Note that the thread was started on October 7th so was probably originally about Process Explorer 17.0 (?)… but noted a similar issue in 17.01. I assume the last comment a day ago is about 17.02 as my own testing confirms the issue remains… so it’s present in the current 17.0.2 and at least 2 earlier iterations of Process Explorer.

1 user thanked author for this post.

Alex5723

Reply | Quote

Task manager is known for false reporting on RAM, CPU…usage

Reply | Quote

Sysinternals Suite 2022.11.28

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

Active Directory Explorer v1.52

This update to Active Directory Explorer, an advanced Active Directory viewer and editor, fixes a crash caused by searching for strings in a snapshot longer than object names.

Contig v1.82

This update to Contig, a single-file defragmenter, adds safe DLL loading and support for long command-line arguments.

Sysmon v14.13

This update to Sysmon addresses CVE-2022-41120 by ensuring the archive directory has permissions restricted to the system account.

--Joe

2 users thanked author for this post.

alejr, NaNoNyMouse

Reply | Quote

Sysinternals Suite 2023.01.25

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

RDCMan v2.92

This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, fixes a naming error impeding plugin operation, updates the icon set, and fixes mstscax.dll load on some systems where initialization would previously fail.

Sysmon v14.14

This update to Sysmon, an advanced host monitoring tool, fixes a timeout occurring with FileDelete and FileDeleteDetected events on low-speed media.

ZoomIt v6.12

This update to ZoomIt, a screen magnification and annotation tool, eliminates drawing artifacts occurring when changing magnification, changing pen width, or combining these steps, and improves drawing settings persistence.

--Joe

3 users thanked author for this post.

alejr, Alex5723, satrow

Reply | Quote

Sysinternals Suite 2023.03.09

Download : https://download.sysinternals.com/files/SysinternalsSuite.zip

Sysmon 1.1 for Linux

This update to Sysmon for Linux, an advanced host monitoring tool, adds support for a wider range of distributions (e.g., RHEL) by leveraging BTF enabled kernels.

Contig v1.83

This release for Contig, a single-file defragmenter, fixes a bug preventing the 64-bit Contig64.exe from working, fixes a path parsing bug, and adds support for ARM64.

ProcDump 1.4.1 for Linux

This update to ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, adds the capability to generate dumps based on the contents of an exception message.

Process Monitor v3.93

Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, receives fixes for several user interface and log file bugs.

--Joe

3 users thanked author for this post.

Alex5723, Rick Corbett, alejr

Reply | Quote

joep517 wrote:

Process Monitor v3.93 Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, receives fixes for several user interface and log file bugs.

Yay… the multiple-select bug of ProcMon 3.92 has been fixed after 4 months.

Reply | Quote