News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Sysinternals Suite Update

    Home Forums Tools Sysinternals Suite Update

    Viewing 15 reply threads
    • Author
      Posts
      • #115784 Reply
        PKCano
        Da Boss

        Sysinternals has been updated as follows:

        ProcDump v9

        This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.

        Autoruns v13.71

        This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images.

        BgInfo v4.22

        This release of Bginfo honors applocker policy for VB scripts specified as the source of field data.

        LiveKd v5.62

        This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store.

        Process Monitor v3.33

        Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store.

        Process Explorer v16.21

        This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate.

        https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

        8 users thanked author for this post.
      • #205886 Reply
        JSTechGeek
        AskWoody Lounger

        I use this tool frequently. psexec is the one I use the most, very handy for deploying scripts,  commands, and some basic installs , to remote machines.

        Group A | Windows 7 Pro 64-bit | Windows 10 Pro 1809 64-bit
      • #240507 Reply
        joep517
        AskWoody MVP

        Latest update December 9, 2018

        Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version.
        Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen.
        ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen.
        Sdelete 2.02 SDelete now includes a progress filter that reports progress for the disk cleaning phase that purges MFT resident files.
        Sigcheck 2.71 This release fixes a crash when attempting to scan small files (< 512 bytes) and resolves issue with incorrect timestamp being reported.
        Sysmon 8.2 This Sysmon release fixes several filtering bugs, resolves a handle leak and high CPU usage for certain filters when on Windows 7 and Windows Server 2008, and fixes a bug that could cause the service process to crash.
        VMMap 3.25 This VMMap update fixes a bug that prevented profiling a 32-bit application on a 64-bit OS.

         

         

        --Joe

      • #244327 Reply
        joep517
        AskWoody MVP

        Sysmon 8.04 released December 18, 2018

        What’s New (December 18, 2018)

        Reverted the filtering change made in 8.02 as this broke a number of configuration files. We are planning to revisit and enhance the filtering in the new year

        Fixed BSOD in legacy named pipe filter used on Windows 7 and earlier

        Fixed kernel memory leak that occurred when the configuration is reloaded

        --Joe

        1 user thanked author for this post.
      • #329636 Reply
        joep517
        AskWoody MVP

        Updates released 2019/02/18

        Sysmon 9.0
        Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification.

         

        Autoruns 13.94
        This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and cmd.exe. 

         

        --Joe

        1 user thanked author for this post.
      • #349100 Reply
        joep517
        AskWoody MVP

        Released 2019/03/05
        Sigcheck 2.72
        PsLogList 2.81

        Released 2019/03/11
        Sysmon 9.1

        Released 2019/03/16
        BgInfo 4.26

        Released 2019/03/24
        ProcMon 3.52

        Released 2019/04/04
        RAMMap 1.52

        --Joe

        1 user thanked author for this post.
      • #1628256 Reply
        joep517
        AskWoody MVP

        Released 2019/04/23

        Dbgview 4.90

        --Joe

      • #1841386 Reply
        joep517
        AskWoody MVP

        From Sysinternals blog 2019-06-12:

        Sysmon 10.0
        This release of Sysmon adds DNS query logging, reports OriginalFileName in process create and load image events, adds ImageName to named pipe events, logs pico process creates and terminates, and fixes several bugs.

        Autoruns 13.95
        This Autoruns update adds support for user Shell folders redirections.

        VMMap 3.26
        This update to VMMap, a tool for looking at the virtual and physical memory usage of a process, fixes a bug in 64-bit CLR heap reporting.

        --Joe

      • #1844752 Reply
        joep517
        AskWoody MVP

        From the Sysinternals blog 2019-06-15

        Handle v4.22
        This release of Handle fixes a race condition in the driver that could lead to a crash.

        Notmyfault v4.20
        Notmyfaultc now includes a flag that makes it wait until an event named Notmyfault is signaled before proceeding to crash or leak.

        Process Explorer v16.25
        This update to Process Explorer fixes a potential buffer overflow when processing abnormally large environment variable blocks.

        Sysmon v10.01
        This update to Sysmon fixes a memory leak in image load events that v10.0 introduced.

        --Joe

        • This reply was modified 1 year, 4 months ago by joep517. Reason: correct date
      • #1863340 Reply
        joep517
        AskWoody MVP

        2019-06-28 Updates:

        RAMMAP 1.52
        PROCEXP 16.26
        AUTORUNS 13.96
        SYSMON 10.0.0.2

        Unfortunately, I can’t find any change descriptions.

        --Joe

        1 user thanked author for this post.
        • #1863429 Reply
          satrow
          AskWoody MVP

          Descriptions here (via Günter Born).

          Autoruns v13.96
          This release of Autoruns improves the security of loading system libraries

          Process Explorer v16.26
          This update to Process Explorer fixes a memory leak when showing CPU and/or GPU history graphs, display of overflowing metrics on the process properties tab and improves security of loading system libraries.

          RAMMap v1.52
          The ARM64 version of RAMMap “RAMMap64a.exe” is now included.

          Sysmon v10.2
          This update to Sysmon includes the following fixes:
          Fixed an XML parsing error when there is a comment after a RuleGroup element
          A config dump issue when both include and exclude rules are used
          A BSOD on Windows 7 when using named-pipes

          1 user thanked author for this post.
      • #1956657 Reply
        joep517
        AskWoody MVP

        2019-09-05 updates:

        Sysmon v10.4
        This major update to Sysmon, a security event monitoring service, adds nested rule support to rule groups and “contains any” and “contains all” rule conditions for more flexible filtering, as well as several bug fixes.

        Process Explorer v16.30
        This update to Process Explorer adds a Shared Commit column to the process view, fixes a bug that caused it to terminate when it is configured to run at logon and the system went to battery, and fixes bugs that prevented the system CPU graph from correctly showing multiple sockets.

        --Joe

      • #1956663 Reply
        joep517
        AskWoody MVP

        2019-06-16 update:

        Sysmon v10.41
        Resolves a config parsing issue with 10.4.

        --Joe

        1 user thanked author for this post.
      • #2019030 Reply
        joep517
        AskWoody MVP

        2019-12-11 updates:

        Sysmon v10.42
        This update to Sysmon addresses a number of memory leaks, introduces the “Excludes Any” and “Excludes All” filtering conditions and resolves a number of bugs.

        Zoomit v4.52
        This update to Zoomit resolves a number of dual-monitor related issues.

        Whois v1.21
        This refresh of Whois contains various bug fixes.

        --Joe

        1 user thanked author for this post.
      • #2021474 Reply
        joep517
        AskWoody MVP

        2019-12-19 updates:

        Process Monitor v3.53
        This update to Process Monitor includes the following changes:

        Resolves a crash when reloading a saved file
        Fixes issues where profiling events and/or process activity summary stopped working after the GUI is closed and reopened
        Adds file information class for IRP_MN_QUERY_DIRECTORY

        Process Explorer v16.31
        This update to Process Explorer resolves a number of crashes and addresses a GDI exhaustion issue on busy systems.

        --Joe

      • #2297189 Reply
        joep517
        AskWoody MVP

        What’s New (September 17, 2020)
        Sysmon v12.0
        In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.

        Process Monitor v3.60
        This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.

        Procdump v10.0
        This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.

        ARM64 ports
        In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

        What’s New (June 24, 2020)
        Sysmon v11.10
        This update to Sysmon now captures stream content for alternate data streams into logged events, which is useful for investigating downloads tagged with ‘Mark of the Web’ (MOTW) streams, introduces an ‘is-any’ filter condition, and fixes several bugs.

        Sigcheck v2.80
        Sigcheck, a flexible tool for showing file versions, file signatures, and certificate stores, introduces a -p option for specifying a trust GUID for signature verification, and it now shows certificate signing chains even when a certificate in the chain is untrusted.

        Sysinternals June 24 Update Video
        Mark Russinovich covers what’s new in this update, with demos of Sysmon’s alternate data stream content capture and new features in Sigcheck.

        What’s New (April 28, 2020)
        Sysmon v11.0
        This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.

        Sysinternals April 27 Update Video
        Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability.

        --Joe

        5 users thanked author for this post.
      • #2304703 Reply
        Microfix
        AskWoody MVP

        System Internals Updated: October 15, 2020:
        https://download.sysinternals.com/files/SysinternalsSuite.zip

        Sysmon v12.01, VMMap 3.30, RAMMap v1.60, AccessChk v6.13 and DiskView v2.41

        VMMap v3.30
        This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.

        RAMMap
        This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.

        Sysmon v12.01
        Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.

        ARM64 ports
        New ARM64 releases for AccessChk v6.13, DiskView v2.41 and VMMap v3.30. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.

        Win8.1 Pro | Linux Hybrids | Win7 Pro O/L | WinXP O/L
    Viewing 15 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Sysinternals Suite Update

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.