SysInternals Tools Sysmon and Autoruns Updated with Features and Bug Fixes

Sysinternals continues to be some of the most popular tools available for administrators of Windows systems. And, they continue to be updated to ensure quality and security, despite the original launch being in 1996.

Here’s what’s updated today…

Sysmon has gotten a full version upgrade and has been updated to version 8.0. This update to Sysmon adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations.

With the latest update, Autoruns now sits at version 13.90. Autoruns, a comprehensive Windows autostart entry point (ASEP) manager, now includes Runonce\*\Depend keys and GPO logon and logoff locations, as well as fixes a bug in WMI path parsing.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Sysinternals RAMMap Updated to Work with Windows 10 April 2018 Update

If you’ve been struggling getting the Sysinternals tool, RAMMap, to work with the latest feature upgrade to Windows 10, its not just you.

An incompatibility kept the tool from running properly.

An update is now available to solve this problem, taking the tool version to 1.51.

Get the update: RAMMap v1.51

RAMMap is used to show exactly how Windows is assigning physical memory, how much file data is cached in RAM, and how much RAM is used by the kernel and device drivers. RAMMap is an advanced physical memory usage analysis utility for Windows.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Sysinternals’ Sysmon Updated to v7.03 to Solve Performance Issues and Service Crash

If you’re a regular user of the Sysinternals tool, Sysmon, you’ll want to get this latest update.

Microsoft has now update the utility to version 7.03 with primary fixes to resolve a service crash and limiting file sizes that it can hash due to alleviate performance issues against SQL Server databases.

Download: Sysmon v7.03

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Sysinternals Sysmon Updated to Version 7.02

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network.

This latest update provides memory leak fixes in the thread and process tracking callbacks.

Download the latest: Sysmon v7.02

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

SysInternal Tool Bginfo Gets a Bug Fix

Microsoft just delivered an update to Bginfo a month ago to address some scaling issues for multi-monitor setups. But, apparently that update introduced a new bug that causes the utility to read ASCII text files incorrectly. Or, it could have been a bug leftover from an earlier release. Its hard to tell – but falls directly inline with normal Microsoft release operations where lingering bugs keep Microsoft developers busy and customers frustrated.

The update brings Bginfo to version 4.25 and is available from here: https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Sysinternals Sysmon Updated to Resolve Corruption Bug

Sysinternals tools remain some of the top utilities available to systems administrators and are updated regularly.

Sysmon was just updated to version 7.01. The update includes a bug fix that causes the sysmon config change event to be corrupt, as well as one that prevented registry keys from being reported with abbreviated root key names (e.g. HKLM).

Get the updated version here: Sysmon v7.01

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

Sysinternals Sysmon Utility Updated to Full Version 7.0

The Sysinternals Sysmon utility has moved to a full version with this latest update.

Sysmon v7.0 – Sysmon now logs file version information, and the option to dump the configuration schema adds the ability to dump an older schema or dump all historical schemas.

System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

SysInternals Utilities Autoruns, Bginfo, and Handle Updated

A few updates are available for SysInternals utilities.

Here’s what’s been updated:

Autoruns v13.81 This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths to result in ‘file not found’ errors, and expands the set of images not considered part of Windows for the Windows filter in order to reveal malicious files masquerading as Windows images.

Bginfo v4.23 This update to Bginfo fixes bugs that caused incorrect scaling on Windows 10 multimonitor systems.

Handle v4.11 When run on 64-bit systems, Handle now extracts the 64-bit version to the %TEMP% directory rather than the local directory.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

SysInternals Updates: Sysmon, AccessChk, Sigcheck, and Whois

Microsoft has now updated the following SysInternals utilities:

Sysmon v6.20 – Added the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence.

AccessChk v6.20 – Bug fix for an issue that could cause it to crash when looking up account effective access checks.

Sigcheck v2.60 – Fixes for catalog signing and timestamp reporting bugs, and no longer truncates publisher names that include commas.

Whois v1.20 – Updated to work with Whois registry server redirects.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

IT/Dev Connections

SysInternals Updates: Sysmon and Sigcheck

Despite some of the SysInternals tools being around for years, regular updates keeps them fresh and relevant. Recently, ProcDump, Autoruns, BgInfo, LiveKd, Process Monitor, and Process Explorer all saw updates. Today, the following have been updated:

Sysmon – updated to version v6.02. This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, fixes a bug in the named pipe monitoring logic that could cause a bluescreen crash.

Sigcheck – updated to version v2.55. This update to Sigcheck, a command-line utility that reports detailed information about images, includes a fix for a bug that caused the display of publisher names with commas to be truncated at the first comma.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections