First Sysinternals Updates for 2016

First Sysinternals Updates for 2016

Microsoft regularly releases updates to the Sysinternals tools – which happen to be longest running, best IT toolkit available. Invented by Mark Russinovich, who now heads the Azure team at Microsoft, these tools have saved many a SysAdmin butt over the year (mine included).

Here’s what’s been updated:

Sigcheck v2.4 – Sigcheck is command-line utility that reports image file and signing information, including information on certificates. This update brings an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the ability to take image information captured from Sigcheck on a system that is offline (not Internet connected) and then retrieve VirusTotal status another one that’s still online.

Sysmon v3.2 – Sysmon is a background service that logs security-relevant process and network activity to the Windows event log. With this update, Sysmon now has the option of logging raw disk and volume accesses.

Process Explorer v16.1 – Process Explorer does what the title professes – it allows you to browse running processes. With this update, it now includes a column in the handle view that reports the text version of handle access masks. Bug fixes are also included.

Autoruns v13.51 – Autoruns is a tool to customize (enable/disable) startup entries. This update fixes a WMI command-line parsing bug, emits a UNICODE BOM in the file generated when saving results to a text file, and adds back the ability to selectively verify the signing status of individual entries.

AccessChk v6.01 – AccessChk is a command-line utility that reports effective and actual access for many different object types. These include files, registry keys, and services. This updated version now handles accounts with long names and fixes bugs including a problem reporting of kernel object accesses when the tool is run elevated, and an issue where it inadvertently creates a registry key when querying a non-existent key.

You can grab the entire suite of Sysinternals tools from here: Sysinternals Suite

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish