SysInternals, the brainchild utilities from Mark Russinovich (currently the CTO of Microsoft Azure), are still a set of popular tools used by IT Pros everywhere. The tools are regularly updated even today and when new features are added it’s like a geek’s Christmas.
Three of the tools have been updated. Here’s what’s you’ll find in the updates:
Sysmon is now at version 4.0. Updates include: advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, more powerful filtering capabilities, allowing for both include and exclude rules to be specified for specific events types, as well as complex matching on different event fields.
Procdump now sits at version 8.0. Updates include: improved support for lightweight reflection dumps on Windows 7 and Windows 8, creates a named event that can be signaled by another process to gracefully terminate it, does more intelligent default path searches for the debugging tools libraries, and makes trigger timing and repeat behaviors consistent across trigger types.
Sigcheck gets a revision level of 2.51. Updates include: ability to cleanse newline and other characters from CSV output to prevent line breaks.
Not yet a SysInternals fan? Check out the entire suite here: https://technet.microsoft.com/en-us/sysinternals/bb842062