Sysinternals Updates Now Available for SysMon, AccessChk, and RU

Sysinternals Updates Now Available for SysMon, AccessChk, and RU

Sysinternals is, of course, the invention of Mark Russinovich who is now the esteemed CTO of Microsoft Azure. Created in 1996 and then acquired by Microsoft in 2006, Sysinternals tools are a staple of IT admins everywhere. Fortunately, even with Mark's new title and responsibilities, the Sysinternals utilities continue to get updates.

Yesterday, three of the utilities were updated with bug fixes and new features. Sysmon received the biggest update, bringing it to version 2.0. Here's what to look for…

Sysmon (now at full version 2.0) – Used as a security tool for detection and analysis, version 2.0 now provides these capabilities:

  • Driver load and image load events with signature information
  • Configurable hashing algorithm reporting
  • Flexible filters for including and excluding events
  • Support for supplying configuration via a configuration file instead of the command line

AccessChk (now at version 5.21) – Used to query and display Windows object permissions for things like registry keys, files, services and more, version 5.21 brings:

  • Reporting permissions as SDDL strings
  • New process permission types
  • A fix for a bug with showing process security descriptors

RU (now at version 1.1) – Version 1.1 of RU gets a couple minor but useful feature updates:

  • Supports loading hive files
  • Reports last write timestamp in CSV output

You can grab the individual updates or the entire stack of 46 utilities from the Sysinternals Suite page: Sysinternals Suite

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish