Sysmon: New Sysinternals Tool Releases

Sysmon: New Sysinternals Tool Releases

Sysinternals utilities, the invention of Microsoft's Mark Russinovich, has a long and stable lineage, providing fantastic capabilities and value for IT Pros. For me, it's tough to say which utility is my favorite, but have probably used PsExec the most over the years. PsExec, of course, is the utility that gives IT Pros the ability to run commands on remote systems, even with elevated privileges.

On August 5, 2014, a new tool was added to the group of Sysinternals utility, taking the total utility bundle count to 71. The new utility, Sysmon, is a stay-resident service for Windows that can be installed to monitor and log system activity and record the information to the Windows event log, even if the computer is rebooted.

The value of this type of utility is that it allows administrators to record suspicious activity, helping to identify potential attacks from intruders and pinpoint occurrences of malware.

Install, uninstall, and configuration are all done from the command-line, using specific command-line switches. Details for the commands are available on the Sysmon download page:

Download: Sysmon v1.0

Download the entire bundle at once: Sysinternals Suite

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish