Three Sysinternals Tools Improved: Sysmon, Autoruns, and RegJump

Three Sysinternals Tools Improved: Sysmon, Autoruns, and RegJump

Sysinternals utilities, the invention of Mark Russinovich who now serves as the CTO of Azure for Microsoft, has a long and stable lineage, providing fantastic capabilities and value for IT Pros. The suite of tools sees constant updates to improve functionality.

Yesterday, three of the tools were updated with new capabilities. Here's what's available:

Sysmon – now at version 3.0, Sysmon is used for monitoring system activities that could be considered potential security intrusions. New features:

  • Process name added to process terminate events

  • Remote thread creation events reporting

  • Simplicity and flexibility of filter settings improved

Autoruns – bumping the version to 13.3, Autoruns queries and displays drivers, DLLs, and other files that are to automatically run when the computer boots.

  • Reporting of GP extension DLLs added

  • The target of hosting processes like cmd.exe and rundll32.exe available for viewing

RegJump – a minor surge to version 1.1, RegJump is a registry editor tool that allows you to "jump" to specific areas in the Windows registry.

  • A new -c command-line switch to enable jumping directly to the path stored in the copy/paste clipboard

You can grab the individual updates or the entire stack of 46 utilities from the Sysinternals Suite page: Sysinternals Suite

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish