What's new in Sysinternals Suite Build 06.02.2023
Feb 6, 2024
- ZoomIt v8.0:
- This update to ZoomIt adds a new feature called DemoType that automates typing.
- Autoruns v14.11:
- This update to Autoruns fixes a bug parsing parameters in startup folder items.
New in Sysinternals Suite Build 13.11.2023 (Nov 14, 2023)
- Sysmon v15.11:
- This update to Sysmon resolves a bug resulting in spurious error events.
New in Sysinternals Suite Build 9.11.2023 (Nov 10, 2023)
- Sysmon v15.1:
- This update to Sysmon improves file hash and delete performance, adds a summary message on events dropped due to high system load, fixes a crash during uninstall, and fixes a system hang.
- ZoomIt v7.2:
- This update to ZoomIt adds translucent highlighter and blur to draw mode, microphone selection for recording, and copies the recorded file to the clipboard.
New in Sysinternals Suite Build 18.10.2023 (Oct 18, 2023)
New in Sysinternals Suite Build 29.09.2023 (Sep 30, 2023)
- Process Monitor v3.96:
- This update to Process Monitor speeds up the clear events operation, adds a security fix, and several bug fixes.
- SDelete v2.05:
- This update to SDelete, a command line utility for secure file deletion, fixes console output and improves command line parameter parsing.
New in Sysinternals Suite Build 26.07.2023 (Jul 26, 2023)
- ZoomIt v7.1:
- This update to ZoomIt adds audio capture to screen recording.
- Process Explorer v17.05:
- This update to Process Explorer, an advanced process, DLL, and handle viewing utility, fixes a crash generated by the process list, fixes a bug with thread affinity decoding on systems with multiple processor groups (more than 64 processors / cores), and makes Escape key handling more consistent.
- RDCMan v2.93:
- This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, re-enables the option to scale thumbnails under the display settings.
- VMMap v3.33:
- This update to VMMap, a tool that reports the virtual memory layout of a process, removes automatic loading of dbghelp.dll under "C:Debuggers".
New in Sysinternals Suite Build 27.06.2023 (Jun 28, 2023)
- Sysmon v15.0:
- This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.
- Autoruns v14.1:
- This update to Autoruns, a utility for monitoring startup items, fixes a bug with detecting non-shortcut files in startup folders, fixes a bug with handling non-UNC, non-absolute paths, and improves theming support.
- Process Monitor v3.95:
- This update to Process Monitor fixes a crash on loading certain PML files and improves boot logging.
New in Sysinternals Suite Build 07.06.2023 (Jun 7, 2023)
- This update to Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, improves handling of incomplete Procmon Log files (.pml), and restores "Copy All" functionality in the Event Properties window.
New in Sysinternals Suite Build 24.05.2023 (May 25, 2023)
- ZoomIt v7.0:
- This update to ZoomIt, a screen magnification and annotation tool, adds the ability to screen record cropped regions or a specific window, and lets you snip regions of the screen or zoomed views to the clipboard or to a file in a single gesture.
New in Sysinternals Suite Build 12.04.2023 (Apr 13, 2023)
- Sysmon v14.16:
- This Sysmon update fixes a regression on older versions of Windows.
New in Sysinternals Suite Build 11.04.2023 (Apr 11, 2023)
- PsExec v2.43:
- This update to PsExec fixes a regression with the '-c' argument.
- Sysmon v14.15:
- This update to Sysmon sets and requires system integrity on ArchiveDirectory (FileDelete and ClipboardChange events). Every existing ArchiveDirectory needs to be first deleted so that Sysmon can create it with the expected integrity and permissions.
- TCPView v4.19:
- This update to TCPView fixes a manifest configuration regression with the 32-bit binary.
New in Sysinternals Suite Build 03.04.2023 (Apr 4, 2023)
- This update to Process Explorer fixes a regression highlighting immersive processes and fixes a security bug.
New in Sysinternals Suite Build 30.03.2023 (Mar 30, 2023)
- Process Explorer v17.03:
- This update to Process Explorer, an advanced process, DLL, and handle viewing utility, adds improved packaged app support, fixes a dark mode bug, and fixes a security bug.
- PsTools v2.5:
- This update to PsTools, a suite of programs for interacting with local or remote Windows systems, fixes command-line argument processing issues in several tools.
- PsExec v2.42:
- PsExec, a light-weight telnet/ssh alternative for launching processes on Windows, now supports file paths longer than MAX_PATH characters.
- PsPing v2.12:
- PsPing, a tool implementing the standard ping functionality, alongside TCP/UDP latency and bandwidth measurements, receives bugfixes for its benchmarks, and now uses random data for communication buffers.
- PsShutdown v2.6:
- PsShutdown, a command-line utility for managing local or remote shut down, reboot, logoff, or lock for Windows computers, now displays its notification dialog on the target machine, and has a new flag, -x, for turning the monitor off, required to initiate Modern Standby where applicable.
- PsFile v1.04, PsGetSid v1.46, PsInfo v1.79, PsKill v1.17, PsList v1.41, PsLogList v2.82, PsPasswd v1.25, PsService v2.26, and PsSuspend v1.08
- have been also updated to work with long file paths and command lines.
- Sysmon 1.1.1 for Linux:
- This update to Sysmon for Linux removes support for Ubuntu 18.04, Debian 10 and includes other fixes.
- TCPView v4.18:
- TCPView, a Windows program that shows detailed listings of all TCP and UDP endpoints, receives a fix for a crash that can occur when receiving events in certain cases, and improvements for the dark mode.
New in Sysinternals Suite Build 09.03.2023 (Mar 9, 2023)
- Contig v1.83:
- This release for Contig, a single-file defragmenter, fixes a bug preventing the 64-bit Contig64.exe from working, fixes a path parsing bug, and adds support for ARM64.
- Process Monitor v3.93:
- Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, receives fixes for several user interface and log file bugs.
New in Sysinternals Suite Build 25.01.2023 (Jan 26, 2023)
- RDCMan v2.92
- This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, fixes a naming error impeding plugin operation, updates the icon set, and fixes mstscax.dll load on some systems where initialization would previously fail.
- Sysmon v14.14
- This update to Sysmon, an advanced host monitoring tool, fixes a timeout occurring with FileDelete and FileDeleteDetected events on low-speed media.
- ZoomIt v6.12
- This update to ZoomIt, a screen magnification and annotation tool, eliminates drawing artifacts occurring when changing magnification, changing pen width, or combining these steps, and improves drawing settings persistence.
New in Sysinternals Suite Build 28.11.2022 (Nov 29, 2022)
- Active Directory Explorer v1.52:
- This update to Active Directory Explorer, an advanced Active Directory viewer and editor, fixes a crash caused by searching for strings in a snapshot longer than object names.
- Contig v1.82:
- This update to Contig, a single-file defragmenter, adds safe DLL loading and support for long command-line arguments.
- Sysmon v14.13:
- This update to Sysmon addresses CVE-2022-41120 by ensuring the archive directory has permissions restricted to the system account.
New in Sysinternals Suite Build 10.11.2022 (Nov 11, 2022)
- Process Explorer v17.02:
- This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case.
- Sysmon v14.12:
- This update to Sysmon fixes a bug related to volumes without file system security.
New in Sysinternals Suite Build 03.11.2022 (Nov 3, 2022)
- ProcDump v11.0:
- This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds ModuleLoad/Unload and Thread Create/Exit triggers, removes Internet Explorer JavaScript support, and improves descriptive text messages.
- Process Explorer v17.01:
- This update to Process Explorer fixes a crash when right-clicking an empty area of the lower pane threads tab and improves menu rendering.
New in Sysinternals Suite Build 26.10.2022 (Oct 27, 2022)
- Process Explorer:
- This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more.
- Handle:
- This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g.
- Process Monitor:
- This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver’s altitude.
- Sysmon:
- This update to Sysmon, an advanced host monitoring tool, fixes a bug preventing FileDeleteDetected events reporting and adds support for ARM64.
New in Sysinternals Suite Build 13.10.2022 (Oct 14, 2022)
- This update to ZoomIt fixes a crash with right-justified text input and improves multiline text handling.
New in Sysinternals Suite Build 12.10.2022 (Oct 12, 2022)
- This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.
New in Sysinternals Suite Build 29.09.2022 (Sep 30, 2022)
- Sysmon v14.1:
- This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.
- Coreinfo v3.6:
- This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in counter ticks.
- AccessEnum v1.35:
- This update to AccessEnum, a tool that summarizes account permissions on files and folders, fixes a version number mismatch in its version information.
- BgInfo v4.32:
- This update to BgInfo, a tool for displaying system information on screen desktop, correctly reports Windows 11 Insider versions.
- NotMyFault v4.21:
- This update to NotMyFault, a tool used to crash, hang, and cause kernel memory leaks on Windows, now works on ARM64 systems.
New in Sysinternals Suite Build 16.08.2022 (Aug 17, 2022)
- Sysmon v14.0:
- This major update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockExecutable that prevents processes from creating executable files in specified locations. It also includes several performance improvements and bug fixes.
- AccessEnum v1.34:
- AccessEnum, a tool for enumerating file system and registry permissions, now supports paths longer than MAX_PATH characters.
- Coreinfo v3.53:
- This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now handles NUMA nodes with more than 64 processors.
New in Sysinternals Suite Build 19.07.2022 (Jul 20, 2022)
- This major update to ZoomIt, a screen magnification and annotation tool, adds built-in screen recording for easy demo recordings and now supports Unicode typing input.
New in Sysinternals Suite Build 11.05.2022 (May 11, 2022)
- AccessChk v6.15:
- This update for AccessChk, a tool that shows what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services, fixes a crash with passing long strings on the command line. Parameters previously limited to MAX_PATH characters have no length restrictions now.
- RAMMAp v1.61:
- This update for RAMMap, a utility that analyzes and displays physical memory usage, fixes problems with the processes tab under Windows 11 and improves the UI on scaled displays.
- Sysmon v13.34:
- This Sysmon update improves performance for UDP network event tracing (the NetworkConnect global option), solves a rare system hang (blue screen) when monitoring ProcessCreate events and a memory/handle leak on ImageLoad events with several exclude clauses.
New in Sysinternals Suite Build 16.02.2022 (Feb 17, 2022)
- Autoruns v14.09:
- This Autoruns update fixes a bug preventing the enabling/disabling of startup folder items.
- Process Monitor v3.89:
- This Process Monitor update fixes a crash related to context menus.
- Sysmon v13.33:
- This Sysmon update fixes a crash occurring on Windows Server 2012 and improves memory handling for the service.
- ZoomIt v5.10:
- This update to ZoomIt, a screen magnification and annotation tool, now supports pen and touch drawing.
New in Sysinternals Suite Build 27.01.2022 (Jan 28, 2022)
- ZoomIt v5.0:
- ZoomIt, a screen zoom and annotation tool, now supports Windows 11 and antialiased line drawing. Note that under Windows 11 and Windows Server 2022 some UI elements might not react to mouse clicks when zoomed. The temporary workaround until a future Windows update is to store the ZoomIt executable under the Windows or the Program Files directories.
- RDCMan v2.90:
- RDCMan, a tool for managing and connecting to Remote Desktop sessions, receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes.
- Autoruns v14.08:
- This Autoruns update fixes a series of application crashes, now correctly parses paths with spaces passed as command line arguments and improves .arn import functionality.
- TCPView v4.17:
- This TCPView update fixes a crash related to filtering by TCP version.
- VMMap v3.32:
- VMMap, a tool that reports the virtual memory layout of a process, now supports Windows 11.
- Sysmon v13.32:
- This Sysmon update fixes a conflict with FileDelete and FileDeleteDetected events in the same config.
- WinObj v3.14:
- This WinObj update makes the behavior of the object tree control more consistent with Windows when handling right clicks.
New in Sysinternals Suite Build 16.12.2021 (Dec 17, 2021)
- Active Directory Explorer v1.51:
- This Active Directory Explorer update fixes a Windows Store packaging crash.
- Autoruns v14.07:
- This Autoruns update can open .arn files from the command line, fixes RunDll32 parameter handling in some cases, supports toggling Active Setup entries, fixes a crash when no ProcExp can be found in the path and improves 32/64 bit redirection.
- CacheSet v1.02:
- This CacheSet update fixes a 64 bit OS regression.
- Process Monitor v3.87:
- This Process Monitor update fixes a series of bugs with filter file loading, ring buffer handling and improves filter dialog navigation, some UI interactions with column headers and the About dialog.
- Sysmon v13.31:
- This Sysmon release improves handle management in the service code and restores event ID 16 contents.
New in Sysinternals Suite Build 26.10.2021 (Oct 27, 2021)
- Autoruns v14.06:
- This Autoruns release fixes a crash happening for scheduled tasks containing spaces.
- Sysmon v13.30:
- This Sysmon update adds user fields for events, fixes a series of crash-causing bugs - for example with the Visual Studio debugger - and improves memory usage and management in the driver.
New in Sysinternals Suite Build 12.10.2021 (Oct 13, 2021)
- Autoruns v14.04
- This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.
- WinObj v3.13, Tcpview v4.16 and Process Monitor v3.86 get high DPI application icons.
- AccessEnum v1.33, CacheSet v1.01, Contig v1.81, Desktops v2.01, Disk2vhd v2.02, DiskMon v2.02, EFSDump v1.03, LoadOrder v1.02, PsShutdown v2.53, RegJump v1.11, ShareEnum v1.61, ShellRunas v1.02 get new builds with updated Windows libraries.
New in Sysinternals Suite Build 30.09.2021 (Sep 30, 2021)
- Autoruns v14.03:
- This update for Autoruns restores entries previously shown in v13.100, improves Wow64 redirection handling and entry name resolution.
New in Sysinternals Suite Build 22.09.2021 (Sep 22, 2021)
- Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.
New in Sysinternals Suite Build 01.09.2021 (Sep 2, 2021)
- Autoruns v14.01:
- This update for Autoruns fixes a regression with VirusTotal submissions introduced in v14.0.
New in Sysinternals Suite Build 18.08.2021 (Aug 18, 2021)
- Autoruns v14.0
- Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.
- RDCMan v2.83:
- This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.
- ProcDump v10.11:
- This update to ProcDump fixes a "The parameter is incorrect" error on Windows Server 2016 systems.
- Winobj v3.11:
- WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
- TCPView v4.14:
- TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
- Process Monitor v3.84:
- Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
- Process Explorer v16.43:
- This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, "medium+" for process integrity levels and has some display tweaks for systems with large memory capacity.
- Sysmon v13.24:
- This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.
New in Sysinternals Suite Build 27.07.2021 (Jul 28, 2021)
- ProcDump v10.1:
- This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds a new option (-dc) for specifying a dumpfile comment and supports "triage" dumps (-mt).
New in Sysinternals Suite Build 22.06.2021 (Jun 22, 2021)
- RDCMan v2.8:
- RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!
- AccessChk v6.14:
- This AccessChk version adds support for NULL DACL reporting.
- Process Monitor v3.83:
- ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.
- Strings v2.54:
- This Strings update improves handling of files containing long strings.
- Sysmon v13.22:
- This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.
- TCPView v4.13:
- This TCPView update fixes a bug with connection state filtering.
New in Sysinternals Suite Build 01.06.2021 (Jun 1, 2021)
- Process Monitor v3.82:
- This update to Process Monitor fixes "go to event" from context menu and introduces some UI improvements for the dark theme.
- TCPView v4.12:
- This update to TCPView fixes a bug where columns would be drawn twice.
- Process Explorer v16.42:
- This update to Process Explorer fixes a bug with signature checks.
- Sysmon v13.21:
- This update to Sysmon fixes a rare crash on process startup on x86 systems.
New in Sysinternals Suite Build 25.05.2021 (May 26, 2021)
- What's New (May 25, 2021):
- Process Monitor v3.80 Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.
- Sysmon v13.20 This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.
- TCPView v4.10 This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.
- Process Explorer v16.40 This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.
New in Sysinternals Suite Build 21.04.2021 (Apr 22, 2021)
- Process Monitor v3.70 This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.
- Sysmon v13.10 This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.
- Theme Engine This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TCPView have been updated. Expect more tools using the theme engine in the near future!
New in Sysinternals Suite Build 23.03.2021 (Mar 24, 2021)
- TCPView v4.0:
- This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
- PsExec v2.33:
- This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
- WinObj v3.02:
- This WinObj release fixes a bug that could cause it to crash.
- Sysmon v13.02:
- This Sysmon update fixes a crash that could be caused by file deletion events, fixes the "is any" rule predicate, and adds several configuration parsing performance improvements.
New in Sysinternals Suite Build 01.03.2021 (Mar 6, 2021)
- WinObj v3.01:
- This minor update to WinObj fixes a crash on exit.
New in Sysinternals Suite Build 22.02.2021 (Feb 24, 2021)
- WinObj v3.0:
- This major update to WinObj adds dynamic updates, quick search, full search, properties for more object types, as well as performance improvements. It's also the first Sysinternals tool to feature a dark theme.
- Coreinfo v3.52:
- This update to CoreInfo adds reporting for CET (shadow stack) support.
New in Sysinternals Suite Build 11.01.2021 (Jan 12, 2021)
- Sysmon v13.00:
- This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.
- Process Monitor v3.61:
- This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.
New in Sysinternals Suite Build 01.11.2020 (Jan 12, 2021)
- Sysmon v13.00:
- This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.
- Process Monitor v3.61:
- This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.
New in Sysinternals Suite Build 11.04.2020 (Nov 4, 2020)
- AdExplorer v1.50 This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the "Compare" dialog and is now available for x64 and ARM64.
- Disk Usage (DU) v1.62 This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.
New in Sysinternals Suite Build 15.10.2020 (Oct 15, 2020)
- VMMap v3.30 This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.
- RAMMap v1.60 This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets.
New in Sysinternals Suite Build 17.09.2020 (Sep 18, 2020)
- Sysmon v12.0:
- In addition to several bug fixes, this major update to Sysmon adds support for capturing clipboard operations to help incident responders retrieve attacker RDP file and command drops, including originating remote machine IP addresses.
- Process Monitor v3.60:
- This update to Process Monitor, a utility that logs process file, network and registry activity, adds support for multiple filter item selection, as well as decoding for new file system control operations and error status codes.
- Procdump v10.0:
- This release of Procdump, a flexible tool for manual and trigger-based process dump generation, adds support for dump cancellation and CoreCLR processes.
- ARM64 ports:
- In addition, several tools have been newly ported to and are now available for ARM64. These include: AdInsight v1.2, AutoLogon v3.1, Autoruns v13.98, ClockRes v2.1, DebugView v4.9, DiskExt v1.2, FindLinks v1.1, Handle v4.22, Hex2Dec v1.1, Junction v1.07, PendMoves v1.02, PipeList v1.02, Procdump v10.0, Process Explorer v16.32, RegDelNull v1.11, RU v1.2, Sigcheck v2.8, Streams v1.6, Sync v2.2, VMMap v3.26, WhoIs v1.21 and ZoomIt v4.52. Download all ARM64 tools in a single download with the Sysinternals Suite for ARM64.
New in Sysinternals Suite Build 15.07.2020 (Jul 15, 2020)
- Sysmon v11.11:
- This update to Sysmon fixes a bug that prevented USB media from being ejected, an issue that could stop network event logging and a resulting memory leak, and logs file delete events for delete-on-close files.
New in Sysinternals Suite Build 27.04.2020 (Apr 29, 2020)
- Sysmon v11.0:
- This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.
New in Sysinternals Suite Build 11.12.2019 (Dec 11, 2019)
- Sysmon v10.42:
- This update to Sysmon addresses a number of memory leaks, introduces the "Excludes Any" and "Excludes All" filtering conditions and resolves a number of bugs.
- Zoomit v4.52:
- This update to Zoomit resolves a number of dual-monitor related issues.
- Whois v1.21:
- This refresh of Whois contains various bug fixes.
New in Sysinternals Suite Build 11.06.2019 (Jun 12, 2019)
- Sysmon 10.0:
- This release of Sysmon adds DNS query logging, reports OriginalFileName in process create and load image events, adds ImageName to named pipe events, logs pico process creates and terminates, and fixes several bugs.
- Autoruns 13.95:
- This Autoruns update adds support for user Shell folders redirections.
- VMMap 3.26:
- This update to VMMap, a tool for looking at the virtual and physical memory usage of a process, fixes a bug in 64-bit CLR heap reporting.
New in Sysinternals Suite 1.0 Build 06.06.2018 (Jul 6, 2018)
- Sysmon v8.0:
- This update to Sysmon adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations.
- Autoruns 13.90:
- Autoruns, a comprehensive Windows autostart entry point (ASEP) manager, now includes Runonce*Depend keys and GPO logon and logoff locations, as well as fixes a bug in WMI path parsing.
New in Sysinternals Suite 1.0 Build 11.05.2018 (May 14, 2018)
- Sysmon 7.03 This update to Sysmon fixes a service executable crash that could result from long file names, and does not hash files larger than 2GB to avoid causing performance issues with SQL Server’s large alternate data streams it places on database files.
New in Sysinternals Suite 1.0 Build 26.04.2018 (Apr 30, 2018)
- Sysmon v7.02:
- Fixes memory leaks in its thread and process tracking callbacks.
New in Sysinternals Suite 1.0 Build 13.02.2018 (Feb 19, 2018)
- Process Monitor v3.50:
- Process Monitor now includes a /runtime switch to control headless capture duration, correctly shows picoprocesses, displays details for file system APIs introduced in Windows 10, and includes numerous minor improvements and bug fixes.
- Autoruns v13.82:
- This Autoruns release shows Onenote addins and fixes several bugs.
- Du v1.61:
- This update to Disk Usage (Du) handles paths greater than MAX_PATH (260 characters) in length.
- SDelete v2.01:
- SDelete v2.01 fixes a bug that could cause it to hang with the progress indicator at 100%.
New in Sysinternals Suite 1.0 Build 12.09.2017 (Sep 14, 2017)
- Sysmon v6.10:
- This update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, adds monitoring of WMI filters and consumers, an autostart mechanism commonly used by malware, and fixes a bug in image load filtering.
- Process Monitor v3.40:
- Process Monitor, a file system registry, process and network real-time monitor, now includes a /runtime switch for terminating monitoring after a specified amount of time, when in hexadecimal mode shows process tree process IDs in hexadecimal, and fixes a bug in automated boot log conversion.
- Autoruns v13.80:
- This release of Autoruns, a utility for viewing and managing autostart execution points (ASEPs), adds additional autostart entry points, has asynchronous file saving, fixes a bug parsing 32-bit paths on 64-bit Windows, shows the display name for drivers and services, and fixes a bug in offline Virus Total scanning.
- AccessChk v6.11:
- This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, adds a cache to improve queries that enumerate multiple objects, and has the -s switch start container enumeration at the specified container when -d is specified.
New in Sysinternals Suite 1.0 Build 14.06.2017 (Jun 19, 2017)
- Sysmon v6.03:
- This release of Sysmon fixes a bug that prevented imageload include filters from working in some configurations.
New in Sysinternals Suite 1.0 Build 22.05.2017 (Jun 19, 2017)
- Sysmon v6.02:
- This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, fixes a bug in the named pipe monitoring logic that could cause a bluescreen crash.
- Sigcheck v2.55:
- This update to Sigcheck, a command-line utility that reports detailed information about images, includes a fix for a bug that caused the display of publisher names with commas to be truncated at the first comma.
New in Sysinternals Suite 1.0 Build 16.05.2017 (May 16, 2017)
- ProcDump v9:
- This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.
- Autoruns v13.71:
- This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images.
- BgInfo v4.22:
- This release of Bginfo honors applocker policy for VB scripts specified as the source of field data.
- LiveKd v5.62:
- This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store.
- Process Monitor v3.33:
- Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store.
- Process Explorer v16.21:
- This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate.
New in Sysinternals Suite 1.0 Build 17.02.2017 (May 16, 2017)
- Sysmon v6:
- This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “How to Go From Responding to Hunting with Sysinternals Sysmon.”
- Autoruns v13.7:
- Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMIDefault namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays.
- AccessChk v6.1:
- This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes.
- Process Monitor v3.32:
- This update of Process Monitor, a file system registry, process and network real-time monitor, adds an option to display process and thread IDs in hexadecimal format, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- Process Explorer v16.2:
- The latest release of Process Explorer, a powerful process management and diagnostic utility, fixes a bug listing Wow64 thread stacks, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- LiveKd v5.61:
- This release of LiveKd, a live-system kernel debugger and dump generator, includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
- BgInfo v4.21:
- This update to BgInfo, a utility that adds system information to the desktop background, fixes a bug that prevented the standalone 64-bit version from working.
New in Sysinternals Suite 1.0 Build 29.08.2016 (Aug 29, 2016)
- Sysmon v4.12:
- This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, now reports the status of CRL checking and fixes a bug where certain configuration files could cause the driver to blue screen.
- Sigcheck v2.54:
- This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, fixes a bug that could result in it reporting signed files that have been modified as having a valid signature.
- Autologon v3.1:
- Autologon, a utility that configures Windows to automatically log on a specified user account after booting, now validates the entered credentials before accepting them.
- Process Monitor v3.31:
- This release of Process Monitor, an advanced real-time file system, registry, process, image and network monitoring tool, fixes a bugs that caused it to crash when processing some boot logs and when saving logged events to a backing file.
New in Sysinternals Suite 1.0 Build 04.07.2016 (Jul 4, 2016)
- Sysinternals Support for Nano Server:
- Over 40 of the Sysinternals tools now support Nano Server! The Nano versions are also compatible with 64-bit Windows and have “64.exe” as their suffix in the download files. Many of the updated tools include bug fixes as well. Check out the Channel 9 Defrag Tools episode where Mark and Andrew Mason, Program Manager for Nano Server, describe Nano Server, show how the tools work on Nano Server, and describe how the tools were ported.
New in Sysinternals Suite 1.0 Build 28.04.2016 (Apr 28, 2016)
- Sysmon v4.0:
- This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, allowing for both include and exclude rules to be specified for specific events types, as well as complex matching on different event fields.
- Procdump v8.0:
- Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, now creates a named event that can be signaled by another process to gracefully terminate it, does more intelligent default path searches for the debugging tools libraries, and makes trigger timing and repeat behaviors consistent across trigger types.
- Sigcheck v2.51:
- This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now cleanses newline and other characters from CSV output to prevent line breaks.
New in Sysinternals Suite 1.0 Build 02.02.2016 (Feb 3, 2016)
- Sigcheck v2.5:
- This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers.
- Sysmon v3.21:
- This update fixes a paged pool leak of token objects when image logging is enabled.
- Process Explorer v16.11:
- This release of Process Explorer, a powerful process management utility, fixes a bug that caused it to crash when it encountered an image with a path length longer than a few thousand characters.
- Whois v1.13:
- Whois, a command-line utility that reports domain name ownership information for the specified name or IP address, now includes a fix for a bug that would cause it to crash when passed an IP address with no DNS mapping.
- RAMMap v1.5:
- This update to RAMMap, a utility that shows detailed information about physical memory usage, works on the latest version of Windows 10.
New in Sysinternals Suite 1.0 Build 04.01.2016 (Jan 5, 2016)
- Sigcheck v2.4:
- This update to Sigcheck, a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the ability to take image information captured from Sigcheck on a system disconnected from the Internet and obtain VirusTotal status from one that’s connected.
- Sysmon v3.2:
- This release of Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, now has the option of logging raw disk and volume accesses, operations commonly performed by malicious toolkits to read information by bypassing higher-level security features. Thanks to David Magnotti for the contribution.
- Process Explorer v16.1:
- Process Explorer now includes a column in the handle view that reports the text version of handle access masks, as well as several bug fixes including one that would result in the suspension of .NET threads when viewed via the stack dialog.
- Autoruns v13.51:
- This release of Autoruns, a comprehensive autostart entry manager, fixes a WMI command-line parsing bug, emits a UNICODE BOM in the file generated when saving results to a text file, and adds back the ability to selectively verify the signing status of individual entries.
- AccessChk v6.01:
- This release of AccessChk, a command-line utility that reports effective and actual access for many different object types including files, registry keys, and services, now handles accounts with long names, fixes a bug that prevented reporting of kernel object accesses when run elevated, and fixes the inadvertent creation of a registry key when querying a non-existent key.
New in Sysinternals Suite 1.0 Build 26.10.2015 (Oct 27, 2015)
- Autoruns v13.5:
- This update to Autoruns, the most comprehensive autostart viewer and manager available for Windows, now shows 32-bit Office addins and font drivers, and enables resubmission of known images to Virus Total for a new scan.
- Sigcheck v2.30:
- Sigcheck, a command-line utility for displaying detailed file version information, image signing status, catalog and certificate store contents, includes updated Windows 10 certificate OIDs, support for checking corresponding MUI (internationalization strings) files for more accurate version data, and now shows the version company name as well as signature publisher for signed files.
- RAMMap v1.4:
- This release of RAMMap, a tool that reports detailed information about physical memory usage, is compatible with Windows 10 and includes a bug fix that could cause a crash when a long file name was scrolled into view in the file summary page.
- BgInfo v4.21:
- BgInfo, a utility that displays customization text and system information on the desktop wallpaper, now correctly reports Windows 10 and Windows Server 2016, and fixes a bug that could cause incorrect desktop bitmap sizes on systems with high DPI.
- Sysmon v3.11:
- Sysmon is a system utility that logs security relevant process, network and file events to the event log. This update fixes a memory leak for DLL image load event monitoring and removes a misleading warning when processing configuration files.
- ADInsight v1.2:
- ADInsight, a real-time monitoring tool, now includes support for 64-bt Windows as well as numerous bug fixes.
New in Sysinternals Suite 1.0 Build 20.07.2015 (Oct 27, 2015)
- Sysmon v3.1:
- This update to Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, adds information about the thread initialization function for CreateRemoteThread events, including the DLL and function name and address. It also changes the format of timestamps to allow for simple string sorting and fixes several bugs.
- LogonSessions v1.3:
- LogonSessions, a command-line utility that reports information about Windows authentication sessions including the user, authenticating server, time a session was created, and processes running in a session, now includes options for emitting CSV and tab-delimited output for easy import into Excel and other applications.
- VMMap v3.21:
- This update to VMMap, an advanced utility that shows a detailed breakdown of a process’s virtual and physical memory usage, fixes a bug where unused memory was reported as commited, and another that omitted call-tree summary statistics.
New in Sysinternals Suite 1.0 Build 26.05.2015 (May 27, 2015)
- AccessChk v6.0:
- This update to AccessChk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, can now show the permissions and security descriptors assigned to event logs, and incorporates owner-rights accesses in its permissions evaluations.
- Autoruns v13.4:
- Autoruns, the most comprehensive utility available for showing what executables, DLLs, and drivers are configured to automatically start and load, now reports Office addins, adds several additional autostart locations, and no longer hides hosting executables like cmd.exe, powershell.exe and others when Windows and Microsoft filters are in effect.
- Process Monitor v3.2:
- Process Monitor, a real-time system monitoring utility that captures registry, file system, process and thread, CPU, DLL and network activity, adds an option to show all file system values in hexadecimal, adds additional error code and file system control strings, and fixes a bug that prevented boot capture on Windows 10.
- VMMap v3.2:
- This release of VMMap, a powerful tool for analyzing the virtual and physical memory usage of a process, fixes a bug that prevented it from working with the 2 TB reserved memory region introduced to support Control Flow Guard (CFG).
New in Sysinternals Suite 1.0 Build 20.04.2015 (Apr 21, 2015)
- Sysmon v3.0:
- This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, adds the process name to process terminate events, reports remote thread creation events, and improves the simplicity and flexibility of filter settings.
- Autoruns v13.3:
- Autoruns, a utility that shows what processes, DLLs, and drivers are configured to automatically load, adds reporting of GP extension DLLs and now shows the target of hosting processes like cmd.exe and rundll32.exe.
- Regjump v1.1:
- Regjump, a command-line utility that navigates Regedit to the registry path specified as a parameter, adds the -c option to jump to the path stored in the copy/paste clipboard.
- Process Monitor v3.11:
- This update to Process Monitor, an interactive system activity monitoring utility, fixes a bug that could cause a crash in the stack summary dialog and a bug that could prevent boot monitoring from working on Windows 10.
New in Sysinternals Suite 1.0 Build 10.03.2015 (Mar 11, 2015)
- LiveKd v5.4:
- This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2.
- Autoruns v13.2:
- In addition to bug fixes to CSV and XML output, Autorunsc introduces import-hash reporting, and Autoruns now excludes command-line and other host processes from the Microsoft and Windows filters.
- Sigcheck v2.2:
- This release of Sigcheck, a command-line tool that reports file version, code signing, and hash information, introduces import-hash reporting and support for files larger than 4 GB.
- Process Explorer v16.05:
- Process Explorer now includes a Protection column that shows process protection status.
New in Sysinternals Suite 1.0 Build 29.01.2015 (Jan 30, 2015)
- Autoruns v13.0:
- This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines. It also includes a revamped scanning architecture that supports dynamic filters, including a free-form text filter, a greatly improved compare feature that highlights not just new items but deleted ones as well, and file saving and loading that preserves all the information of a scan.
New in Sysinternals Suite 1.0 Build 19.01.2015 (Jan 20, 2015)
- Sysmon v2.0:
- This major update to Sysmon, a service that records process activity to the Windows event log for use by incident detection and forensic analysis, includes driver load and image load events with signature information, configurable hashing algorithm reporting, flexible filters for including and excluding events, and support for supplying configuration via a configuration file instead of the command line.
- AccessChk v5.21:
- This update to Accesschk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, adds an option to report permissions as SDDL strings, adds new process permission types, and fixes a bug with showing process security descriptors.
- RU v1.1:
- RU (Registry Usage), a command-line tool that shows registry usage by key, now supports loading hive files (with the side-effect of compressioning them when done) and reports last write timestamp in CSV output.
New in Sysinternals Suite 1.0 Build 11.09.2014 (Sep 12, 2014)
- Handle v4: Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes.
- ProcDump v7.01: This release fixes several bugs, including one that affects the UI hang trigger, one that causes misnamed dump files for reflected dumps, and another that would cause .NET applications Procdump monitors for first-chance exceptions to terminate with Procdump.
- Process Explorer v16.04: This update fixes a bug in Virus Total file submission that could cause a crash, and now shows Windows Store package names on the Image page of the process properties dialog.
- RegJump v1.02: Regjump, a utility that opens Regedit to the registry key specified as a command-line argument, now works on 64-bit Windows.
- Autoruns v12.03: This update to Autoruns adds the registered HTML file extension, fixes a bug that could cause disabling of specific entry types to fail with a “path not found” error, and addresses another that could prevent the Jump-to-image function from opening the selected image on 64-bit Windows.
New in Sysinternals Suite 1.0 Build 18.08.2014 (Aug 20, 2014)
- Autoruns v12.02: This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC.
- Coreinfo v3.31: This update fixes a bug that could prevent the Coreinfo driver from loading.
- Sysmon v1.01: This fixes the manifest registration so that Sysmon event logs can be interpreted without installing Sysmon, and now includes unique UDP connections within 15-minute intervals.
- Whois v1.12: This release fixes the verbose output to not show the final record twice.
New in Sysinternals Suite 1.0 Build 05.08.2014 (Aug 9, 2014)
- Sysmon v1.0: We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers, and correlate events across your network to track them as they traverse your network.
- Autoruns v12.01: This update to Autoruns, a utility that comes in Windows application and command-line forms, has numerous bug fixes, adds a profile attribute/column to CSV and XML output, and interprets the CodeBase value for COM object registrations.
- Coreinfo v3.3: Coreinfo is a command-line utility that reports comprehensive information about a system’s processors, including their cache sizes and topology, memory latency, and processor features, now reports virtual memory address width as well as support for many additional instructions, including PT, SHA, MPX, CFLUSHOPT, and AVX variants.
- Procexp v16.03: This release of Process Explorer, a process viewing and control utility, fixes several bugs, including one where moving the mouse over the information graphs could cause it to crash and another that could cause a crash when checking Virus Total results.
New in Sysinternals Suite 1.0 Build 13.05.2014 (May 14, 2014)
- Autoruns v12.0: This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware.
- Procdump v7.0: Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger.
New in Sysinternals Suite 1.0 Build 02.05.2014 (May 3, 2014)
- AccessChk v5.2:
- This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options for viewing accesses related to specified accounts and now includes the System Access Control List (SACL) when it dumps security descriptors.
- PsExec v2.11:
- This release to PsExec, a command-line remote execution utility, fixes a bug in the implementation of the -s (execute as local system) option on Windows Server 2003.
- Sigcheck v2.1:
- This update to Sigcheck, a command-line utility that shows file version and digital signature information, now reports a file’s entropy (average bits/byte required to encode its data), can dump information about catalog files including the hashes they store, and can list the certificates installed in the per-user and machine certificate store.
- VMMap v3.12:
- This release of VMMap, a tool for analyzing process virtual and physical memory usage, fixes a bug affecting queries of files stored on file shares, fixes a bug in copy-to-clipboard of 64-bit addresses, now reports an error when attempting to open stacks on loaded traces, and fixes a bug in the reserved memory working set calculation.
New in Sysinternals Suite 1.0 Build 07.03.2014 (Mar 8, 2014)
- Process Explorer v16.02:
- This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window
- Process Monitor v.3.1:
- This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor apply the current filter to the output file as it saves it
- PSExec v2.1:
- This update to PsExec, a command-line utility that enables you to execute programs on remote systems without preinstalling an agent, encrypts all communication between local and remote systems, including the transmission of command information such as the user name and password under which the remote program executes
- Sigcheck v2.03:
- This version corrects a bug that caused the output of the –u switch to include signed files, and fixes several other minor bugs
New in Sysinternals Suite 1.0 Build 04.02.2014 (Feb 5, 2014)
- Process Explorer v16.01: This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures.
- Sigcheck 2.02: This release fixes a bug that caused the –u switch to filter results incorrectly.
New in Sysinternals Suite 1.0 Build 29.01.2014 (Jan 30, 2014)
- Process Explorer v16.0: Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.
- PsPing v2.01: This minor update improves the usage help text.
New in Sysinternals Suite 1.0 Build 21.01.2014 (Jan 22, 2014)
- Disk2vhd v2.01: This update fixes a bug that could result in Disk2vhd crashing when converting to VHDX format and adds a command-line switch, -c, to have Disk2vhd use online copy instead of Volume Shadow Copy
- PsPing v2.0: This is a major release to PsPing, a command-line utility that tests network bandwidth and latency. Version 2.0 adds UDP latency and bandwidth testing, support for timed tests, introduces custom histogram support, has an option for automatically opening Windows firewall ports during execution, and includes usability enhancements
New in Sysinternals Suite 1.0 Build 19.12.2013 (Dec 20, 2013)
- Coreinfo v3.21: CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting
- Disk2vhd v2.0: Disk2vhd, a utility for performing physical-to-virtual conversion of Windows systems, adds support for VHDX-formatted VHDs (thanks to Brendan Gruber for contributions), now supports WinRE volumes, can capture removable media, and includes an option to capture live volumes instead of relying on volume shadow copy (VSS)
- LiveKd v5.31: LiveKd is a utility for performing live kernel debugging of native systems and virtual machines from the host operating system. This release fixes a debugger help library search bug and fixes a bug in Windows 8/Windows Server 2012 mirror dump support
New in Sysinternals Suite 1.0 Build 01.11.2013 (Nov 2, 2013)
- RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
- Sigcheck v2.01: This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files.
New in Sysinternals Suite 1.0 Build 28.10.2013 (Oct 29, 2013)
- RAMMap v1.31: This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
New in Sysinternals Suite 1.0 Build 23.10.2013 (Oct 24, 2013)
- PsExec v2.0: PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.
- RAMMap v1.3: RAMMap, a graphical utility that provides a comprehensive breakdown of physical memory usage by usage type and process, is updated to work on Windows 8.1.
- Sigcheck v2.0: This major update to Sigcheck, a command-line file version and digital signature verification utility, adds integration with the VirusTotal antivirus scanner aggregation service. Sigcheck can now check the status of a file against over 40 antivirus engines and launch the associated online VirusTotal report, and even upload files for scanning that have not already been scanned by VirusTotal. This release also reports the machine type of executable images, whether 16-, 32-, or 64-bit.
New in Sysinternals Suite 1.0 Build 01.08.2013 (Aug 2, 2013)
- Autoruns v11.70: This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under.
- Bginfo v4.20: BgInfo, a utility that creates custom desktop backgrounds that display system information, now correctly reports version information for Windows 8.1 and Windows Server 2012 R2.
- Disk2vhd v1.64: This update to Disk2Vhd, a tool for converting physical system disks to VHDs for use by virtual machines, now supports disk sizes of up to 2 TB.
- Process Explorer v15.40: Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems.
New in Sysinternals Suite 1.0 Build 01.07.2013 (Jul 2, 2013)
- Autoruns v11.62: This release fixes a bug in version 11.61’s jump-to-image functionality.
New in Sysinternals Suite 1.0 Build 20.06.2013 (Jun 21, 2013)
- Autoruns v11.61: Autoruns is a utility for managing autostarting applications, DLLs and services. This update adds more autostart locations, fixes a bug that could cause a crash when Autorunsc is directed to calculate file hashes, and fixes a bug in Autoruns’ jump-to-image functionality on 64-bit Windows
- Strings v2.52: This release fixes a bug that prevented the previous one from running on Windows XP
- Zoomit v4.5: Zoomit is a screen zooming and annotation tool for technical presentations. This release introduces better support for zooming in on Windows 8 Windows Store applications
New in Sysinternals Suite 1.0 Build 04.06.2013 (Jun 5, 2013)
- Autoruns v11.6: Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.
- Sigcheck v1.92: Sigcheck is a command-line utility for reporting image version and signature information. With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.
- Process Explorer v15.31: Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view.
- Process Monitor v3.05: Process Monitor is a powerful file, registry, process, thread and network monitoring tool. This update adds a context-menu entry that opens the filter edit dialog with contents prepopulated with the specified row and column value.
New in Sysinternals Suite 1.0 Build 27.03.2013 (Mar 28, 2013)
- Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
- Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.
- ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.
- Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.
- Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.
New in Sysinternals Suite 1.0 Build 04.02.2013 (Feb 6, 2013)
- Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories.
- Process Explorer v15.3: This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting.
- Sigcheck v1.91: This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner.
- Zoomit v4.42: Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases.
New in Sysinternals Suite 1.0 Build 29.01.2013 (Feb 1, 2013)
- Autoruns v11.42 : This release fixes a bug in the parsing of network file paths introduced in v11.41.
New in Sysinternals Suite 1.0 Build 24.01.2013 (Jan 25, 2013)
- Autoruns v11.41: This Autoruns update reports the hosting image target of link shortcut references.
- Handle v3.51: This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting.
- Movefile v1.01: Movefile, a utility for scheduling file delete and rename operations for when the system reboots, now correctly handles 64-bit system paths.
- Procdump v5.13: This update to Procdump, a command-line utility that generates on-demand and trigger-based process crash dump files, now supports triggers for when process CPU usage, memory consumption or arbitrary performance counters fall below a specified value.
- Sigcheck v1.9: Sigcheck, a command-line file-version and signature verification tool, now reports certificate publisher names, capitalizes hash values, and fixes a certificate chain validation bug.
New in Sysinternals Suite 1.0 Build 11.01.2013 (Jan 12, 2013)
- Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.
- Procdump v5.12: This Procdump update fixes a bug introduced in v5.11 where it doesn’t save information required by the !runaway debugger command.
- SDelete v1.61: SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments
New in Sysinternals Suite 1.0 Build 06.12.2012 (Dec 7, 2012)
- ZoomIt v4.41: This update fixes a bug in ZoomIt v4.4 that prevented it from running on 32-bit Windows XP.
New in Sysinternals Suite 1.0 Build 04.12.2012 (Dec 5, 2012)
- DebugView v4.81: Version 4.81 of DebugView, a utility that logs user and kernel-mode debug output messages, fixes a bug that could cause it on some executions to fail to capture debug output and enter a CPU-bound loop.
- ProcDump v5.11: This release of ProcDump fixes a bug introduced in version 5.1 that prevented it from working on 32-bit Windows XP.
- ZoomIt v4.4: This update to ZoomIt, a screen magnification and annotation utility, includes smoother zooming behavior, adds the ability to specify the initial zoom level, and maintains the window focus when initiating live zooming.
New in Sysinternals Suite 1.0 Build 15.11.2012 (Nov 17, 2012)
- AdExplorer v1.44: This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas.
- Contig v1.7: Contig is a command-line file defragmentation and fragmentation analysis utility. v1.7 has more detailed fragmentation analysis reporting, fixes a bug that enables creation of contiguous files larger than 8GB, and adds support for setting the valid data length on files to avoid zero-fill overhead.
- Coreinfo v3.2: Coreinfo, a command-line utility that dumps processor topology and feature support, now reports the presence of many additional features, including SMAP, RDSEED, BMI1, ADX, HLE, RTM, and INVPCID.
- Procdump v5.1: This major update to Procdump, a command-line utility for creating process crash dump files based on triggers or on-demand, adds support for Silverlight applications and the ability to register Procdump as the just-in-time (JIT) debugger for more advanced scenarios.
New in Sysinternals Suite 1.0 Build 18.10.2012 (Oct 20, 2012)
- Coreinfo v3.1: This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep.
- Desktops v2.0: Desktops, a virtual desktop utility for Windows that lets you create up to three additional workspaces, is now compatible with Windows 8, properly supporting Winkey hotkey sequences (like Winkey+R to bring up the Run dialog) on alternate desktops and switching back to the primary desktop’s start screen when you hit Winkey.
- Livekd v5.3: LiveKd, a command-line utility that enables you to use the Windows kernel debuggers to examine live systems as well as virtual machines, now support Windows 8.
- PsPasswd v1.23: PsPasswd, a Pstools utility for remoting changing local machine passwords, now includes support for changing domain account passwords.
- Testlimit v5.22: This release of TestLimit, an educational tool for testing the way Windows handles exhaustion of various resource types such as system commit, fixes an output formatting bug that could have it report KB instead of MB.
- Whois v1.11: Whois v1.11, a tool for looking up domain name registration information, includes bug fixes that could cause it to crash if provided with malformed domain name input strings.
New in Sysinternals Suite 1.0 Build 02.10.2012 (Oct 4, 2012)
- PsPing v1.0: PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.
- DebugView v4.8: This release of DebugView, a debug output monitoring utility, addresses a bug that could cause DebugView to blue screen on “checked build” (debug) versions of Windows.
- Process Explorer v15.23: This update to Process Explorer adds the ability to view the process token of protected processes, fixes a bug that causes a crash when viewing thread stacks on Windows XP, and fixes a bug that causes a crash when running on Windows PE.
- Sigcheck v1.81: This update to Sigcheck, a command-line utility for analyzing the digital signatures of executable images, fixes a bug that could cause it to crash when reporting the signing status of images that have invalid signatures.
New in Sysinternals Suite 1.0 Build 10.09.2012 (Sep 12, 2012)
- Autoruns v11.34: This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions.
- ProcDump v5.0: Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 5.0 is a major upgrade that adds the ability to configure exception filters based on managed and native exception types, extends support to Windows 8 modern applications, and integrates with Process Monitor’s debug output logging.
- Sigcheck v1.8: This update to Sigcheck, a command-line file version and digital signature verification utility, shows detailed certificate information such as certificate usage, validity dates, and thumbprints, and also shows a file’s counter-signing chain if it has one.
- VMMap v3.11: VMMap, a utility that shows detailed information about a process’ virtual and physical memory usage, now reports commit usage instead of working set in its timeline view and fixes a bug that enables export of captures of 32-bit processes.
New in Sysinternals Suite 1.0 Build 03.08.2012 (Aug 6, 2012)
- AccessChk v5.1:
- This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.
- Autoruns v11.33:
- This fixes a bug that caused the run as administrator elevation to fail if Autoruns was started from a path with spaces.
- Coreinfo v3.05:
- Coreinfo, a tool that shows CPU features, cache sizes, and topology, now correctly shows hyperthreading support on AMD multicore systems and lists processor features on Windows XP.
- Whois v1.1:
- Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.
New in Sysinternals Suite 1.0 Build 18.07.2012 (Jul 19, 2012)
- ZoomIt v4.31 : This release fixes a bug that caused ZoomIt to sometimes report an error when dismissing the options dialog.
New in Sysinternals Suite 1.0 Build 16.07.2012 (Jul 17, 2012)
- Handle v3.5:
- This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.
- Process Explorer v15.22:
- This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit Windows Server 2003.
- Process Monitor v3.03:
- A bug that caused some symbols to not resolve in stack traces is fixed in this release.
- RAMMap v1.21:
- This fixes a bug that causes RAMMap to sometimes report an error on 32-bit versions of Windows.
- ZoomIt v4.3:
- This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.
New in Sysinternals Suite 1.0 Build 28.06.2012 (Jun 29, 2012)
- Autoruns v11.32:
- This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.
- Process Explorer v15.21:
- This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.
- Process Monitor v3.02:
- This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.
- PsKill v1.15:
- This fixes a bug in the remote kill functionality introduced by the v1.14 update.
- RAMMap v1.2:
- This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.
New in Sysinternals Suite 1.0 Build 06.06.2012 (Jun 8, 2012)
- Process Explorer v15.2:
- This major update to Process Explorer, a Task Manager replacement, merges Autoruns functionality by adding a new Autostart Location column and property to the process and DLL views that indicates where an image is configured to automatically start or load. It also adds .NET stack walking support to the thread stack dialog, adds a process timeline column that graphically depicts a process’s lifetime relative other processes, and uses the Windows 8 private ETW logger which enables better coexistence with other ETW-based tools.
New in Sysinternals Suite 1.0 Build 21.05.2012 (May 24, 2012)
- Autoruns v11.31: This fixes a bug that caused Autoruns to not automatically refresh when relaunched from the “Run as Administrator” menu option.
- DebugView 4.79: This update fixes an incompatibility with Windows XP 32-bit that was introduced in the v4.78 release.
New in Sysinternals Suite 1.0 Build 14.05.2012 (May 15, 2012)
- Autoruns v11.3:
- This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs.
- LiveKd v5.2:
- LiveKd, a command-line utility for performing live read-only debugging of the local system and virtual machines, now includes an option that has it generate a fully-consistent kernel dump file of a running system.
- Strings v2.5:
- Strings, a command-line utility that dumps a file’s printable UNICODE and ASCII strings, adds an option to specify the starting offset in the file from where it will scan for strings.
- Trojan Horse, Mark’s Sequel to Zero Day, Available for Pre-Order:
- The sequel to Mark’s popular cyberthriller Zero Day is now available for pre-order. Check out the video trailer, learn more about Jeff Aiken’s fight against cyber-espionage on a global scale, and preorder your hard cover or ebook copy today at the Trojan Horse web site.
New in Sysinternals Suite 1.0 Build 16.04.2012 (Apr 18, 2012)
- NotMyFault: Notmyfault is a tool used in the Windows Internals books to show how common device driver bugs affect a system. This update includes numerous enhancements contributed by Dan Pearson, including new crash types, a revamped user interface, and it reports of the amount of pool it has leaked.
- Process Monitor v3.01: This update to Process Monitor, a real-time file, registry, process and network monitor, adds decoding of several new Windows 8 file system control codes, including offload read and write, and now obtains image version information for 32-bit DLLs when run on 64-bit Windows.
- TestLimit v5.2: Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
New in Sysinternals Suite 1.0 Build 23.03.2012 (Mar 24, 2012)
- Autoruns v11.22
- Process Monitor v3.0: This update to Process Monitor, a real-time file, registry, process and network monitor, adds bookmark support so that you can flag specific lines in a trace for easy reference later. Shortcut keys enable you to move quickly between bookmarks and you can even add bookmarks to existing trace files. You can also convert a highlight filter to an include filter and shortcut keys move between highlighted lines. Additional features include process create events add the complete contents of the new process environment block as well as the starting current directory. Finally, process Monitor now records process environment variables and current working directory for process create events (thanks to Dmitri Davydok for his contribution) and displays the names of new Windows 8 file system control codes.
New in Sysinternals Suite 1.0 Build 16.02.2012 (Feb 17, 2012)
- Coreinfo v3.04: Coreinfo, a tool that dumps information about a system’s processor topology and capabilities, adds a fix for a bug that sometimes misreported the presence of hyperthreading
- DebugView v4.78: This update to DebugView, a utility for capturing and logging user-mode and kernel-mode debug output messages, can now capture output generated by Metro applications on Windows 8.
- LiveKd v5.1: LiveKd, a utility for leveraging kernel debuggers to analyze live physical systems or Hyper-V virtual machines, now supports newer Intel processors that implement the XSAVE instruction.
- Process Explorer v15.13: This Process Explorer release adds Background priority to the process context menu, which sets the CPU, memory and I/O priorities of a process to low, and includes a bug fix for restoring user-entered process comments.
New in Sysinternals Suite 1.0 Build 12.01.2012 (Jan 13, 2012)
- Autoruns v11.21: This update to Autoruns fixes a number of minor bugs, including one that could result in a crash when certain scheduled tasks are configured.
- Coreinfo v3.03: Coreinfo, a command-line utility that dumps information about a system’s CPU topology and capabilities, now reports the presence of TSC (timestamp counter) Invariant support.
- Portmon v3.03: Portmon, a utility for monitoring serial and parallel port traffic, includes some minor bug fixes and user-interface consistency updates.
- Process Explorer v15.12: This update to Process Explorer makes the search dialog asynchronous and reports the types of found items. It also fixes several bugs, including showing a small font when run after an older version, a bug in the restart-process functionality, working set columns not showing data, and again shows information about service processes when run from an unprivileged user account.
New in Sysinternals Suite 1.0 Build 15.12.2011 (Dec 17, 2011)
- Process Explorer v15.11: This minor update fixes several bugs, including the fleeting appearance of garbage characters in the status bar.
New in Sysinternals Suite 1.0 Build 05.12.2011 (Dec 6, 2011)
- Autoruns v11.2: This update fixes a bug in the jump-to-folder function when executed on disabled items and correctly locates print monitor DLLs when they are stored in print monitor-specific system director
- Disk Usage (DU) v1.4: This update to Du, a command line utility for analyzing the disk space consumed by directories, adds a CSV output option, accounts for the file system cluster size in its on-disk size calculations, and includes alternate data streams.
- Process Explorer v15.1: This update of Process Explorer, a Task Manager replacement, adds support for new Windows 8 features by giving the processes hosting immersive applications a distinct highlight color, shows immersive application package names in process tooltips and as a new process view column, lists AppContainer and capability SIDs in the process security properties, and updates the GPU support to be compatible with Windows 8. Other enhancements include GPU memory counters with more descriptive labels, display of the logon session ID on the security properties, and reporting of suspended processes as suspended in the CPU usage column.
- Strings v2.42: This Strings release fixes a bug that would result in a crash when the –n or -b options are specified without a file name
New in Sysinternals Suite 1.0 Build 10.11.2011 (Nov 11, 2011)
- Autoruns v11.1: This update to Autoruns adds several new autostart locations, reports the active filter in the status bar, and highlights unsigned images and those with no company name or description to make them easy to spot.
- AccessChk v5.02: This AccessChk release includes improved error messages, reports registry key delete permission, and includes a manifest.
- Coreinfo v3.02: This minor update to Coreinfo, a command-line tool that reports supported CPU features and topology, includes Microsoft’s SLAT term for Intel’s Extended Page Table and AMD’s Nested Paging virtualization features.
New in Sysinternals Suite 1.0 Build 20.09.2011 (Sep 21, 2011)
- Autoruns v11: This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.
- Coreinfo v3.01: This update to Coreinfo, a command-line utility that shows processor features and topology, fixes a bug in the way it reports hyper-threading and gives a warning when showing virtualization features and a hypervisor is running.
- ProcDump v4.01: This release of ProcDump, a tool for capturing process memory dumps, adds a context record for 1st chance exception dumps so that registers and the call stack of the faulting thread are captured.
- Process Explorer v15.05: This update fixes a bug in cycle CPU usage calculation on Windows 7.
New in Sysinternals Suite 1.0 Build 01.09.2011 (Sep 2, 2011)
- Coreinfo 3.0:
- Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies. It now shows the processor features supported by the system's processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.
- DebugView v4.77:
- This update to DebugView, a graphic debug output monitor useful for application and device driver development, adds a command-line switch to enable or disable kernel-mode capture, a switch to enable millisecond clock display, and a number of bug fixes.
- SDelete v1.6:
- SDelete, a command-line utility for securely deleting files and zeroing volume free space, fixes a bug that prevented it from accessing some files on 64-bit Windows and swaps the zero-free-space and clean-free-space arguments to make them more intuitive.
- Process Explorer v15.04: This release fixes several minor bugs, including a tooltip display bug and one that could result in a miscalculation of CPU usage on Windows 7 in the refresh immediately following the termination of a CPU-intensive process.
New in Sysinternals Suite 1.0 Build 18.08.2011 (Aug 19, 2011)
- Process Explorer v15.03: This fixes a bug introduced in v15.02 that would result in a crash of Process Explorer when run with standard user rights and the System Information dialog is opened.
New in Sysinternals Suite 1.0 Build 16.08.2011 (Aug 17, 2011)
- ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.
- Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.
- Process Explorer v15.02: Process Explorer v15.02 includes minor updates to the drawing routines.
New in Sysinternals Suite 1.0 Build 25.07.2011 (Jul 26, 2011)
- Process Explorer v15.01: This update adds the ability to select a custom graph background color, adds paged and nonpaged pool quota columns to the process view, fixes incorrect information on the disk and network process properties dialog on 32-bit Windows, and fixes a GPU tray icon bug.
- TCPView v3.05: This update fixes a bug when sorting by the state column.
New in Sysinternals Suite 1.0 Build 18.07.2011 (Jul 19, 2011)
- Process Explorer v15.0:
- Process Explorer v15 celebrates the release of the Sysinternals Administrator Reference and the upcoming 15th anniversary of Sysinternals. This major update to Process Explorer, a powerful tool for inspecting and controlling processes, threads, loaded DLLs, and more, adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs.
- ListDLLs v3.1:
- ListDLLs, a command-line utility for listing and searching for loaded DLLs, now dumps full file version information, including digital signatures. It also adds a new option designed to aid in malware hunting that filters output to include only unsigned DLLs.
- FindLinks v1.0:
- This new command-line utility lists the hard links associated with a specified file.
New in Sysinternals Suite 1.0 Build 18.05.2011 (May 19, 2011)
- VMMap v3.1:
- VMMap, a process virtual and physical memory analyzer, now shows the ASLR status of images and reports “unusable” virtual memory regions.
- RAMMap v1.11:
- This update to RAMMap, a system memory usage analyzer, adds command-line options for loading files and exporting scans, creates a file association and fixes several bugs
- Handle v3.46: This update has Handle use the same helper driver as Process Explorer.
- Process Explorer v14.12: This update fixes a bug that prevents removal of tray icons under certain conditions.
New in Sysinternals Suite 1.0 Build 03.05.2011 (May 4, 2011)
- ZoomIt v4.2: This update to ZoomIt, a screen magnification and annotation utility, now adjusts the drawing pen size when you enter drawing mode from live zoom to match the static zoom pen size.
- Process Explorer v14.11: Process Explorer v14.11 includes the ability to configure network and disk activity icons in the tray.
- ProcDump v3.04: This update to ProcDump’s miniplus dump type (-mp) includes heuristics that include thread stack memory.
New in Sysinternals Suite 1.0 Build 13.04.2011 (Apr 14, 2011)
- Updates: Process Monitor v2.95
New in Sysinternals Suite 1.0 Build 15.03.2011 (Mar 17, 2011)
- Updates: Process Explorer v14.1, VMMap v3.03, ProcDump v3.03
New in Sysinternals Suite 1.0 Build 14.02.2011 (Feb 15, 2011)
- Winobj 2.22: A number of bugs, including on affecting sorting, are fixed in this update.
- VMMap 3.02: This release fixes several bugs.
New in Sysinternals Suite 1.0 Build 01.02.2011 (Feb 2, 2011)
- Updates: ProcDump v3.02, Contig v1.6, TCPView v3.03
New in Sysinternals Suite 1.0 Build 25.01.2011 (Jan 26, 2011)
- Handle v3.45: This release fixes a bug that could in some cases cause a system crash.
New in Sysinternals Suite 1.0 Build 20.01.2011 (Jan 20, 2011)
- Handle v3.44: This updates the driver to the newest version used by Process Explorer.
New in Sysinternals Suite 1.0 Build 17.01.2011 (Jan 18, 2011)
- Updates:
- ListDLLs v3.0, Handle v3.43, and Process Monitor v2.94
New in Sysinternals Suite 1.0 Build 15.12.2010 (Dec 16, 2010)
New in Sysinternals Suite 1.0 Build 09.12.2010 (Dec 10, 2010)
- Updates: ProcDump v3.0, AccessChk v5.01 and a new Mark's Blog Post
New in Sysinternals Suite 1.0 Build 29.11.2010 (Nov 30, 2010)
New in Sysinternals Suite 1.0 Build 23.11.2010 (Nov 23, 2010)
- Updates:
- Process Explorer v14.01, Autoruns v10.05
New in Sysinternals Suite 1.0 Build 16.11.2010 (Nov 17, 2010)
- Update:
- Process Explorer v14
New in Sysinternals Suite 1.0 Build 01.11.2010 (Nov 2, 2010)
New in Sysinternals Suite 1.0 Build 28.10.2010 (Oct 29, 2010)
New in Sysinternals Suite 1.0 Build 14.10.2010 (Oct 15, 2010)
- LiveKd v5.0 - and a related Mark's Blog post, Disk2vhd v1.63, Sigcheck v1.73
New in Sysinternals Suite 1.0 Build 07.10.2010 (Oct 7, 2010)
- Autoruns v10.04:
- This fixes a toolbar drawing bug that shows on Windows XP.
New in Sysinternals Suite 1.0 Build 29.09.2010 (Sep 30, 2010)
- Updates:
- ProcDump v2.01, Autoruns v10.03, Process Monitor v1.93
New in Sysinternals Suite 1.0 Build 09.09.2010 (Sep 9, 2010)
- Updates: WinObj v2.2, Junction v1.06
New in Sysinternals Suite 1.0 Build 30.08.2010 (Aug 31, 2010)
- Updates: ProcDump v2.0, Process Monitor v2.92, and a new Mark's Blog Post
New in Sysinternals Suite 1.0 Build 02.08.2010 (Aug 3, 2010)
- TCPView v3.02: Fixes a GDI handle leak.
New in Sysinternals Suite 1.0 Build 29.07.2010 (Jul 30, 2010)
- TCPView v3.01:
- TCPView v3.01 addresses a minor drawing bug when running on Windows XP.
- Disk2vhd v1.62:
- This update fixes a bug in the HAL fixup code that could prevent a converted image from booting under Virtual PC.
- AdExplorer v1.42:
- This addresses a regression in v1.41 that prevented AdExplorer from connecting to some Light Weight Directory Service databases.
New in Sysinternals Suite 1.0 Build 22.07.2010 (Jul 23, 2010)
- TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns.
- Autoruns v10.02: This update fixes a bug in Autorunsc that had default to filtering out signed Windows components.
- ProcDump v1.81: This release addresses a bug in the implementation of the -x command-line options, where ProcDump would pass the dump file name to the target process.
- Disk2vhd v1.61: System volumes no longer display twice on the volume list.
New in Sysinternals Suite 1.0 Build 12.07.2010 (Jul 13, 2010)
- Disk2vhd v1.6: Disk2vhd now includes better error handling for failed snapshots, guarantees that the system is bootable even if the system crashes while Disk2vhd is updating the system to make it compatible with Virtual PC, and supports direct-attached Hyper-V SCSI disks.
- ADExplorer v1.41: This release fixes a bug with searching from the root of a directory.
New in Sysinternals Suite 1.0 Build 23.06.2010 (Jun 24, 2010)
- Updates: RAMMap v1.1, ADExplorer v1.4, Autologon v3.0 | Mark's Talks from TechEd US 2010 are now online
New in Sysinternals Suite 1.0 Build 14.06.2010 (Jun 15, 2010)
- Autoruns v10.01: This fixes a bug in the Registry jump-to function for HKCU registry paths.
New in Sysinternals Suite 1.0 Build 08.06.2010 (Jun 9, 2010)
- Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
New in Sysinternals Suite 1.0 Build 21.05.2010 (May 22, 2010)
- Corinfo v2.11: Coreinfo does require XP 64-bit or higher for client (server 2003 or higher for server). This update fixes the bug where it would fail to launch on 32-bit XP instead of reporting compatibility requirements.
New in Sysinternals Suite 1.0 Build 19.05.2010 (May 19, 2010)
- RAMMap v1.0:
- Have you ever wondered how Windows allocates physical memory or what’s using it? RAMMap is a new utility for analyzing system RAM usage on Windows Vista and Windows 7 that provides insight never before available. RAMMap shows information about each page of memory, summaries of memory usage by type, views of file data stored in memory, and more.
- Coreinfo v2.1:
- Memory access from a processor to memory on remote NUMA nodes takes longer than local-node memory accesses. In addition to dumping NUMA topology information, CoreInfo now measures and displays the internode access costs on NUMA systems.
- Making it Big in Software:
- Mark and other tech industry figures including Steve Wozniak, Linus Torvalds, James Gosling and more, are interviewed in this new book by Sam Lightstone that provides great advice, real-word stories and philosophies for anyone considering a career in software.
New in Sysinternals Suite 1.0 Build 06.05.2010 (May 7, 2010)
- Update: LogonSessions v1.21 and an article on the usage of VMMAP
- LogonSessions v1.21: This fixes a bug that prevented logonsessions from showing full token information in some cases on 64-bit windows.
- Microsoft CLR Team Blog Post on VMMap and Managed Code: The Microsoft CLR Team has written a great article explaining how to use VMMap to analyze the working sets of managed code (.NET) processes.
New in Sysinternals Suite 1.0 Build 29.04.2010 (Apr 29, 2010)
- Mark’s Blog: The Case of the Printing Failure - Mark’s most recent post in the Case of the Unexplained series describes the troubleshooting steps, which include use of Procdump and Process Monitor, an administrator went through when printing failed on one of the systems in their network.
- LiveKd v4.0: This major update to LiveKd, a utility that enables a local read-only kernel debugging of an on-line system, supports > 64 processors, includes numerous reliability enhancements, and new switch, -o, that generates a live kernel dump without having to launch a kernel debugger (thanks to Ken Johnson).
- AccessChk v5.0: A command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more, adds a new option to dump un-interpreted access control lists, an option to ignore inherited ACEs, distinguishes between file and directory permissions, and includes several bug fixes.
- PsTools Updates: These PsTools utilities have been updated to fix several bugs, including one that sometimes prevented them from performing remote registry access - PsExec, PsGetSid, PsInfo, PsList, PsLoggedOn, PsLogList, and PsService.
- LogonSessions v1.2: LogonSessions is updated to work on 64-bit Windows for x64.
New in Sysinternals Suite 1.0 Build 14.04.2010 (Apr 15, 2010)
- Updates: Process Monitor v2.9, Process Explorer v12.02, Testlimit v5.02 | A new Mark's blog post and Mark to speak at the Windows Summit and TechEd US
New in Sysinternals Suite 1.0 Build 01.04.2010 (Apr 2, 2010)
- Updates: Process Explorer v12.01
New in Sysinternals Suite 1.0 Build 08.03.2010 (Mar 9, 2010)
New in Sysinternals Suite 1.0 Build 03.03.2010 (Mar 3, 2010)
- Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66
New in Sysinternals Suite 1.0 Build 20.01.2010 (Jan 20, 2010)
- Updates: ProcDump v1.72, Desktops v1.02, Sigcheck v1.65, DiskView v2.3
New in Sysinternals Suite 1.0 Build 14.01.2010 (Jan 15, 2010)
New in Sysinternals Suite 1.0 Build 11.01.2010 (Jan 12, 2010)
- Updates: ProcDump v1.7, AccessChk v4.24, Sigcheck v1.64, Desktops v1.01, LiveKd v3.13
New in Sysinternals Suite 1.0 Build 01.12.2009 (Dec 2, 2009)
- Updates: VMMap v2.5, Disk2vhd v1.4; Sigcheck v1.63; Autoruns v9.57; PsExec v1.97; PsKill v1.13 and a new Mark's Windows Internals Session video from PDC 2009
- Mark’s Windows Internals Session at the Professional Developer’s Conference: Mark dives deep to cover Windows 7 and Windows Server 2008 R2 kernel changes in his top-rated session from PDC 2009.
New in Sysinternals Suite 1.0 Build 04.11.2009 (Nov 4, 2009)
- NewSID Retirement and the Machine SID Duplication Myth: Mark’s latest blog post debunks the myth that having duplicate machine SIDs causes problems, explaining why the Sysinternals NewSID tool has been retired.
- Disk2vhd v1.3: This update to Disk2vhd makes more Windows XP and Windows Server 2003 VHDs bootable by updating their MBR and boot sectors to be compatible with Hyper-V and Virtual PC and by installing the Intelide driver if it it’s not already installed. It also optimizes image creation by not copying paging and hibernation files.
- Sigcheck v1.62: This update to Sigcheck, a utility that displays file version and digital signature information, removes a file size limit for generating file hashes, works on 64-bit MSI files, and reports expired signatures.
- Process Monitor v2.8: Displays new Windows 7 CreateFile options, includes file-delete operations in the Category filter’s Write subcategory, and displays names for more IOCTLs and result codes.
- LiveKd v3.12: This release fixes compatibility with 64-bit Windows XP and Windows Server 2003.
New in Sysinternals Suite 1.0 Build 27.10.2009 (Oct 28, 2009)
- The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.
New in Sysinternals Suite 1.0 Build 22.10.2009 (Oct 27, 2009)
- Windows 7 General Availability and Mark on Channel 9
- Check out Mark’s latest Channel 9 interview on Windows 7 and Windows Server 2008 R2 kernel changes, released today to coincide with Windows 7’s general availability. He talks about memory management, process reflection and more, and shows a couple of demos on a 256-processor system.
New in Sysinternals Suite 1.0 Build 21.10.2009 (Oct 22, 2009)
- Disk2vhd v1.1
- Disk2vhd now supports command-line options for automation and fixes a bug that could result in an “invalid user buffer” error during a conversion.
- ZoomIt v4.1
- Zoomit is a screen magnification and annotation utility that's useful for technical presentations. With this update, you can now easily switch between LiveZoom (supported on Vista and Windows 7) and drawing mode.
- Coreinfo v2.0
- `Coreinfo now supports IA64 and Windows Server 2008 R2 systems with more than 64 logical processors.
New in Sysinternals Suite 1.0 Build 13.10.2009 (Oct 14, 2009)
- Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.
New in Sysinternals Suite 1.0 Build 07.10.2009 (Oct 8, 2009)
- Disk2vhd v1.0: We’re excited to announce a new Sysinternals tool, Disk2vhd, that simplifies the migration of physical systems into virtual machines (p2v). Just run Disk2vhd on the system you want to migrate and specify the volumes for which you want data included, and Disk2vhd creates a consistent point-in-time volume snapshot followed by an export of the selected volumes into one or more VHDs that you can add to a new or existing Hyper-V or Virtual PC virtual machine.
New in Sysinternals Suite 1.0 Build 01.10.2009 (Oct 2, 2009)
- LiveKd v3.1: This update to LiveKd, a tool that enables you to perform local kernel debugging using the Windbg tool, adds support for systems with more than 4GB of RAM and now works on x64 systems even when they aren’t booted in debugging mode.
- BgInfo v4.16: Bginfo now correctly reports Windows Server 2008 R2. ProcDump v1.6: This minor update sets the thread context in a dump file to the thread that trips the CPU threshold so that it’s stack can be viewed simply by entering a stack dump command.
- Autoruns v9.55: A bug that prevented some 64-bit entries from being disabled is addressed in this update.
New in Sysinternals Suite 1.0 Build 05.08.2009 (Aug 6, 2009)
- ZoomIt v4.0
- In addition to minor bug fixes, this update to ZoomIt, a screen magnification and annotation tool, has significant improvements to the live zoom functionality that’s available on Vista and Windows 7. For example, it removes the shadow mouse, it uses a better mouse tracking algorithm and on Windows 7 it adds zoom-in and zoom-out transitions.
New in Sysinternals Suite 1.0 Build 07.05.2009 (May 8, 2009)
- Autoruns v9.5
- This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware gains automatic execution.
- PsLoglist v2.7
- PsLoglist, a command-line event log display utility, now properly displays event log entries for default event log sources on Windows Vista and higher and accepts wildcard matching for event sources.
New in Sysinternals Suite 1.0 Build 22.04.2009 (Apr 23, 2009)
- VMMap v1.1 - This update to VMMap, an advanced process memory analysis tool, makes it easy to view the changes between subsequent refreshes. Using the new “show changes” option enables you to measure the impact of specific application functionality by comparing memory usage before and after the functionality executes. The release also has a number of user interface improvements, such as always highlighting the currently selected listview items and making the total row’s position in the summary list sort-independent.
- Active Directory Explorer v1.2 - ADExplorer v1.2, an Active Directory object browser, adds the ability to copy the properties of an object to the clipboard, back and forward navigation shortcut keys, and an option to change the base used for integer display.
New in Sysinternals Suite 1.0 Build 19.11.2008 (Nov 20, 2008)
- Process Explorer 11.3
- This update to Process Explorer includes numerous enhancements and bug fixes, including a physical memory history graph, options to configure memory tray icons, asynchronous thread symbol resolution and security ID lookup, dynamic recognition of new volume drive letters, multiple character matching in the process view, and a smaller memory footprint.
New in Sysinternals Suite 1.0 Build 26.02.2008 (Feb 27, 2008)
- ShellRunas v1.0
- ShellRunas provides functionality similar to that of the Runas tool to launch programs as a different user via a convenient shell context-menu entry. This makes it more convenient than Runas for heavy Explorer users.
- Process Explorer v11.10
- This Process Explorer update adds a number of enhancements, including support for high DPI, display of paging and standby list sizes on Vista, and display of cycles consumed on threads tab on Vista. It also reports the COM object running inside of Dllhost processes and the tasks running inside of Vista Taskeng host processes in the process view hover tooltip.
- Mark Hosts Virtual Roundtable on Deploying Vista
- Join Mark Russinovich and a panel of industry experts and IT pros on March 5th for a live, interactive roundtable discussion on Windows Vista adoption and deployment, including challenges, workarounds, and solutions.
New in Sysinternals Suite 1.0 Build 12.18.2007 (Dec 19, 2007)
- Autoruns v9.0
- This major update to Autoruns shows an entry�s raw launch string in its image details area, lists Explorer and IE COM classes names and icons, is aware of several more autostart locations, including additional shell extensions, Windows Vista scheduled tasks and Windows Vista Sidebar gadgets, and has better support for alternate online search engines.
- New Video: Mark on Channel 9
- Channel 9: Mark talks about working at Microsoft, the Windows Server 2008 kernel, MinWin versus Server Core, Hyper-V and application virtualization.