Is sdbinst.exe malware if it is using options not listed in MS documentation?
I am using Sysmon and sending the logs to Wazuh for threat detection. It shows a level 12 event that pertains to sdbinst.exe. The event data command line was C:\WINDOWS\System32\sdbinst.exe -m -bg but according to MS documentation the options used by…
How do I hide "Filter by name" in "Process Explorer"
Maybe 6-8 months back, I noticed that a field called "Filter by name" appeared near the upper right corner of the main Process Explorer window. Considering what I use ProcExp for, I rarely need this field to be visible. From what I understand,…
Bug in the latest RAMMAP version (v1.61)
There is a bug in RAMMAP v1.61. This bug doesn't crash the program. It's merely VERY annoying but it needs to be fixed in the next version of RAMMAP. Start the program and open the "Processes" tab. Then you'll see that the program will only…
psinfo reports incorrect information about physical memory
I'd like to raise again the bug that exists in psinfo v1.78 (published on June 29, 2016). As reported in a post on the archived forums psinfo (both 32-bit and 64-bit version) reports incorrect information about physical memory above 4 GB. It's quite…
Can Process Monitor watch for DCOM issues?
I was wondering if there was a way to have Process Monitor watch for DCOM issues, like Access Denied. I am asking because I was trying to diagnose an issue with a web service, and eventually discovered that it was a DCOM issue, but unfortunately, the…
Black screen when running an application remotely with PSExec
I'm going to run notepad remotely using PSExec with its interactive option as below but the notepad console appears with a black screen: PSExec -i -d \RemoteComputer notepad.exe And the following runs it in the background as SYSTEM and console doesn't…
How to fix PsExeSvc.exe %1 není platná aplikace typu Win32. XPe SP3
Please help me howto run psexesvc service. Old psexe.exe works, but display console on host PC.
Can we discriminate the actual reason for the behiavour of defragmentation?
Given that in this deployment history (and previous ones), storage disks analyze much more easily the fragmentation even when heavier with data than the system disk, Is it only the system disk that requires this effort or, like it is reported in…
Disk2VHD not starting
Hello forum, I downloaded disk2vhd from the official site. When I start disk2vhd64.exe as admin, I get the dialog to allow making changes to the hard drive, but afterwards nothing happens. Starting disk2vhd.exe results in "Error…
Bginfo and virtual computing
I'm having lots of network adapters show up, and "(null)"s in the related IP address, subnet mask, DHCP Server, etc. fields. I've already done the 'custom variable' thing with the test for IPEnabled=True, but these adapters may be 'real' in…
Request for option to carry process creation detail fields into other Sysmon event types
In Sysmon "Process Create" events, the details are invaluable, but many times I have wished that at least key process creation details like CommandLine, ParentImage, ParentCommandLine, and Hashes, could be carried over to other event types that…
Can the tool 'streams.exe' regard "Scan inside symbolic links" as an optional parameter?
I tried to use the command "streams64.exe -s -d" or "streams.exe -s -d" in Administrator access in the user folder "C:\Users\<username>", However, here is a symbolic link…
Zoomit64 LiveZoom (Ctrl+4) displays a blank, black screen on a Dell XPS 17 9730.
On a Windows 11 23H2 22631.3593. Intel i7-3700H 2.40 GHz laptop, Zoomit64 Live Zoom displays a black screen. Displays are 2 x BenQ 27" monitors via Intel Iris Xe graphics and NVIDIA GeForce RTX 4050 laptop GPU. Connections are via digital DVI.
SDelete on EFS encrypted folder displaying weird behavior, filling up drives when no clean drive parameter specified
C:\Users\user>sdelete -p 3 -r -s C:\temp\ToDelete SDelete v2.04 - Secure file delete Copyright (C) 1999-2019 Mark Russinovich Sysinternals - www.sysinternals.com SDelete is set for 3 passes. C:\temp\ToDelete\ForDeletion.txt...deleted. …
Manipulating Perfmon data for easy combining and relogging for multiple device comparison.
What I'm trying to do: Perfmon is collecting data from multiple servers. I pulled the .blg files, and then combine them into one file for performance review of multiple servers. I combine the .blg files using the following script: Relog…
Has anyone used the "ion-storm" XML configuration with sysmon?
I'm trying to find someone who has used SwiftOnSecuritys "ion-storm" XML configuration with sysmon for event collection and has configured Wazuh rules for the events. I can't figure out how to configure Wazuh to work with the ion-storm agent…
Does Sysinternals Utilities come installed with Windows
Is it necessary to download Sysinternals Utilities separately or are they already included in Windows? I have searched for an answer but couldn't find anything definitive. Thank you for your help. Nick Putch
mstsc works but RDCman doesnt
Hi all, I'd like to use RDCMan again after seeing this is being maintained again. I can remote onto a server using MSTSC without a problem but as soon as the same server connection is attempted via RDCMan it cannot be connected to. It's 2022 DC OS, with…
PSTools Error
I have a win11 computer with no access to the internet. cmd is run as administrator. After trying to open a task scheduler via the PSTools on my desktop (psexec.exe -i -s %windir%\system32\mmc.exe /s taskschd.msc) I am getting the following error:…
Sysmon 15.12 - high cpu utilization & stops logging certain events
Running sysmon 15.12 with a pretty robust config that's a combination of open source (swiftonsecurity, etc) and my own rules. I am noticing a peculiar behavior in 15.12 where after running normal/stable for a while, sysmon decides to consume an entire…