Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
1 answer
One of the answers was accepted by the question author.
Sysmon 12.03 not logging EventID:2 (file creation time modified)
Hello, I just made a test with Sysmon 9.1.0 on a VM and I was able to get file creation time modification events. Upgrading to 12.03 with the same configuration allows to get all the other events except this one. Test was made using a ps1 script that…
Sysinternals
asked 2020-12-18T14:34:54.287+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 93%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Julien Bachmann
96
Reputation points
commented 2020-12-24T02:30:57.05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 35%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
dstaulcu
351
Reputation points
2 answers
AaaS (Antivirus as a service/ Virustotal) in Process Explorer and Autoruns from Microsoft Sysinternals suite is not functioning for 2-3 days !!! Kindly resolve this issue please.
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-21T13:15:23.073+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 19%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Aneeq Ahmad
6
Reputation points
commented 2020-12-23T14:32:29.227+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Michael Taylor
48,656
Reputation points
0 answers
Is it safe to defragment an in-use file with Contig?
Greetings, I'm wondering if I should expect issues when running Sysinternals' Contig on an SQLite database that's concurrently being written to and read from. I think I may be running into an issue with an extremely fragmented SQLite file and I'm…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-22T13:55:11.527+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 12%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
Mislav Čovran
1
Reputation point
asked 2020-12-22T13:55:11.527+00:00
Mislav Čovran
1
Reputation point
1 answer
VirusTotal
Recently, the VirusTotal column always shows Unknown. What's up?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-18T05:01:55.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 50%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
好野 飄
1
Reputation point
answered 2020-12-21T18:24:42.39+00:00
Michael Taylor
48,656
Reputation points
0 answers
s.exe and chinese characters in sysmon log
We came across a puzzling process called s.exe and chinese characters in the logs as seen below, which we have never seen before across any system. We use sysmon version 8.4.0.0. Is this a case of the sysmon driver causing trimming of data or a bug or…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 90%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
0 answers
Client is not communication with MP SCCM 2012
I have installed SCCM 2012 client on one machine, installation was successful but it not communicating to MP. There are only two options(Machine policy & user policy) under action tab in configuration manage and CCM Notification Agent is also…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 95%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
0 answers
Autoruns looks bad in 4K
Try running Autoruns on a 4K monitor, or any other HDPI display. You will almost not be able to read the entries.
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 48%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
0 answers
CoreInfo shows wrong output
Hello Microsoft Team, while playing with the GetLogicalProcessorInformation function and comparing the output with the coreinfo (32bit & 64bit) tool, I discovered some inconsistencies in the Cache Map output. Running on: Intel(R) Core(TM) i7-7700…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFC%3C/text%3E%3C/svg%3E)
0 answers
Remote Kernal Debug Mode Network
If setting up remote kernel debugging using rdnet, on the host is the network connection named 'NETWORK 20' and can be seen in the available WiFI networks? Is it not disconnectable?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-10T16:37:53.73+00:00
Marc George
21
Reputation points
asked 2020-12-10T16:37:53.73+00:00
Marc George
21
Reputation points
0 answers
Sysmon 10.42
Hello. We are using Sysmon 10.42 and faced the problem of a long launch of published applications from Citrix. We also use antivirus McAfee Endpoint Security 10.7. Sysmon has been added to exceptions, but there are suggestions that blocking occurs. …
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-02T12:54:47.417+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 24%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEK%3C/text%3E%3C/svg%3E)
Evgeny Kuzmin
1
Reputation point
commented 2020-12-08T16:24:33.67+00:00
dstaulcu
351
Reputation points
1 answer
Sysmon - not logging "Pipe created" events (Event 17)
Hello! We have tried to generate/reproduce Event 17: <event name="SYSMON_CREATE_NAMEDPIPE" value="17" level="Informational" template="Pipe Created" rulename="PipeEvent"…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 16%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
0 answers
Inquiry about nesting Sysmon rule groups
This is in reference to your comment on the above topic at the below link about possible support for nesting of Sysmon rule groups: https://github.com/MicrosoftDocs/sysinternals/issues/222 My particular use case is to exclude multiple classes of…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-03T00:41:28.183+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Kevin Branch
1
Reputation point
commented 2020-12-06T18:17:37.363+00:00
dstaulcu
351
Reputation points
0 answers
svchost.exe process details
Due to the dramatic increase in svchost and services in Windows 10, could you please create an option for a "Services" column instead of making it a hover over pop-up?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-04T15:42:58.003+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 44%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Dave Berndt
1
Reputation point
asked 2020-12-04T15:42:58.003+00:00
Dave Berndt
1
Reputation point
0 answers
How to compile a regular expression that will search and replace characters from a string
Hello Community, I hope I'm in the right forum for this question I'm trying to compile a regular expression that will search for strings that exclude certain characters and and charaters to the discovered strings. For example, the following string…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,094 questions
asked 2020-12-02T18:26:28.923+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Carlton Patterson
741
Reputation points
asked 2020-12-02T18:26:28.923+00:00
Carlton Patterson
741
Reputation points