Sysinternals Site Discussion

Handle v4.22, NotMyFault v4.20, Process Explorer v16.25, Sysmon v10.1

Handle v4.22 This release of Handle fixes a race condition in the driver that could lead to a crash....

Author: Mark Russinovich Date: 06/15/2019

Sysmon v10.0, Autoruns v13.95, VMMap v3.26

Sysmon 10.0 This release of Sysmon adds DNS query logging, reports OriginalFileName in process...

Author: Mark Russinovich Date: 06/12/2019

Sysmon v9.0, Autoruns v13.94

Sysmon 9.0 Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching...

Author: Mark Russinovich Date: 02/19/2019

Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being...

Author: Mark Russinovich Date: 12/09/2018

Sigcheck 2.70, BgInfo v4.26, and VMMap v3.22

Sigcheck v2.70 Windows WinVerifyTrust function reports signed MSI files that have malware appended...

Author: Mark Russinovich Date: 10/21/2018

Sysmon v8.0, Autoruns v13.90

Sysmon v8.0 This update to Sysmon adds rule tagging, which results in tags appearing in event log...

Author: Mark Russinovich Date: 07/05/2018

RAMMap v1.51

RAMMap v1.51 This update to RAMMap fixes an incompatibility with the latest version of Windows 10.

Author: Mark Russinovich Date: 06/01/2018

Sysmon v7.03

Sysmon v7.03 This update to Sysmon fixes a service executable crash that could result from long file...

Author: Mark Russinovich Date: 05/14/2018

Sysmon v7.02

Sysmon v7.02 This update to Sysmon, an advanced security logging service, fixes memory leaks in its...

Author: Mark Russinovich Date: 04/30/2018

Process Monitor v3.50, Autoruns v13.82, Du v1.61, SDelete v2.01

Process Monitor v3.50 Process Monitor now includes a /runtime switch to control headless capture...

Author: Mark Russinovich Date: 02/17/2018

Bginfo v4.25

Bginfo v4.25 This release fixes a bug introduced in v4.20 that caused Bginfo to read ASCII text...

Author: Mark Russinovich Date: 01/19/2018

Sysmon v7.01

Sysmon v7.01 This release fixes a bug in v7.01 that could cause the sysmon config change event to be...

Author: Mark Russinovich Date: 01/05/2018

Sysmon v7.0

Sysmon v7.0 Sysmon now logs file version information, and the option to dump the configuration...

Author: Mark Russinovich Date: 01/02/2018

Bginfo v4.24

Bginfo v4.24 This update to Bginfo fixes reported regressions in v4.23 and is compatible with all...

Author: Mark Russinovich Date: 12/31/2017

Autoruns v13.81, Bginfo v4.23, Handle v4.11

Autoruns v13.81 This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths...

Author: Mark Russinovich Date: 12/12/2017

Sysmon v6.2, AccessChk 6.20, Sigcheck v2.60, Whois v1.20

Sysmon v6.20 This Sysmon release adds the ability to change the Sysmon service and driver names to...

Author: Mark Russinovich Date: 11/22/2017

Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11

Sysmon v6.10 This update to Sysmon, a background monitor that records activity to the event log for...

Author: Mark Russinovich Date: 09/12/2017

Sysinternals Update: Sysmon v6.03

Sysmon v6.03 This release of Sysmon fixes a bug that prevented imageload include filters from...

Author: Mark Russinovich Date: 06/17/2017

Sysinternals Update: Sysmon v6.02, Sigcheck v2.55

Sysmon v6.02 This release of Sysmon, an advanced background monitor that records process-related...

Author: Mark Russinovich Date: 05/22/2017

Sysinternals Update: ProcDump v9, Autoruns v13.71, BgInfo v4.22, LiveKd v5.62, Process Monitor v3.33, Process Explorer v16.21

ProcDump v9 This major update to ProcDump, a utility that enables process dump capture based on a...

Author: Mark Russinovich Date: 05/16/2017

Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21

Sysmon v6 This release of Sysmon, a background monitor that records activity to the event log for...

Author: Mark Russinovich Date: 02/17/2017

Announcing a new book, Troubleshooting with the Windows Sysinternals Tools

Announcing a new book, Troubleshooting with the Windows Sysinternals Tools Become a Windows...

Author: Mark Russinovich Date: 12/01/2016

Sysmon v5, Process Explorer v16.20, Procdump v8.2, LiveKd v5.6

Sysmon v5 This major update to Sysmon, a background monitor that records activity to the event log...

Author: Mark Russinovich Date: 12/01/2016

Update: Sysmon v4.12, Autologon v3.1, Sigcheck v2.54, Process Monitor v3.31

Sysmon v4.12 This release of Sysmon, an advanced background monitor that records process-related...

Author: Mark Russinovich Date: 08/29/2016

Update: Sysmon v4, Procdump v8, Sigcheck v2.51

Sysmon v4.0 This release of Sysmon, an advanced background monitor that records process-related...

Author: Mark Russinovich Date: 04/28/2016

Update: Sigcheck v2.5, Process Explorer v16.11, Whois v1.13, RAMMap v1.5

Sigcheck v2.5This update to Sigcheck, a command-line utility that reports detailed information about...

Author: Mark Russinovich Date: 02/02/2016

Update: Sigcheck v2.4, Sysmon v3.2, Process Explorer v16.1, Autoruns v13.51, AccessChk v6.01

Sigcheck v2.4This update to Sigcheck, a powerful command-line utility that reports image file and...

Author: Mark Russinovich Date: 01/05/2016

Update: Autoruns v13.5, Sigcheck v2.3, RAMMap v1.4, BgInfo v4.21, Sysmon v3.11, ADInsight v1.2

Autoruns v13.5This update to Autoruns, the most comprehensive autostart viewer and manager available...

Author: Mark Russinovich Date: 10/26/2015

Update: Sysmon v3.1, LogonSessions v1.3, VMMap v3.21

Sysmon v3.1This update to Sysmon, a background service that logs security-relevant process and...

Author: Mark Russinovich Date: 07/22/2015

Update: AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2

AccessChk v6.0This update to AccessChk, a command-line utility that shows effective and actual...

Author: Mark Russinovich Date: 05/26/2015

Update: Sysmon v3.0, Autornus v13.3, Regjump v1.1, Process Monitor v3.11

Sysmon v3.0This release of Sysmon, an advanced background monitor that records process-related...

Author: Mark Russinovich Date: 04/20/2015

Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05

LiveKd v5.4This update to Livekd, a tool that enables live kernel debugging for Windows systems and...

Author: Mark Russinovich Date: 03/10/2015

Update: Autoruns v13.01

Autoruns v13.01 This release fixes a bug in v13 that caused autostart entry lines not to show when...

Author: Mark Russinovich Date: 02/09/2015

Update: Autoruns v13.0

Autoruns v13.0 This major update to Autoruns, an autostart execution point (ASEP) manager, now has...

Author: Mark Russinovich Date: 01/29/2015

Updates: Sysmon v2.0, Accesschk v5.21, RU v1.1

Sysmon v2.0This major update to Sysmon, a service that records process activity to the Windows event...

Author: Mark Russinovich Date: 01/19/2015

Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03

Handle v4: Handle is a command-line utility that can show which processes have a handle to a file or...

Author: DMK_WA Date: 09/11/2014

Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12

Autoruns v12.02: This fixes a bug that could cause Autoruns to crash on startup, updates the image...

Author: DMK_WA Date: 08/19/2014

New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03

Sysmon v1.0: We’re excited to announce Sysmon, a new Sysinternals utility that monitors and...

Author: safarr_msft1 Date: 08/08/2014

Mark's Latest Novel and TechEd Presentations Now Available

Mark's Latest Novel, Rogue Code: The third book in Mark’s Jeff Aiken technothriller series...

Author: safarr_msft1 Date: 05/28/2014

Updates: Autoruns v12.0, Procdump v7.0

Autoruns v12.0: This release of Autoruns, a Windows application and command-line utility for viewing...

Author: safarr_msft1 Date: 05/13/2014

Updates: AccessChk v5.2; PsExec v2.11; Sigcheck v2.1; VMMap v3.12

AccessChk v5.2: This release of AccessChk, a security command-line utility that reports the...

Author: safarr_msft1 Date: 05/02/2014

Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03

Process Explorer v16.02: This minor update adds a refresh button to the thread’s stack dialog...

Author: safarr_msft1 Date: 03/07/2014

Updates: Process Explorer v16.01, Sigcheck v2.02

Process Explorer v16.0: This release fixes a bug that could cause a crash when the VirusTotal column...

Author: safarr_msft1 Date: 02/04/2014

Updates: Process Explorer v16.0, PsPing v2.01

Process Explorer v16.0: Thanks to collaboration with the team at VirusTotal, this Process Explorer...

Author: safarr_msft1 Date: 01/29/2014

Updates: Disk2vhd v2.01, PsPing v2.0

Disk2vhd v2.01: This update fixes a bug that could result in Disk2vhd crashing when converting to...

Author: safarr_msft1 Date: 01/21/2014

Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31

Coreinfo v3.21: CoreInfo is a command-line tool for reporting processor topology, NUMA performance,...

Author: safarr_msft1 Date: 12/19/2013

Updates: RAMMap v1.32, Sigcheck v2.01

RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. Sigcheck v2.01:...

Author: safarr_msft1 Date: 11/01/2013

Update: RAMMap v1.31

RAMMap v1.31: This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.

Author: safarr_msft1 Date: 10/28/2013

Updates: PsExec v2.0, RAMMap v1.3, Sigcheck v2.0

PsExec v2.0: PsExec, a popular utility for executing processes on remote systems, introduces a new...

Author: safarr_msft1 Date: 10/23/2013

Autoruns v11.70, Bginfo v4.20, Disk2vhd v1.64, Process Explorer v15.40

Autoruns v11.70: This release of Autoruns, a powerful utility for scanning and disabling autostart...

Author: safarr_msft1 Date: 08/01/2013

Next>