Update: Sysmon v3.1, LogonSessions v1.3, VMMap v3.21
This update to Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, adds information about the thread initialization function for CreateRemoteThread events, including the DLL and function name and address. It also changes the format of timestamps to allow for simple string sorting and fixes several bugs.
LogonSessions, a command-line utility that reports information about Windows authentication sessions including the user, authenticating server, time a session was created, and processes running in a session, now includes options for emitting CSV and tab-delimited output for easy import into Excel and other applications.
This update to VMMap, an advanced utility that shows a detailed breakdown of a process’s virtual and physical memory usage, fixes a bug where unused memory was reported as commited, and another that omitted call-tree summary statistics.