Windows Sysinternals
The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
- Read the official guide to the Sysinternals tools, Troubleshooting with the Windows Sysinternals Tools
- Read the Sysinternals Blog for a detailed change feed of tool updates
- Watch Mark's Sysinternals Update videos on YouTube
- Watch Mark’s top-rated Case-of-the-Unexplained troubleshooting presentations and other webcasts
- Read Mark’s Blog which highlight use of the tools to solve real problems
- Check out the Sysinternals Learning Resources page
- Post your questions in the Sysinternals Forum
Sysinternals Live
Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.
You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.
What's New 
What's New (August 18, 2021)
Candid talk from the man behind your favorite Windows tools
Mark talks with Larry Seltzer about the history and future of Sysinternals.Autoruns v14.0
Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.
What's New (July 27, 2021)
- ProcDump v10.1
This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds a new option (-dc) for specifying a dumpfile comment and supports "triage" dumps (-mt).
What's New (June 22, 2021)
- RDCMan v2.8
RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools! This release fixes CVE-2020-0765, an XML parsing vulnerability.
What's New (May 25, 2021)
Process Monitor v3.80
Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.Sysmon v13.20
This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.TCPView v4.10
This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.Process Explorer v16.40
This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.
What's New (April 21, 2021)
Process Monitor v3.70
This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.Sysmon v13.10
This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.Theme Engine
This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TCPView have been updated. Expect more tools using the theme engine in the near future!
What's New (March 23, 2021)
- TCPView v4.0
This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
What's New (February 22, 2021)
WinObj v3.0
This major update to WinObj adds dynamic updates, quick search, full search, properties for more object types, as well as performance improvements. It's also the first Sysinternals tool to feature a dark theme.Coreinfo v3.52
This update to CoreInfo adds reporting for CET (shadow stack) support.