Summary: From the people who brought you Process Explorer and Autoruns comes a new diagnostic tool that logs certain events which can be signs of an malicious activity.
For the first time in almost two years, Microsoft's Mark Russinovich has added a new tool to
the Sysinternals tool suite. The new tool is
Sysmon which monitors for and logs certain specific events.
Sysinternals is a set of Windows utility programs first released in 1996, long before Russinovich joined Microsoft. Almost all were written by Russinovich and his then-partner Bryce Cogswell. Sysmon, written by Russinovich and Thomas Garnier, also of Microsoft, is the 73rd tool in the set, and has been used internally at Microsoft for some time.
