Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Feb 14, 2022 #61 From ZoomIt v5.0, RDCMan v2.90, Autoruns, ProcMon, TCPView, VMMap, Sysmon and WinObj ZoomIt v5.0 ZoomIt, a screen zoom and annotation tool, now supports Windows 11 and antialiased line drawing. Note that under Windows 11 and Windows Server 2022 some UI elements might not react to mouse clicks when zoomed. The temporary workaround until a future Windows update is to store the ZoomIt executable under the Windows or the Program Files directories. RDCMan v2.90 RDCMan, a tool for managing and connecting to Remote Desktop sessions, receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes. Autoruns v14.08 This Autoruns update fixes a series of application crashes, now correctly parses paths with spaces passed as command line arguments and improves .arn import functionality. Process Monitor v3.88 This Process Monitor update mitigates a rare program crash condition. TCPView v4.17 This TCPView update fixes a crash related to filtering by TCP version. VMMap v3.32 VMMap, a tool that reports the virtual memory layout of a process, now supports Windows 11. Sysmon v13.32 This Sysmon update fixes a conflict with FileDelete and FileDeleteDetected events in the same config. WinObj v3.14 This WinObj update makes the behavior of the object tree control more consistent with Windows when handling right clicks.
From ZoomIt v5.0, RDCMan v2.90, Autoruns, ProcMon, TCPView, VMMap, Sysmon and WinObj ZoomIt v5.0 ZoomIt, a screen zoom and annotation tool, now supports Windows 11 and antialiased line drawing. Note that under Windows 11 and Windows Server 2022 some UI elements might not react to mouse clicks when zoomed. The temporary workaround until a future Windows update is to store the ZoomIt executable under the Windows or the Program Files directories. RDCMan v2.90 RDCMan, a tool for managing and connecting to Remote Desktop sessions, receives support for Restricted Admin (/restrictedAdmin from mstsc) and Remote Credential Guard (/remoteGuard from mstsc) and bug fixes. Autoruns v14.08 This Autoruns update fixes a series of application crashes, now correctly parses paths with spaces passed as command line arguments and improves .arn import functionality. Process Monitor v3.88 This Process Monitor update mitigates a rare program crash condition. TCPView v4.17 This TCPView update fixes a crash related to filtering by TCP version. VMMap v3.32 VMMap, a tool that reports the virtual memory layout of a process, now supports Windows 11. Sysmon v13.32 This Sysmon update fixes a conflict with FileDelete and FileDeleteDetected events in the same config. WinObj v3.14 This WinObj update makes the behavior of the object tree control more consistent with Windows when handling right clicks.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Feb 14, 2022 #62 A YouTube collection of demos ,tips and stories from the experts: Sysinternals
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Feb 16, 2022 #63 From Autoruns v14.09, ProcMon v3.89, Sysmon v13.33 and ZoomIt v5.10 Autoruns v14.09 This Autoruns update fixes a bug preventing the enabling/disabling of startup folder items. Process Monitor v3.89 This Process Monitor update fixes a crash related to context menus. Sysmon v13.33 This Sysmon update fixes a crash occurring on Windows Server 2012 and improves memory handling for the service. ZoomIt v5.10 This update to ZoomIt, a screen magnification and annotation tool, now supports pen and touch drawing.
From Autoruns v14.09, ProcMon v3.89, Sysmon v13.33 and ZoomIt v5.10 Autoruns v14.09 This Autoruns update fixes a bug preventing the enabling/disabling of startup folder items. Process Monitor v3.89 This Process Monitor update fixes a crash related to context menus. Sysmon v13.33 This Sysmon update fixes a crash occurring on Windows Server 2012 and improves memory handling for the service. ZoomIt v5.10 This update to ZoomIt, a screen magnification and annotation tool, now supports pen and touch drawing.
britechguy Well-known member Joined Jun 2, 2016 Posts 772 Location Staunton, VA Feb 16, 2022 #64 I've got to check out ZoomIt as an assistive technology for those with low vision. The fact that it's almost entirely controllable via the keyboard is a huge plus!
I've got to check out ZoomIt as an assistive technology for those with low vision. The fact that it's almost entirely controllable via the keyboard is a huge plus!
xrobwx71 Administrator Staff member Joined Sep 27, 2019 Posts 2,631 Location Panama City Beach, FL Feb 18, 2022 #65 If you want to always make sure your SysInternals tools are up to date, make a mapped drive! See how here: Tip Having All the SysInternals Tools in A Mapped Drive - NEXTOFWINDOWS.COM
If you want to always make sure your SysInternals tools are up to date, make a mapped drive! See how here: Tip Having All the SysInternals Tools in A Mapped Drive - NEXTOFWINDOWS.COM
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY May 11, 2022 #66 From AccessChk v6.15, RAMMap v1.61 and Sysmon v13.34 AccessChk v6.15 This update for AccessChk, a tool that shows what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services, fixes a crash with passing long strings on the command line. Parameters previously limited to MAX_PATH characters have no length restrictions now. RAMMAp v1.61 This update for RAMMap, a utility that analyzes and displays physical memory usage, fixes problems with the processes tab under Windows 11 and improves the UI on scaled displays. Sysmon v13.34 This Sysmon update improves performance for UDP network event tracing (the NetworkConnect global option), solves a rare system hang (blue screen) when monitoring ProcessCreate events and a memory/handle leak on ImageLoad events with several exclude clauses.
From AccessChk v6.15, RAMMap v1.61 and Sysmon v13.34 AccessChk v6.15 This update for AccessChk, a tool that shows what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services, fixes a crash with passing long strings on the command line. Parameters previously limited to MAX_PATH characters have no length restrictions now. RAMMAp v1.61 This update for RAMMap, a utility that analyzes and displays physical memory usage, fixes problems with the processes tab under Windows 11 and improves the UI on scaled displays. Sysmon v13.34 This Sysmon update improves performance for UDP network event tracing (the NetworkConnect global option), solves a rare system hang (blue screen) when monitoring ProcessCreate events and a memory/handle leak on ImageLoad events with several exclude clauses.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Jul 19, 2022 #67 From ZoomIt v6.0, BgInfo v4.30, PsExec v2.40, ProcMon v3.90 and Sigcheck v2.90 ZoomIt v6.0 This major update to ZoomIt, a screen magnification and annotation tool, adds built-in screen recording for easy demo recordings, and now supports Unicode typing input. BgInfo v4.30 This update to BgInfo, a tool for writing various system information to the desktop wallpaper, now correctly reports Windows 11 and Windows Server 2022 versions. PsExec v2.40 This update to PsExec, a command line utility for remotely launching processes on Windows computers, adds a new option, -g, for selecting the processor group. ProcMon v3.90 This Process Monitor update improves event list filtering performance. Sigcheck v2.90 Sigcheck, a command-line utility that shows file version, timestamp and signatures, now supports custom code integrity policy file checks.
From ZoomIt v6.0, BgInfo v4.30, PsExec v2.40, ProcMon v3.90 and Sigcheck v2.90 ZoomIt v6.0 This major update to ZoomIt, a screen magnification and annotation tool, adds built-in screen recording for easy demo recordings, and now supports Unicode typing input. BgInfo v4.30 This update to BgInfo, a tool for writing various system information to the desktop wallpaper, now correctly reports Windows 11 and Windows Server 2022 versions. PsExec v2.40 This update to PsExec, a command line utility for remotely launching processes on Windows computers, adds a new option, -g, for selecting the processor group. ProcMon v3.90 This Process Monitor update improves event list filtering performance. Sigcheck v2.90 Sigcheck, a command-line utility that shows file version, timestamp and signatures, now supports custom code integrity policy file checks.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Jul 30, 2022 #68 From ZoomIt v6.01, BgInfo v4.31, and ProcMon v3.91 ZoomIt v6.01 This release for ZoomIt fixes a 32 bit bug. BgInfo v4.31 This release for BgInfo fixes a 32 bit crash. ProcMon v3.91 This release for Process Monitor fixes an ARM64 driver load error.
From ZoomIt v6.01, BgInfo v4.31, and ProcMon v3.91 ZoomIt v6.01 This release for ZoomIt fixes a 32 bit bug. BgInfo v4.31 This release for BgInfo fixes a 32 bit crash. ProcMon v3.91 This release for Process Monitor fixes an ARM64 driver load error.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Aug 16, 2022 #69 From Sysmon v14.0, AccessEnum v1.34, and Coreinfo v3.53 Sysmon v14.0 This major update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockExecutable that prevents processes from creating executable files in specified locations. It also includes several performance improvements and bug fixes. AccessEnum v1.34 AccessEnum, a tool for enumerating file system and registry permissions, now supports paths longer than MAX_PATH characters. Coreinfo v3.53 This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now handles NUMA nodes with more than 64 processors.
From Sysmon v14.0, AccessEnum v1.34, and Coreinfo v3.53 Sysmon v14.0 This major update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockExecutable that prevents processes from creating executable files in specified locations. It also includes several performance improvements and bug fixes. AccessEnum v1.34 AccessEnum, a tool for enumerating file system and registry permissions, now supports paths longer than MAX_PATH characters. Coreinfo v3.53 This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now handles NUMA nodes with more than 64 processors.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Aug 16, 2022 #70 Sysmon 14.0 has been just released by @Sysinternals Update Information: Sysmon 14.0 — FileBlockExecutable Download: Sysmon v14.0 Via Mark Russinovich on Twitter: New Sysmon v14 release, introducing block-exe rule that we made specifically to foil Russian malware targeting Ukrainian systems Click to expand...
Sysmon 14.0 has been just released by @Sysinternals Update Information: Sysmon 14.0 — FileBlockExecutable Download: Sysmon v14.0 Via Mark Russinovich on Twitter: New Sysmon v14 release, introducing block-exe rule that we made specifically to foil Russian malware targeting Ukrainian systems Click to expand...
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Sep 29, 2022 #71 From Sysmon v14.1, Coreinfo v3.6, AccessEnum v1.35, BgInfo 4.32, and NotMyFault 4.21 Sysmon v14.1 This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files. Coreinfo v3.6 This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in counter ticks. AccessEnum v1.35 This update to AccessEnum, a tool that summarizes account permissions on files and folders, fixes a version number mismatch in its version information. BgInfo v4.32 This update to BgInfo, a tool for displaying system information on screen desktop, correctly reports Windows 11 Insider versions. NotMyFault v4.21 This update to NotMyFault, a tool used to crash, hang, and cause kernel memory leaks on Windows, now works on ARM64 systems.
From Sysmon v14.1, Coreinfo v3.6, AccessEnum v1.35, BgInfo 4.32, and NotMyFault 4.21 Sysmon v14.1 This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files. Coreinfo v3.6 This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in counter ticks. AccessEnum v1.35 This update to AccessEnum, a tool that summarizes account permissions on files and folders, fixes a version number mismatch in its version information. BgInfo v4.32 This update to BgInfo, a tool for displaying system information on screen desktop, correctly reports Windows 11 Insider versions. NotMyFault v4.21 This update to NotMyFault, a tool used to crash, hang, and cause kernel memory leaks on Windows, now works on ARM64 systems.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Oct 12, 2022 #72 From ZoomIt v6.1 ZoomIt This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.
From ZoomIt v6.1 ZoomIt This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.
Tekno Venus Senior Administrator, Developer Staff member Joined Jul 21, 2012 Posts 7,203 Location UK Oct 13, 2022 #73 Corrine said: From ZoomIt v6.1 ZoomIt This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes. Click to expand... For anyone interested, Mark actually developed this latest version of ZoomIt live on stage as part of a presentation. The recording is here: Microsoft Ignite – Join us on October 12-14
Corrine said: From ZoomIt v6.1 ZoomIt This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes. Click to expand... For anyone interested, Mark actually developed this latest version of ZoomIt live on stage as part of a presentation. The recording is here: Microsoft Ignite – Join us on October 12-14
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Oct 13, 2022 #74 From ZoomIt v6.11 ZoomIt This update to ZoomIt fixes a crash with right-justified text input and improves multiline text handling.
From ZoomIt v6.11 ZoomIt This update to ZoomIt fixes a crash with right-justified text input and improves multiline text handling.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Oct 26, 2022 #75 From Process Explorer v17.0, Handle v5.0, Process Monitor v3.92, and Sysmon v14.11 Process Explorer This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more. Handle This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g. Process Monitor This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver’s altitude. Sysmon This update to Sysmon, an advanced host monitoring tool, fixes a bug preventing FileDeleteDetected events reporting and adds support for ARM64.
From Process Explorer v17.0, Handle v5.0, Process Monitor v3.92, and Sysmon v14.11 Process Explorer This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more. Handle This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g. Process Monitor This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver’s altitude. Sysmon This update to Sysmon, an advanced host monitoring tool, fixes a bug preventing FileDeleteDetected events reporting and adds support for ARM64.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Nov 10, 2022 #76 From Process Explorer v17.02 and Sysmon v14.12 Process Explorer v17.02 This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case. Sysmon v14.12 This update to Sysmon fixes a bug related to volumes without file system security.
From Process Explorer v17.02 and Sysmon v14.12 Process Explorer v17.02 This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case. Sysmon v14.12 This update to Sysmon fixes a bug related to volumes without file system security.
xrobwx71 Administrator Staff member Joined Sep 27, 2019 Posts 2,631 Location Panama City Beach, FL Nov 11, 2022 #77 Thanks @Corrine, I use Process Explorer as my Task Manager replacement.
Willy2 Contributor Joined Dec 16, 2013 Posts 151 Location The moderators know Nov 11, 2022 #78 I reported a bug in RAMMAP over one year ago and I am still waiting for that bug to be fixed in RAMMAP.
I reported a bug in RAMMAP over one year ago and I am still waiting for that bug to be fixed in RAMMAP.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Nov 28, 2022 #79 From Active Directory Explorer v1.52, Contig v1.82, and Sysmon v14.13 Active Directory Explorer v1.52 This update to Active Directory Explorer, an advanced Active Directory viewer and editor, fixes a crash caused by searching for strings in a snapshot longer than object names. Contig v1.82 This update to Contig, a single-file defragmenter, adds safe DLL loading and support for long command-line arguments. Sysmon v14.13 This update to Sysmon addresses CVE-2022-41120 by ensuring the archive directory has permissions restricted to the system account.
From Active Directory Explorer v1.52, Contig v1.82, and Sysmon v14.13 Active Directory Explorer v1.52 This update to Active Directory Explorer, an advanced Active Directory viewer and editor, fixes a crash caused by searching for strings in a snapshot longer than object names. Contig v1.82 This update to Contig, a single-file defragmenter, adds safe DLL loading and support for long command-line arguments. Sysmon v14.13 This update to Sysmon addresses CVE-2022-41120 by ensuring the archive directory has permissions restricted to the system account.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,064 Location Upstate, NY Dec 12, 2022 #80 ProcDump 1.4 for Linux ProcDump 1.4 for Linux This update to ProcDump for Linux adds the capability to generate dumps when specified exceptions occur in a .NET process.
ProcDump 1.4 for Linux ProcDump 1.4 for Linux This update to ProcDump for Linux adds the capability to generate dumps when specified exceptions occur in a .NET process.