Sysmon v7.01

Sysmon v7.01 This release fixes a bug in v7.01 that could cause the sysmon config change event to be corrupt, as well as one that prevented registry keys from being reported with abbreviated root key names (e.g. HKLM).

Sysmon v7.0

Sysmon v7.0 Sysmon now logs file version information, and the option to dump the configuration schema adds the ability to dump an older schema or dump all historical schemas.

Bginfo v4.24

Bginfo v4.24 This update to Bginfo fixes reported regressions in v4.23 and is compatible with all .bgi files except those created by v4.23.


Autoruns v13.81, Bginfo v4.23, Handle v4.11

Autoruns v13.81 This update to Autoruns fixes a Wow64 bug in Autorunsc that could cause 32-bit paths to result in ‘file not found’ errors, and expands the set of images not considered part of Windows for the Windows filter in order to reveal malicious files masquerading as Windows images. Bginfo v4.23 This update to Bginfo…


Sysmon v6.2, AccessChk 6.20, Sigcheck v2.60, Whois v1.20

Sysmon v6.20 This Sysmon release adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence. AccessChk v6.20 This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, fixes a bug in that could cause it to crash…


Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11

Sysmon v6.10 This update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, adds monitoring of WMI filters and consumers, an autostart mechanism commonly used by malware, and fixes a bug in image load filtering. Process Monitor v3.40 Process Monitor, a file system registry,…


Sysinternals Update: Sysmon v6.02, Sigcheck v2.55

Sysmon v6.02 This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, fixes a bug in the named pipe monitoring logic that could cause a bluescreen crash. Sigcheck v2.55 This update to Sigcheck, a command-line utility that reports detailed information about images,…

Sysinternals Update: ProcDump v9, Autoruns v13.71, BgInfo v4.22, LiveKd v5.62, Process Monitor v3.33, Process Explorer v16.21

ProcDump v9 This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support…

Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21

Sysmon v6 This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events…