Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version. Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen. ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen. Sdelete 2.02 SDelete…

Sigcheck 2.70, BgInfo v4.26, and VMMap v3.22

Sigcheck v2.70 Windows WinVerifyTrust function reports signed MSI files that have malware appended to them as signed, so Sigcheck now indicates when appended content is present. BgInfo v4.26 BgInfo now honors AppLocker scripting policy. VMMap v3.22 This release of VMMap fixes bugs that excluded copy-on-write pages from the private bytes total and that double counted…

Sysmon v8.0, Autoruns v13.90

Sysmon v8.0 This update to Sysmon adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations. Autoruns 13.90 Autoruns, a comprehensive Windows autostart entry point…

RAMMap v1.51

RAMMap v1.51 This update to RAMMap fixes an incompatibility with the latest version of Windows 10.

Sysmon v7.03

Sysmon v7.03 This update to Sysmon fixes a service executable crash that could result from long file names, and does not hash files larger than 2GB to avoid causing performance issues with SQL Server’s large alternate data streams it places on database files.

Sysmon v7.02

Sysmon v7.02 This update to Sysmon, an advanced security logging service, fixes memory leaks in its thread and process tracking callbacks.

Process Monitor v3.50, Autoruns v13.82, Du v1.61, SDelete v2.01

Process Monitor v3.50 Process Monitor now includes a /runtime switch to control headless capture duration, correctly shows picoprocesses, displays details for file system APIs introduced in Windows 10, and includes numerous minor improvements and bug fixes. Autoruns v13.82 This Autoruns release shows Onenote addins and fixes several bugs. Du v1.61 This update to Disk Usage…

Bginfo v4.25

Bginfo v4.25 This release fixes a bug introduced in v4.20 that caused Bginfo to read ASCII text files incorrectly.

Sysmon v7.01

Sysmon v7.01 This release fixes a bug in v7.01 that could cause the sysmon config change event to be corrupt, as well as one that prevented registry keys from being reported with abbreviated root key names (e.g. HKLM).

Sysmon v7.0

Sysmon v7.0 Sysmon now logs file version information, and the option to dump the configuration schema adds the ability to dump an older schema or dump all historical schemas.