Handle v4.22, NotMyFault v4.20, Process Explorer v16.25, Sysmon v10.1

Handle v4.22 This release of Handle fixes a race condition in the driver that could lead to a crash. Notmyfault v4.20 Notmyfaultc now includes a flag that makes it wait until an event named Notmyfault is signaled before proceeding to crash or leak.  Process Explorer v16.25 This update to Process Explorer fixes a potential buffer…


Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version. Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen. ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen. Sdelete 2.02 SDelete…


Sysinternals Update: ProcDump v9, Autoruns v13.71, BgInfo v4.22, LiveKd v5.62, Process Monitor v3.33, Process Explorer v16.21

ProcDump v9 This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support…


Update: Sigcheck v2.4, Sysmon v3.2, Process Explorer v16.1, Autoruns v13.51, AccessChk v6.01

Sigcheck v2.4This update to Sigcheck, a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the…


Update: LiveKd v5.4, Autoruns v13.2, Sigcheck v2.2, Process Explorer v16.05

LiveKd v5.4This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2. Autoruns v13.2In addition to bug fixes to CSV and XML output,…


Updates: Handle v4.0. Procdump v7.01, Procexp v16.04, Regjump v1.02, Autoruns v12.03

Handle v4: Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by their processes.   ProcDump v7.01: This release fixes several bugs, including one…


New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03

Sysmon v1.0: We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers,…


Updates: Process Explorer v16.02, Process Monitor v3.1, PSExec v2.1, Sigcheck v2.03

Process Explorer v16.02: This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1: This release adds registry create file disposition (create vs open) and a new switch, /saveapplyfilter, which has Process Monitor…


Updates: Process Explorer v16.01, Sigcheck v2.02

Process Explorer v16.0: This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02: This release fixes a bug that caused the –u switch to filter results incorrectly.


Updates: Process Explorer v16.0, PsPing v2.01

Process Explorer v16.0: Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus…