Sysmon v9.0, Autoruns v13.94

Sysmon 9.0 Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification. Autoruns 13.94 This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and…


Autoruns v13.93, Handle v4.21, Process Explorer v16.22, SDelete v2.02, Sigcheck v2.71, Sysmon v8.02 and VMMap v3.25

Autoruns 13.93 This Autoruns update fixes a bug that prevented UserInitMprLogonScript from being scanned and by-default enables HCKU scanning for the console version. Handle 4.21 This Handle release fixes a race condition that could cause a bluescreen. ProcessExplorer 16.22 This Process Explorer release fixes a race condition that could cause a bluescreen. Sdelete 2.02 SDelete…

Sysmon v8.0, Autoruns v13.90

Sysmon v8.0 This update to Sysmon adds rule tagging, which results in tags appearing in event log entries they generate. It also greatly expands the command-line length logged, fixes a GUID printing bug for parent process GUIDs, and prints friendly registry path names for rename operations. Autoruns 13.90 Autoruns, a comprehensive Windows autostart entry point…

Sysmon v7.02

Sysmon v7.02 This update to Sysmon, an advanced security logging service, fixes memory leaks in its thread and process tracking callbacks.

Sysmon v7.01

Sysmon v7.01 This release fixes a bug in v7.01 that could cause the sysmon config change event to be corrupt, as well as one that prevented registry keys from being reported with abbreviated root key names (e.g. HKLM).

Sysmon v7.0

Sysmon v7.0 Sysmon now logs file version information, and the option to dump the configuration schema adds the ability to dump an older schema or dump all historical schemas.

Sysmon v6.2, AccessChk 6.20, Sigcheck v2.60, Whois v1.20

Sysmon v6.20 This Sysmon release adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence. AccessChk v6.20 This update to AccessChk, a command-line utility that reports effective access and can dump access control lists, fixes a bug in that could cause it to crash…


Update: Sysmon v4.12, Autologon v3.1, Sigcheck v2.54, Process Monitor v3.31

Sysmon v4.12 This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, now reports the status of CRL checking and fixes a bug where certain configuration files could cause the driver to blue screen. Sigcheck v2.54 This…

Update: Sigcheck v2.5, Process Explorer v16.11, Whois v1.13, RAMMap v1.5

Sigcheck v2.5This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers. Sysmon v3.21This update fixes a paged pool leak of token objects when image logging is enabled.  Process Explorer v16.11This…