Microsoft heeft een nieuwe versie van de Sysinternals Suite de deur uitgedaan, met de datum als versienummer. Dit pakket is een verzameling handige tools waarmee systemen kunnen worden beheerd en waarmee uitgebreide informatie over de computer kan worden ingewonnen. Zo kunnen allerlei problemen worden opgespoord en verholpen.
De afzonderlijke tools worden ontwikkeld door Mark Russinovich en Bryce Cogswell, in eerste instantie voor Sysinternals en sinds 2006 voor Microsoft. Enkele voorbeelden zijn Process Explorer, Bginfo, Contig en Diskmon. In totaal gaat het om een verzameling van 69 verschillende tools. Overigens kunnen de laatste versies van de afzonderlijke programma's zoals altijd ook hier worden gevonden. Sinds de vorige editie zijn de volgende onderdelen van de Suite bijgewerkt:
This major update to ProcDump, a utility that enables process dump capture based on a variety of triggers, introduces the ability to take capture multiple dumps sizes. This is particularly useful when capturing crash dumps of applications susceptible to termination due to unresponsiveness (e.g. IIS Ping killing w3wp.exe). This release also adds support for an associated Kernel Dump of the process that includes the kernel stacks of the process.
This update to Autoruns, a comprehensive autostart execution point manager, adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images.
This release of Bginfo honors applocker policy for VB scripts specified as the source of field data.
This update to Livekd is signed with a certificate installed in the Win7 RTM trusted roots store.
Process Monitor v3.33
Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store.
Process Explorer v16.21
This Process Explorer release includes a fix for an intermittent bug in the Virus Total scanning logic, and is signed with Win7 RTM-compatible certificate.
This release of Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces an option that displays event schema, adds an event for Sysmon configuration changes, interprets and displays registry paths in their common format, and adds named pipe create and connection events (thanks to Giulia Biagini for the contribution). Check out the related presentation from Mark’s RSA Conference, “How to Go From Responding to Hunting with Sysinternals Sysmon.”
Autoruns, an autostart entry point management utility, now reports print providers, registrations in the WMI\Default namespace, fixes a KnownDLLs enumeration bug, and has improved toolbar usability on high-DPI displays.
This update to AccessChk, a command-line utility that shows effective and actual permissions for file, registry, service, process object manager, and event logs, now reports Windows 10 process trust access control entries and token security attributes.
Process Monitor v3.32
This update of Process Monitor, a file system registry, process and network real-time monitor, adds an option to display process and thread IDs in hexadecimal format, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
Process Explorer v16.2
The latest release of Process Explorer, a powerful process management and diagnostic utility, fixes a bug listing Wow64 thread stacks, and includes improved toolbar usability on high-DPI displays. It also includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
This release of LiveKd, a live-system kernel debugger and dump generator, includes drivers signed to be compatible with the driver signing policy in recent releases of Windows 10.
This update to BgInfo, a utility that adds system information to the desktop background, fixes a bug that prevented the standalone 64-bit version from working.
This major update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces file create and registry modification logging. These event types make it possible to configure filters that capture updates to critical system configuration as well as changes to autostart entry points used by malware.
Process Explorer v16.20
This release of Process Explorer, a powerful process management and diagnostic utility, adds reporting of process Control Flow Guard (CFG) status and dynamically updates to reflect changes to process Data Execution Prevention (DEP) configuration.
Procdump, a command-line utility that generates process dumps on demand or based on triggers that include memory, CPU, exception and performance counter thresholds, adds a -kill option that terminates a process after its dump completes rather than allowing an exception to pass to Windows Error Reporting (WER), and a -wer switch to copy dumps to the WER queue.
LiveKd, a tool that enables interactive kernel debugger analysis of a live system or virtual machine, includes a batch-mode option designed for scripted analysis that omits the prompt to re-execute LiveKD after a debugger session terminates.