Sysinternals Suite Januar 2024

AdExplorer
v1.51 (16. Dezember 2021)
Der Active Directory-Explorer ist ein erweiterter Active Directory-Viewer und -Editor.

Autoruns
v14.07 (16. Dezember 2021)
Sehen Sie sich an, welche Programme so konfiguriert sind, dass sie automatisch gestartet werden, wenn Ihr System gestartet wird und Sie sich anmelden. Autoruns zeigt Ihnen auch die vollständige Liste der Registrierungs- und Dateispeicherorte an, an denen Anwendungen Einstellungen für den automatischen Start konfigurieren können.

Cacheset
v1.02 (16. Dezember 2021)
CacheSet ist ein Programm, mit dem Sie die Arbeitssatzgröße des Cache-Managers mithilfe der von NT bereitgestellten Funktionen steuern können. Es ist mit allen Versionen von NT kompatibel.

Prozessmonitor
v3.87 (16. Dezember 2021)
Überwachen Sie Dateisystem-, Registrierungs-, Prozess-, Thread- und DLL-Aktivitäten in Echtzeit.

Sysmon
v13.31 (16. Dezember 2021)
Überwacht und meldet wichtige Systemaktivitäten über das Windows Ereignisprotokoll.

What's New (October 26, 2021)​

• Sysmon v13.30
  This Sysmon update adds user fields for events, fixes a series of crash-causing bugs - for example with the Visual Studio debugger - and improves memory usage and management in the driver.
• Autoruns v14.06
  This Autoruns release fixes a crash happening for scheduled tasks containing spaces.

• Autoruns v14.05
  • This update for Autoruns addresses a bug preventing opening and comparing .arn files.

• Autoruns v14.04
  • This update for Autoruns adds a series of display/theme fixes, restores autorunsc, fixes a regression for rundll32 entries, limits per-user scans to the user locations, fixes Microsoft entry hiding and adds a high DPI application icon.

• WinObj v3.13, Tcpview v4.16 and Process Monitor v3.86 get high DPI application icons.

• AccessEnum v1.33, CacheSet v1.01, Contig v1.81, Desktops v2.01, Disk2vhd v2.02, DiskMon v2.02, EFSDump v1.03, LoadOrder v1.02, PsShutdown v2.53, RegJump v1.11, ShareEnum v1.61, ShellRunas v1.02 get new builds with updated Windows libraries.

• Autoruns v14.03
  • This update for Autoruns restores entries previously shown in v13.100, improves Wow64 redirection handling and entry name resolution.

• Autoruns v14.02
  • Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.

• WinObj v3.12
  • WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

• Tcpview v4.15
  • TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

• Process Monitor v3.85
  • Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

What's New (August 18, 2021)​

• Candid talk from the man behind your favorite Windows tools
  Mark talks with Larry Seltzer about the history and future of Sysinternals.
• Autoruns v14.0
  Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.
• RDCMan v2.83
  This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.
• ProcDump v10.11
  This update to ProcDump fixes a "The parameter is incorrect" error on Windows Server 2016 systems.
• Winobj v3.11
  WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
• TCPView v4.14
  TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
• Process Monitor v3.84
  Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
• Process Explorer v16.43
  This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, "medium+" for process integrity levels and has some display tweaks for systems with large memory capacity.
• Sysmon v13.24
  This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.

What's New (July 27, 2021)​

• ProcDump v10.1
  • This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds a new option (-dc) for specifying a dumpfile comment and supports "triage" dumps (-mt).
• RDCMan v2.82
  • This RDCMan update adds a toggle for bitmap caching and fixes a series of crashes.
• Sigcheck v2.82
  • This Sigcheck update fixes a crash occurring when analyzing unsigned files on VirusTotal.
• Sysmon v13.23
  • This Sysmon update fixes a bug where rules with long names were incorrectly processed and a rare out of memory crash occurring on 32-bit systems.

What's New (June 22, 2021)​

• RDCMan v2.8
  RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!
• AccessChk v6.14
  This AccessChk version adds support for NULL DACL reporting.
• Process Monitor v3.83
  ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.
• Strings v2.54
  This Strings update improves handling of files containing long strings.
• Sysmon v13.22
  This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.
• TCPView v4.13
  This TCPView update fixes a bug with connection state filtering.

What's New (May 25, 2021)​

• Process Monitor v3.80 Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.
• Sysmon v13.20 This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.
• TCPView v4.10 This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.
• Process Explorer v16.40 This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.

What's New (April 21, 2021)​

• Process Monitor v3.70 This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.
• Sysmon v13.10 This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.
• Theme Engine This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TCPView have been updated. Expect more tools using the theme engine in the near future!

What’s New (March 23, 2021)​

• TCPView v4.0 This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.