Sysinternals Suite

Sysinternals Suite September 2021

  • Autoruns v14.02
    • Autoruns, a utility for monitoring startup items, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks, VirusTotal and signed files regressions fixes.

  • WinObj v3.12
    • WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

  • Tcpview v4.15
    • TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.

  • Process Monitor v3.85
    • Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.


What's New (August 18, 2021)​

  • Candid talk from the man behind your favorite Windows tools
    Mark talks with Larry Seltzer about the history and future of Sysinternals.
  • Autoruns v14.0
    Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.
  • RDCMan v2.83
    This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.
  • ProcDump v10.11
    This update to ProcDump fixes a "The parameter is incorrect" error on Windows Server 2016 systems.
  • Winobj v3.11
    WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
  • TCPView v4.14
    TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
  • Process Monitor v3.84
    Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
  • Process Explorer v16.43
    This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, "medium+" for process integrity levels and has some display tweaks for systems with large memory capacity.
  • Sysmon v13.24
    This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.

What's New (July 27, 2021)​

  • ProcDump v10.1
    • This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds a new option (-dc) for specifying a dumpfile comment and supports "triage" dumps (-mt).
  • RDCMan v2.82
    • This RDCMan update adds a toggle for bitmap caching and fixes a series of crashes.
  • Sigcheck v2.82
    • This Sigcheck update fixes a crash occurring when analyzing unsigned files on VirusTotal.
  • Sysmon v13.23
    • This Sysmon update fixes a bug where rules with long names were incorrectly processed and a rare out of memory crash occurring on 32-bit systems.

What's New (June 22, 2021)​


  • RDCMan v2.8
    RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!
  • AccessChk v6.14
    This AccessChk version adds support for NULL DACL reporting.
  • Process Monitor v3.83
    ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.
  • Strings v2.54
    This Strings update improves handling of files containing long strings.
  • Sysmon v13.22
    This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.
  • TCPView v4.13
    This TCPView update fixes a bug with connection state filtering.


What's New (May 25, 2021)​

  • Process Monitor v3.80 Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.
  • Sysmon v13.20 This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.
  • TCPView v4.10 This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.
  • Process Explorer v16.40 This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.

What's New (April 21, 2021)​

  • Process Monitor v3.70 This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.
  • Sysmon v13.10 This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.
  • Theme Engine This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TCPView have been updated. Expect more tools using the theme engine in the near future!

What’s New (March 23, 2021)​

  • TCPView v4.0 This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.

What’s New (January 11, 2021)​

  • Sysmon v13.00
    This update to Sysmon adds a process image tampering event that reports when the mapped image of a process doesn’t match the on-disk image file, or the image file is locked for exclusive access. These indicators are triggered by process hollowing and process herpaderping. This release also includes several bug fixes, including fixes for minor memory leaks.
  • Process Monitor v3.61
    This update to Process Monitor adds monitoring for RegSaveKey, RegLoadKey and RegRestoreKey APIs, as well as fixes a bug in the details output for some types of directory queries.

What’s New (November 04, 2020)​

  • AdExplorer v1.50 This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the “Compare” dialog and is now available for x64 and ARM64.
  • Disk Usage (DU) v1.62 This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64.

What’s New (October 15, 2020)​

  • VMMap v3.30 This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps.
  • RAMMap v1.60 This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, ‑e, to empty the different types of system working sets.
  • Sysmon v12.01 Security and bug fix release, resolves a PipeEvent processing issue and adds extra checks to kernel writes.
Oben Unten