Sysinternals utilities help you manage, troubleshoot, and diagnose your Windows systems and applications. The April 2020 update for Sysinternals brings major Sysmon enhancements including Logs process creation with the full command line for both current and parent processes, the use of Multiple hashes at the same time, many more.
- Sysmon v11.0
This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.
- Sysinternals April 27 Update Video
Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability.
You can execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as https://live.sysinternals.com/ or \\live.sysinternals.com\tools\.
You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.