Sysmon and other Sysinternals tools updated

Reading time icon 2 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Windows Sysinternals

Microsoft today released a major Windows Sysinternals update. This update for Windows Sysinternals comes with Sysmon file deletion monitoring, Procmon with the ability to constraint events, bug fixes to Autorun, and improvements to TCPView.

Find the full changelog below:

Procmon v3.70
This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.

Sysmon v13.10
This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn’t archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.

Autoruns v13.99
This update to Autoruns fixes a bug that resulted in some empty locations being hidden when the Include Empty Locations option is selected.

TCPView v4.01
This update to TCPView refines Quick search to look in IP addresses and ports.

Theme Engine
This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TcpView have been updated. Expect more tools using the theme engine in the near future.

Source: Microsoft

More about the topics: microsoft, update, Windows Sysinternals

Leave a Reply

Your email address will not be published. Required fields are marked *