Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Sysinternals Updates Now Available for SysMon, AccessChk, and RU
Microsoft has provided a major update to SysMon and some minor feature additions to AccessChk and RU.
Rod Trent
January 20, 2015
1 Min Read
Sysinternals is, of course, the invention of Mark Russinovich who is now the esteemed CTO of Microsoft Azure. Created in 1996 and then acquired by Microsoft in 2006, Sysinternals tools are a staple of IT admins everywhere. Fortunately, even with Mark's new title and responsibilities, the Sysinternals utilities continue to get updates.
Yesterday, three of the utilities were updated with bug fixes and new features. Sysmon received the biggest update, bringing it to version 2.0. Here's what to look for…
Sysmon (now at full version 2.0) – Used as a security tool for detection and analysis, version 2.0 now provides these capabilities:
Driver load and image load events with signature information
Configurable hashing algorithm reporting
Flexible filters for including and excluding events
Support for supplying configuration via a configuration file instead of the command line
AccessChk (now at version 5.21) – Used to query and display Windows object permissions for things like registry keys, files, services and more, version 5.21 brings:
Reporting permissions as SDDL strings
New process permission types
A fix for a bug with showing process security descriptors
RU (now at version 1.1) – Version 1.1 of RU gets a couple minor but useful feature updates:
Supports loading hive files
Reports last write timestamp in CSV output
You can grab the individual updates or the entire stack of 46 utilities from the Sysinternals Suite page: Sysinternals Suite
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
