New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03
Sysmon v1.0: We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers, and correlate events across your network to track them as they traverse your network.
Autoruns v12.01: This update to Autoruns, a utility that comes in Windows application and command-line forms, has numerous bug fixes, adds a profile attribute/column to CSV and XML output, and interprets the CodeBase value for COM object registrations.
Coreinfo v3.3: Coreinfo is a command-line utility that reports comprehensive information about a system’s processors, including their cache sizes and topology, memory latency, and processor features, now reports virtual memory address width as well as support for many additional instructions, including PT, SHA, MPX, CFLUSHOPT, and AVX variants.
Procexp v16.03: This release of Process Explorer, a process viewing and control utility, fixes several bugs, including one where moving the mouse over the information graphs could cause it to crash and another that could cause a crash when checking Virus Total results.