diff --git a/sysinternals/downloads/index.md b/sysinternals/downloads/index.md index 94b1a66b..e0f607a8 100644 --- a/sysinternals/downloads/index.md +++ b/sysinternals/downloads/index.md @@ -4,7 +4,7 @@ title: Sysinternals Utilities description: Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities. ms:assetid: 'aefdbd0d-e21b-45ad-8e2b-b69cb8e04d5f' ms:mtpsurl: 'https://technet.microsoft.com/Bb545027(v=MSDN.10)' -ms.date: 11/25/2020 +ms.date: 01/11/2021 --- # Sysinternals Utilities Index @@ -226,12 +226,12 @@ open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process. [Process Monitor](procmon.md) -*v3.60 (September 17, 2020)* +*v3.61 (January 11, 2021)* Monitor file system, Registry, process, thread and DLL activity in real-time. [PsExec](psexec.md) -*v2.2 (June 29, 2016)* +*v2.21 (January 11, 2021)* Execute processes on remote systems. [PsFile](psfile.md) @@ -339,7 +339,7 @@ Search for ANSI and UNICODE strings in binary images. Flush cached data to disk. [Sysmon](sysmon.md) -*v12.03 (November 25, 2020)* +*v13.00 (January 11, 2021)* Monitors and reports key system activity via the Windows event log. [TCPView](tcpview.md) diff --git a/sysinternals/downloads/procmon.md b/sysinternals/downloads/procmon.md index d15a497e..75f8890a 100644 --- a/sysinternals/downloads/procmon.md +++ b/sysinternals/downloads/procmon.md @@ -4,15 +4,15 @@ title: Process Monitor description: Monitor file system, Registry, process, thread and DLL activity in real-time. ms:assetid: '37225635-4ad0-4b08-aa5e-4bba665b1d89' ms:mtpsurl: 'https://technet.microsoft.com/Bb896645(v=MSDN.10)' -ms.date: 09/17/2020 +ms.date: 01/11/2021 --- -Process Monitor v3.60 +Process Monitor v3.61 ===================== **By Mark Russinovich** -Published: September 17, 2020 +Published: January 11, 2021 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/ProcessMonitor.zip) [**Download Process Monitor**](https://download.sysinternals.com/files/ProcessMonitor.zip) **(2 MB)** **Run now** from [Sysinternals Live](https://live.sysinternals.com/Procmon.exe). diff --git a/sysinternals/downloads/psexec.md b/sysinternals/downloads/psexec.md index 634a7c69..7bfe1c92 100644 --- a/sysinternals/downloads/psexec.md +++ b/sysinternals/downloads/psexec.md @@ -4,15 +4,15 @@ title: PsExec description: Execute processes on remote systems. ms:assetid: '936a8b8b-a7ce-4b63-bcc2-ca334cd4c276' ms:mtpsurl: 'https://technet.microsoft.com/Bb897553(v=MSDN.10)' -ms.date: 06/29/2016 +ms.date: 01/11/2021 --- -PsExec v2.2 +PsExec v2.21 ============ **By Mark Russinovich** -Published: June 29, 2016 +Published: January 11, 2021 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)** diff --git a/sysinternals/downloads/pstools.md b/sysinternals/downloads/pstools.md index 2e6f0dc9..c30b8a04 100644 --- a/sysinternals/downloads/pstools.md +++ b/sysinternals/downloads/pstools.md @@ -4,7 +4,7 @@ title: PsTools description: Command-line utilities for listing the processes running on local or remote computers, running processes, rebooting computers, and more. ms:assetid: '559ea946-3d7d-47bb-821c-b47fd078dfb7' ms:mtpsurl: 'https://technet.microsoft.com/Bb896649(v=MSDN.10)' -ms.date: 07/04/2016 +ms.date: 01/11/2021 --- PsTools @@ -12,7 +12,7 @@ PsTools **By Mark Russinovich** -Published: July 4, 2016 +Published: January 11, 2021 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/PSTools.zip) [**Download PsTools Suite**](https://download.sysinternals.com/files/PSTools.zip) **(2.7 MB)** diff --git a/sysinternals/downloads/sysinternals-suite.md b/sysinternals/downloads/sysinternals-suite.md index af4689af..d2da7ca4 100644 --- a/sysinternals/downloads/sysinternals-suite.md +++ b/sysinternals/downloads/sysinternals-suite.md @@ -4,14 +4,14 @@ title: Sysinternals Suite description: The Windows Sysinternals troubleshooting Utilities have been rolled up into a single suite of tools. ms:assetid: '0e18b180-9b7a-4c49-8120-c47c5a693683' ms:mtpsurl: 'https://technet.microsoft.com/Bb842062(v=MSDN.10)' -ms.date: 11/04/2020 +ms.date: 01/11/2021 --- Sysinternals Suite ================== **By Mark Russinovich** -Updated: November 04, 2020 +Updated: January 11, 2021 [**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (38 MB) [**Download Sysinternals Suite for Nano Server**](https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip) (7.8 MB) diff --git a/sysinternals/downloads/sysmon.md b/sysinternals/downloads/sysmon.md index 1b5263f5..7fbf2fc0 100644 --- a/sysinternals/downloads/sysmon.md +++ b/sysinternals/downloads/sysmon.md @@ -4,15 +4,15 @@ title: Sysmon description: Monitors and reports key system activity via the Windows event log. ms:assetid: 'f49b1cb3-c689-469e-ade0-6fa98d72f9d6' ms:mtpsurl: 'https://technet.microsoft.com/Dn798348(v=MSDN.10)' -ms.date: 11/25/2020 +ms.date: 01/11/2021 --- -Sysmon v12.03 +Sysmon v13.00 =========== **By Mark Russinovich and Thomas Garnier** -Published: November 25, 2020 +Published: January 11, 2021 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sysmon.zip) [**Download Sysmon**](https://download.sysinternals.com/files/Sysmon.zip) **(1.8 MB)** @@ -295,22 +295,29 @@ execute, this event logs the WMI namespace, filter name and filter expression. ### Event ID 20: WmiEvent (WmiEventConsumer activity detected) -This event logs the registration of WMI consumers, recording the consumer name, +This event logs the registration of WMI consumers, recording the consumer name, log, and destination. ### Event ID 21: WmiEvent (WmiEventConsumerToFilter activity detected) -When a consumer binds to a filter, this event logs the consumer name and filter path. +When a consumer binds to a filter, this event logs the consumer name and filter path. ### Event ID 22: DNSEvent (DNS query) -This event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. +This event is generated when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier. ### Event ID 23: FileDelete (A file delete was detected) -A file was deleted +A file was deleted. +### Event ID 24: ClipboardChange (New content in the clipboard) + +This event is generated when the system clipboard contents change. + +### Event ID 25: ProcessTampering (Process image change) + +This event is generated when a process image is changed from an external source, such as a different process. ### Event ID 255: Error This event is generated when an error occurred within Sysmon. They can diff --git a/sysinternals/index.md b/sysinternals/index.md index f83a588e..1e923929 100644 --- a/sysinternals/index.md +++ b/sysinternals/index.md @@ -4,7 +4,7 @@ title: Windows Sysinternals | Microsoft Docs description: Library, learning resources, downloads, support, and community. Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities. ms:assetid: '2b0d74e3-5962-455a-b35a-248979737b61' ms:mtpsurl: 'https://technet.microsoft.com/Bb545021(v=MSDN.10)' -ms.date: 11/25/2020 +ms.date: 01/11/2021 --- # ![Windows icon](/media/landing/sysinternals/Windows_logo_46x50px.png) Windows Sysinternals @@ -25,20 +25,28 @@ You can view the entire Sysinternals Live tools directory in a browser at [https ## What's New [![RSS icon](/media/landing/sysinternals/rss.gif)](https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?board=Sysinternals-Blog) ## +### What's New (January 11, 2021) + +- [Sysmon v13.00](~/downloads/sysmon.md) +Major release introducing the `ProcessTampering` event and a series of stability improvements. + +- [Process Monitor v3.61](~/downloads/procmon.md) +This update to Process Monitor adds 3 new Registry events: `RegReplaceKey`, `RegSaveKey` and `RegRestoreKey`. + ### What's New (November 04, 2020) -- [AdExplorer v1.50](~/downloads/adexplorer.md) +- [AdExplorer v1.50](~/downloads/adexplorer.md) This release of AdExplorer, an Active Directory (AD) viewer and editor, adds support for exporting data from the "Compare" dialog and is now available for x64 and ARM64. -- [Disk Usage (DU) v1.62](~/downloads/du.md) +- [Disk Usage (DU) v1.62](~/downloads/du.md) This release of Disk Usage (DU), a tool for viewing disk usage information, now also accounts for the MFT (Master File Table), removes the MAX_PATH limitation and is now available for ARM64. ### What's New (October 15, 2020) -- [VMMap v3.30](~/downloads/vmmap.md) +- [VMMap v3.30](~/downloads/vmmap.md) This update to VMMap, a utility that reports the virtual memory layout of a process, identifies .NET Core 3.0 managed heaps. -- [RAMMap v1.60](~/downloads/rammap.md) +- [RAMMap v1.60](~/downloads/rammap.md) This release to RAMMap, a utility that analyzes and displays physical memory usage, adds customizable map colors and a new command line option, -e, to empty the different types of system working sets. ### What's New (September 17, 2020) @@ -71,17 +79,3 @@ This major update to Sysmon includes file delete monitoring and archive to help - [Sysinternals April 27 Update Video](https://www.youtube.com/watch?v=_MUP4tgdM7s) Mark Russinovich covers what’s new in this update, with a demo of Sysmon’s new file delete monitoring and capture capability. - -### What's New (December 20, 2019) ### -- [Scheduled livesite maintenance](~/Announce/SiteUpgradeDec2019.md) - -### What's New (December 11, 2019) ### - - [Sysmon v10.42](~/downloads/sysmon.md) - This update to Sysmon addresses a number of memory leaks, introduces the "Excludes Any" and "Excludes All" filtering conditions and resolves a number of bugs. - - - [Zoomit v4.52](~/downloads/zoomit.md) - This update to Zoomit resolves a number of dual-monitor related issues. - - - [Whois v1.21](~/downloads/whois.md) - This refresh of Whois contains various bug fixes. -