Merge branch 'master' into patch-1

sysinternals/downloads/adrestore.md

@@ -26,7 +26,7 @@ This MS KB article describes the use of AdRestore:
 
 [840001: How to restore deleted user accounts and their group
 memberships in Active
-Directory](https://support.microsoft.com/?kbid=840001)
+Directory](https://support.microsoft.com/kb/840001)
 
 
 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/ADRestore.zip)  [**Download AdRestore**](https://download.sysinternals.com/files/ADRestore.zip) **(42 KB)**

sysinternals/downloads/autoruns.md

@@ -4,17 +4,17 @@ title: Autoruns for Windows
 description: See what programs are configured to startup automatically when your system boots and you login.
 ms:assetid: 'b13af0f4-f0a1-4cc5-b940-20be546c1179'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb963902(v=MSDN.10)'
-ms.date: 06/28/2019
+ms.date: 06/15/2020
 ---
 
-Autoruns for Windows v13.96
+Autoruns for Windows v13.98
 ===========================
 
 **By Mark Russinovich**
 
-Published: June 28, 2019
+Published: June 15, 2020
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Autoruns.zip) [**Download Autoruns and Autorunsc**](https://download.sysinternals.com/files/Autoruns.zip) **(1.6 MB)**  
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Autoruns.zip) [**Download Autoruns and Autorunsc**](https://download.sysinternals.com/files/Autoruns.zip) **(2.5 MB)**  
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/autoruns.exe).
 
 ## Introduction
@@ -136,5 +136,5 @@ Autorunsc is the command-line version of Autoruns. Its usage syntax is:
 
 ## Download
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Autoruns.zip) [**Download Autoruns and Autorunsc**](https://download.sysinternals.com/files/Autoruns.zip) **(1.6 MB)**  
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Autoruns.zip) [**Download Autoruns and Autorunsc**](https://download.sysinternals.com/files/Autoruns.zip) **(2.5 MB)**  
 **Run now** from [Sysinternals Live](https://live.sysinternals.com/autoruns.exe).

sysinternals/downloads/sigcheck.md

@@ -4,17 +4,17 @@ title: Sigcheck
 description: Dump file version information and verify that images on your system are digitally signed.
 ms:assetid: 'fe633cd0-b369-4ca5-a9ae-c64e2d52acac'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb897441(v=MSDN.10)'
-ms.date: 05/22/2017
+ms.date: 06/15/2020
 ---
 
-Sigcheck v2.73
+Sigcheck v2.80
 ==============
 
 **By Mark Russinovich**
 
-Published: September 05, 2019
+Published: June 15, 2020
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sigcheck.zip) [**Download Sigcheck**](https://download.sysinternals.com/files/Sigcheck.zip) **(799 KB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sigcheck.zip) [**Download Sigcheck**](https://download.sysinternals.com/files/Sigcheck.zip) **(809 KB)**
 
 
 ## Introduction
@@ -54,6 +54,7 @@ name|\*>**
 |  **-o**      |       Performs Virus Total lookups of hashes captured in a CSV file previously captured by Sigcheck when using the -h option. This usage is intended for scans of offline systems.|
 |  **-nobanner**      |       Quiet (no banner)|
 |  **-r**      |       Disable check for certificate revocation|
+|  **-p**      |       Verify signatures against the specified policy, represented by its GUID.|
 |  **-s**      |       Recurse subdirectories|
 |  **-t\[u\]\[v\]** |  Dump contents of specified certificate store ('\*' for all stores).<br />Specify -tu to query the user store (machine store is the default).<br />Append '-v' to have Sigcheck download the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list. If the site is not accessible, authrootstl.cab or authroot.stl in the current directory are used instead, if present.|
 |  **-u**      |       If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files.|
@@ -67,7 +68,7 @@ One way to use the tool is to check for unsigned files in your
 
 You should investigate the purpose of any files that are not signed.  
 
-[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sigcheck.zip) [**Download Sigcheck**](https://download.sysinternals.com/files/Sigcheck.zip) **(799 KB)**
+[![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sigcheck.zip) [**Download Sigcheck**](https://download.sysinternals.com/files/Sigcheck.zip) **(809 KB)**
 
 **Runs on:**
 

sysinternals/downloads/sysinternals-suite.md

@@ -4,19 +4,19 @@ title: Sysinternals Suite
 description: The Windows Sysinternals troubleshooting Utilities have been rolled up into a single suite of tools.
 ms:assetid: '0e18b180-9b7a-4c49-8120-c47c5a693683' 
 ms:mtpsurl: 'https://technet.microsoft.com/Bb842062(v=MSDN.10)' 
-ms.date: 04/28/2019
+ms.date: 06/15/2020
 ---
 
 Sysinternals Suite
 ==================
 
 
 **By Mark Russinovich**  
-Updated: April 28, 2020
+Updated: June 15, 2020
 
-[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (29.4 MB)
+[**Download Sysinternals Suite**](https://download.sysinternals.com/files/SysinternalsSuite.zip) (29.7 MB)
 [**Download Sysinternals Suite for Nano Server**](https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip) (5.4 MB)
-[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (164 KB)
+[**Download Sysinternals Suite for ARM64**](https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip) (1.1 MB)
 
 ## Introduction
 The Sysinternals Troubleshooting Utilities have been rolled up into a

sysinternals/downloads/sysmon.md

@@ -4,15 +4,15 @@ title: Sysmon
 description: Monitors and reports key system activity via the Windows event log.
 ms:assetid: 'f49b1cb3-c689-469e-ade0-6fa98d72f9d6'
 ms:mtpsurl: 'https://technet.microsoft.com/Dn798348(v=MSDN.10)'
-ms.date: 04/28/2020
+ms.date: 06/15/2020
 ---
 
-Sysmon v11.0
+Sysmon v11.10
 ===========
 
 **By Mark Russinovich and Thomas Garnier**
 
-Published: April 28, 2020
+Published: June 15, 2020
 
 [![Download](/media/landing/sysinternals/download_sm.png)](https://download.sysinternals.com/files/Sysmon.zip) [**Download Sysmon**](https://download.sysinternals.com/files/Sysmon.zip) **(1.7 MB)**
 
@@ -430,6 +430,7 @@ insensitive):
 |  **Condition**   | **Description** |
 |---------|---------|
 |  **is**          | Default, values are equals |
+|  **is any**      | The field is one of the ; delimited values |
 |  **is not**      | Values are different |
 |  **contains**    | The field contains this value |
 |  **contains any**  | The field contains any of the ; delimited values |

sysinternals/index.md

@@ -4,7 +4,7 @@ title:  Windows Sysinternals | Microsoft Docs
 description: Library, learning resources, downloads, support, and community. Evaluate and find out how to install, deploy, and maintain Windows with Sysinternals utilities.
 ms:assetid: '2b0d74e3-5962-455a-b35a-248979737b61'
 ms:mtpsurl: 'https://technet.microsoft.com/Bb545021(v=MSDN.10)'
-ms.date: 04/29/2020
+ms.date: 06/15/2020
 ---
 
 # ![Windows icon](/media/landing/sysinternals/Windows_logo_46x50px.png) Windows Sysinternals
@@ -25,6 +25,14 @@ You can view the entire Sysinternals Live tools directory in a browser at [https
 
 ## What's New [![RSS](/media/landing/sysinternals/rss.gif)](https://blogs.technet.microsoft.com/sysinternals/feed/) ##
 
+### What's New (June 15, 2020) ###
+  - [Sysmon v11.10](~/downloads/sysmon.md)  
+This update to Sysmon logs stream content for alternate data streams, introduces the `is-any` filter condition and includes a number of important bugfixes. 
+
+  - [Sigcheck v2.80](~/downloads/sigcheck.md)  
+This update introduces the -p option for specifying a trust GUID along with some minor bugfixes.
+
+
 ### What's New (April 28, 2020) ###
   - [Sysmon v11.0](~/downloads/sysmon.md)  
 This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.