Windows Sysinternals Suite - Update: Process Explorer 16.20, Sysmon 5.0, Procdump 8.2 and LiveKd 5.6

Microsoft has released an update version (November 18, 2016) of Windows Sysinternals Suite. This new release contains an updated version of Process Explorer 16.20, Sysmon 5.0, Procdump 8.2 and LiveKd 5.6.

Overview
The Windows Sysinternals troubleshooting utilities have been rolled up into a single suite of tools. These utilities can help you to manage, troubleshoot and diagnose your Windows systems and applications. Each file contains the individual troubleshooting tools and help files.

Note: Windows Sysinternals does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

What's new in this version?
Windows Sysinternals Suite (Build November 18, 2016) contains following updates:

Sysmon 5.0
Version 5.0 is the major update to Sysmon, a background monitor that records activity to the event log for use in security incident detection and forensics, introduces file create and registry modification logging. These event types make it possible to configure filters that capture updates to critical system configuration as well as changes to autostart entry points used by malware.

Process Explorer 16.20
This release of Process Explorer, a powerful process management and diagnostic utility, adds reporting of process Control Flow Guard (CFG) status and dynamically updates to reflect changes to process Data Execution Prevention (DEP) configuration.

Procdump 8.2
Procdump, a command-line utility that generates process dumps on demand or based on triggers that include memory, CPU, exception and performance counter thresholds, adds a -kill option that terminates a process after its dump completes rather than allowing an exception to pass to Windows Error Reporting (WER), and a -wer switch to copy dumps to the WER queue.

LiveKd 5.6
LiveKd, a tool that enables interactive kernel debugger analysis of a live system or virtual machine, includes a batch-mode option designed for scripted analysis that omits the prompt to re-execute LiveKD after a debugger session terminates.

Download Windows Sysinternals Suite
Windows Sysinternals Suite is available for download from following website:

Sysinternals for Nano Server
Over 40 of the Sysinternals tools now support Nano Server. The Nano versions are also compatible with 64-bit Windows and have “64.exe” as their suffix in the download files. You can download the full set of Sysinternals Nano Server Suite from the Sysinternals suite page

Sysinternals Live:
Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/[toolname] or \\live.sysinternals.com\tools\[toolname].

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

Reference:
Windows Sysinternals

No comments: