Category Archives: process monitor

Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92

Autoruns v11.6: Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points.  This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.

Sigcheck v1.92: Sigcheck is a command-line utility for reporting image version and signature information.  With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.

Process Explorer v15.31: Process Explorer is a powerful process management utility. This update fixes a bug with copying text from the process properties dialog and adds an option to disable the heatmap display in the process view.

Process Monitor v3.05: Process Monitor is a powerful file, registry, process, thread and network monitoring tool.  This update adds a context-menu entry that opens the filter edit dialog with contents prepopulated with the specified row and column value.

Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0

Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.

Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited.

ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified.

Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling.

Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.

Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3

Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.

Process Explorer v15.22: This release addresses a bug that caused Process Explorer to crash when viewing .NET thread stacks of 64-bit Windows XP and 64-bit Windows Server 2003.

Process Monitor v3.03: A bug that caused some symbols to not resolve in stack traces is fixed in this release.

RAMMap v1.21: This fixes a bug that causes RAMMap to sometimes report an error on 32-bit versions of Windows.

ZoomIt v4.3: This update to ZoomIt, a screen magnification and annotation utility, adds an option that enables you to configure it to automatically start when you login.

Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2

Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.

Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.

Process Monitor v3.02: This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.

PsKill v1.15: This fixes a bug in the remote kill functionality introduced  by the v1.14 update.

RAMMap v1.2: This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.