17th February 2017 By Mike Williams
Microsoft Sysinternals has shipped Sysmon 6.0, a powerful system monitor for Windows.
The new release can log processes which are accessing other processes, a simple way to detect automated Mimikatz-like credential dumping.
Sysmon logs Registry object creates, deletes, value sets and renames, and these all now use "friendly" key names for improved readability.
New named pipe events ("Pipe Created" and "Pipe Connected") may help you spot communications between separate malware processes.
Sysmon configuration changes are now logged as a separate event, making it much more difficult for anyone or anything else to secretly change your setup.
Full Article
Sysinternals unveils Sysmon 6.0
+52Update: Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21
https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor-v3-32-process-explorer-v16-2-livekd-v5-61-and-bginfo-v4-21/
https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v6-autoruns-v13-7-accesschk-v6-1-process-monitor-v3-32-process-explorer-v16-2-livekd-v5-61-and-bginfo-v4-21/
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Just run the Sysinternals Updater app periodically and you will always be up to date with the greatest & best from Mark Williams & the Team. ;)
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
+52PortableApps Portable
Process Explorer
https://sourceforge.net/projects/portableapps/files/Process%20Explorer%20Portable/ProcessExplorerPortable_16.20_Rev_2_online.paf.exe/download
Process Monitor
https://sourceforge.net/projects/portableapps/files/Process%20Monitor%20Portable/ProcessMonitorPortable_3.32_online.paf.exe/download
Autoruns
https://sourceforge.net/projects/portableapps/files/Autoruns%20Portable/AutorunsPortable_13.7_English_online.paf.exe/download
Process Explorer
https://sourceforge.net/projects/portableapps/files/Process%20Explorer%20Portable/ProcessExplorerPortable_16.20_Rev_2_online.paf.exe/download
Process Monitor
https://sourceforge.net/projects/portableapps/files/Process%20Monitor%20Portable/ProcessMonitorPortable_3.32_online.paf.exe/download
Autoruns
https://sourceforge.net/projects/portableapps/files/Autoruns%20Portable/AutorunsPortable_13.7_English_online.paf.exe/download
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Indeed...but if you run the Sysinternals Updater even with the ZIP version of the Sysinternal Portable version it will update the portable version...so personally I find that a more satisfactory way pf making sure that I have the latest & the best from Sysinternals. ;)
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.