Microsoft Updates the Venerable SysInternal
-
Mark Russinovich's baby has its latest update this week: http://windowsitpro.com/windows/sysinternals-updates-now-available-sysmon-accesschk-and-ru
Sysmon (now at full version 2.0) – Used as a security tool for detection and analysis, version 2.0 now provides these capabilities:
- Driver load and image load events with signature information
- Configurable hashing algorithm reporting
- Flexible filters for including and excluding events
- Support for supplying configuration via a configuration file instead of the command line
AccessChk (now at version 5.21) – Used to query and display Windows object permissions for things like registry keys, files, services and more, version 5.21 brings:
- Reporting permissions as SDDL strings
- New process permission types
- A fix for a bug with showing process security descriptors
RU (now at version 1.1) – Version 1.1 of RU gets a couple minor but useful feature updates:
- Supports loading hive files
- Reports last write timestamp in CSV output
-
Cool, nice to see those getting regular updates still.
-
For sure. This was one product set that people really feared that Microsoft would discontinue but they really stood by these products and have supported them well.
-
Nabbing a copy right now
-
Thanks for the share
