The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. The Sysinternals Suite is a bundle of several Sysinternals Utilies like AccessChk, Autologon, Ctrl2Cap, DiskView, Disk Usage (DU), LogonSessions, PageDefrag, ProcessExplorer, PsLogList, PsPasswd, RegMon, RootkitRevealer, TCPView, VMMap, ZoomIt.
What's new in this version:
- Sigcheck 2.4 - a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the ability to take image information captured from Sigcheck on a system disconnected from the Internet and obtain VirusTotal status from one that’s connected.
- Sysmon 3.2 - a background service that logs security-relevant process and network activity to the Windows event log, now has the option of logging raw disk and volume accesses, operations commonly performed by malicious toolkits to read information by bypassing higher-level security features. Thanks to David Magnotti for the contribution.
- Process Explorer 16.1 - now includes a column in the handle view that reports the text version of handle access masks, as well as several bug fixes including one that would result in the suspension of .NET threads when viewed via the stack dialog.
- Autoruns 13.51 - This release of Autoruns, a comprehensive autostart entry manager, fixes a WMI command-line parsing bug, emits a UNICODE BOM in the file generated when saving results to a text file, and adds back the ability to selectively verify the signing status of individual entries.
- AccessChk 6.01 - This release of AccessChk, a command-line utility that reports effective and actual access for many different object types including files, registry keys, and services, now handles accounts with long names, fixes a bug that prevented reporting of kernel object accesses when run elevated, and fixes the inadvertent creation of a registry key when querying a non-existent key.