Software Update: Sysinternals Suite 2016-01-05

Microsoft has released a new version of the Sysinternals Suite, with the date as the version number. This package is a collection of useful tools for managing systems and obtaining comprehensive information about the computer. In this way, all kinds of problems can be detected and solved.

The individual tools are developed by Mark Russinovich and Bryce Cogswell, initially for Sysinternals and since 2006 for Microsoft. Some examples are Process Explorer, Bginfo, contig and disk mon. In total it concerns a collection of 69 different tools. By the way, the latest versions of the individual programs can also be here are being found. Since the previous edition, the following parts of the Suite have been updated:

Sign check v2.4
This update to Sigcheck, a powerful command-line utility that reports image file and signing information, as well as information on certificates, now has an option that will report any certificates installed on the system that do not chain to one of the certificates in the Microsoft certificate trust list (CTL). It also adds the ability to take image information captured from Sigcheck on a system disconnected from the Internet and obtain VirusTotal status from one that’s connected.

Sysmon v3.2
This release of Sysmon, a background service that logs security-relevant process and network activity to the Windows event log, now has the option of logging raw disk and volume accesses, operations commonly performed by malicious toolkits to read information by bypassing higher-level security features. Thanks to David Magnotti for the contribution.

Process Explorer v16.1
Process Explorer now includes a column in the handle view that reports the text version of handle access masks, as well as several bug fixes including one that would result in the suspension of .NET threads when viewed via the stack dialog.

Autoruns v13.51
This release of Autoruns, a comprehensive autostart entry manager, fixes a WMI command-line parsing bug, emits a UNICODE BOM in the file generated when saving results to a text file, and adds back the ability to selectively verify the signing status of individual entries .

AccessChk v6.01
This release of AccessChk, a command-line utility that reports effective and actual access for many different object types including files, registry keys, and services, now handles accounts with long names, fixes a bug that prevented reporting of kernel object accesses when run elevated , and fixes the inadvertent creation of a registry key when querying a non-existent key.