See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sysinternals Site Discussion
mark Russinovich live
sysinternals administrator's reference
TechEd North America
Zero Day Malware Cleaning
Browse by Tags
Sysinternals Site Discussion
Updates: Autoruns v12.02, Coreinfo v3.31, Sysmon v1.01, Whois v1.12
Autoruns v12.02 : This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead of UTC. Coreinfo v3.31 : This update fixes...
19 Aug 2014
New: Sysmon v1.0; Updates: Autoruns v12.01, Coreinfo v3.3, Procexp v16.03
Sysmon v1.0 : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems...
8 Aug 2014
Updates: Autoruns v12.0, Procdump v7.0
Autoruns v12.0 : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. Procdump v7.0 : Procdump, a utility for capturing...
13 May 2014
Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32 : This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected. Process Explorer v15.21 : This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented...
28 Jun 2012
Updates: Autoruns v11.5, Du (Disk Usage) v1.5, Procdump v5.14, Procmon v3.04, Ru (Registry Usage) v1.0
Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved...
27 Mar 2013
Updates: Process Monitor v2.95, TCPView v3.04, Autoruns v10.07, and a new blog post and webcast from Mark.
Process Monitor v2.95 : This update to Process Monitor reports the write-through flag on file I/O, shows DLL version information on the process page of the event properties dialog, automatically launches the correct version of Process Monitor to match the bitness (32 or 64) of a logfile, and fixes several...
13 Apr 2011
Updates: Autoruns v9.31; A new blog post from Mark and blog post from Solution Accelerators on using AccessChk
Autoruns v9.31: This release fixes a bug displaying missing images that reference paths with spaces, adds support for Sidebar Gadgets on 64-bit Windows, and correctly handles 64-bit paths that reference the program files directory. Mark's Blog: Pushing the Limits of Windows: Physical Memory - Mark...
22 Jul 2008
Updates: TCPView v3.0, Autoruns v10.02, ProcDump v1.81, Disk2vhd v1.61
TCPView v3.0: This major update to TCPView, a TCP/UDP endpoint viewing utility, adds endpoint send and receive statistics by leveraging ETW when TCPView is run with administrative rights. It also breaks ports and addresses into separate columns. Autoruns v10.02: This update fixes a bug in Autorunsc...
22 Jul 2010
Updates: Process Monitor v2.03, Autoruns v9.36, Disk Usage v1.33, Process Explorer v11.31
Process Monitor v2.03: This update to Process Monitor, a real-time file, registry, process and network monitor, adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows...
11 Dec 2008
New Tool: ProcDump v1.0 | Updates: Autoruns v9.51, VMMap v2.1, PsExec v1.96 | Book released: Windows Internals 5th Edition Released!| Webcast: Case of the Unexplained 2009
Windows Internals 5th Edition Released! The 5 th Edition of Windows Internals , the official book on the architecture and internals of the Windows operating system, is now available. This release is 25% larger than the 4 th Edition and is updated to cover Windows Vista and Windows Server 2008. Visit...
1 Jul 2009
New Tool: Desktops v1.0; Updates: Autoruns v9.33
Desktops v1.0: This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what's on each desktop and easily switch between them. Autoruns v9.33: This Autoruns update adds command-line options for automatically scanning and exporting scan results...
22 Aug 2008
Update: Autoruns v10.01
Autoruns v10.01: This fixes a bug in the Registry jump-to function for HKCU registry paths.
14 Jun 2010
Updates: Autoruns v9.32
Autoruns v9.32: This fixes a 32-bit parsing bug introduced in the v9.31 update.
25 Jul 2008
Updates: Autoruns v 11.3, LiveKd v 5.2, Strings v 2.5 and Trojan Horse, Mark's sequel to Zero Day, available for pre-order
Autoruns v11.3 : This update to Autoruns, a utility that shows the executables, drivers, and DLLs configured to autostart, adds several new autostart locations, sets a file association for its log file extension, reports the target of Rundll32 and other host executables, and fixes several bugs. LiveKd...
14 May 2012
Updates: Autoruns v11.31, DebugView 4.79
Autoruns v11.31 : This fixes a bug that caused Autoruns to not automatically refresh when relaunched from the “Run as Administrator” menu option. DebugView 4.79 : This update fixes an incompatibility with Windows XP 32-bit that was introduced in the v4.78 release.
24 May 2012
Updates: Process Explorer v14.01, Autoruns v10.05
Process Explorer v14.01: This update fixes a bug related to the DLL view and adds a tab to the new system information dialog, Summary, that displays all the performance graphs together. Autoruns v10.05: This Autoruns update adds ActiveSync autostart locations, fixes a bug in that prevented offline...
23 Nov 2010
Updates: ZoomIt v3.0, Process Explorer v11.32, Autoruns v9.38
ZoomIt v3.0: This major update to ZoomIt, the Sysinternals screen magnification and annotation utility, adds a LiveZoom mode on Windows Vista and higher, allows you to change the typing and break timer font, adds the ability to copy the magnified screen to the clipboard with Ctrl+C, and introduces a...
12 Jan 2009
Updates: Autoruns v9.53, ProcDump v1.3, Process Monitor v2.6 | New Mark's Blog post: The Case of the Temporary Registry Profiles | Download Windows Internals 5 sample chapter
Mark’s Blog: The Case of the Temporary Registry Profiles : In the latest post in Mark’s “Case of the Unexplained” series, he documents a perplexing case affecting many Microsoft and Citrix customers that Microsoft Customer Support Services solved with the use of Process Monitor’s boot logging and stack...
13 Aug 2009
Updates: Autoruns v11.6, Procexp v15.31, Procmon v3.05, Sigcheck v1.92
Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output. Sigcheck v1.92 : Sigcheck is a command...
4 Jun 2013
Updates: Autoruns v9.37, AccessChk v4.23
Autoruns v9.37: This update adds support for viewing the Local System account's profile and adds a new option, Hide Microsoft and Windows Entries. AccessChk v4.23: Changes the behavior of object manager name parsing to make enumerating the objects in an object manager directory more straight forward...
20 Dec 2008
Update: Autoruns v10.06
Autoruns v10.06: This release fixes a bug that could affect delete and disable operations on entries stored as multisz registry values.
29 Nov 2010
Updates: Autoruns v9.56
Autoruns v9.56: This update enables Autoruns to view registry entries that have permissions only allowing the System account access and fixes a bug that caused some rundll32-hosted entries to not display correctly.
13 Oct 2009
Updates: Autoruns v10, Process Explorer v12.04, Sigcheck v1.7, ProcDump v1.8 and a new Case of the Unexplained
Mark’s Blog: The Case of the Unexplained IE Crash - Mark goes on a detective hunt to find out the likely culprit of an IE crash he recently experienced. In the post, he shows how to find which process out of multiple running the same executable crashed and how to get additional information from...
8 Jun 2010
Updates: Mark's TechEd Sessions, Autoruns v11.61, Strings v2.52, ZoomIt v4.5
Mark’s TechEd Sessions Available On-Demand : Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation...
20 Jun 2013
Updates: Autoruns v9.41
Autoruns v9.41: This release fixes a bug with the hide-Microsoft images options when the signature verification option is enabled.
7 Apr 2009
© 2014 Microsoft Corporation.
Privacy & Cookies