2 of Sysinternals tools are getting updates with some important changes. You know these utilities function for troubleshooting, managing, and diagnosing systems and applications.
The tools receiving the updates are Windows Sysmon v13.00 and Process Monitor v3.61. The new release of Sysmon carries some bug fixes and fixes for minor memory leaks. The release for Sysinternals has been out on 11 Jan 2021.
Windows Sysmon v13.00 and Process Monitor v3.61
Here is the changelog –
This Sysmon release adds a process image tampering event. The event will report when a process mapped image fails to match the on-disk image file, or the image file is locked for exclusive access. The indicators are triggered by process herpaderping and process hollowing. This update also includes multiple bug fixes, including fixes for minor memory leaks.
Process Monitor v3.61
This release to the Process Monitor includes monitoring for RegRestoreKey, RegSaveKey, RegLoadKey, and APIs, moreover, fixes a bug in the details output for some types of directory queries.
Download links –