Feature Request -- context menu for Process Explorer Search
I would like to see the same context menu in the search dialog of "Find Handle or DLL" dialog as in the main window to be able to directly kill a process without searching the process in the main window.
Sysmon network rules problem
Sysmon version: 13.01 Schema version: 4.50 I added this rule: <DestinationHostname condition="is any">"Array of server's FQDNs"</DestinationHostname> After adding the rule, sysmon stopped recording network events…
Sysmon High Memory Usage..Windows 2019 Server
Noticed, even with latest sysmon there is a memory leak. Memory keeps on increasing. 100mb in 6 hours since restart. Busier servers seem to increase the memory quicker. Over a week or so goes up over 1gb. 1 server over 30 days went to 4gb memory…
The Peak Handles value shows the same value as Handles
The Peak Handles value within the Handles group on the Performance tab (process properties) appears to show the same value as Handles. i.e. its value drops as well as increases, when I would expect the peak value to only increase. This is observable with…
BGinfo "Network Card" internal string name; what is it?
I an trying to display BGinfo's Network Card name without some extraneous information that is on the end of the Network Card description that BGinfo displays. The problem is that I don't know what the string name BGinfo uses for "Network…
Bug in psexec 2.32 still - remote access doesn't work (e.g. psexec \\remotecomputer -h -u administrator -p password cmd.exe )
Remote access in psexec 2.32 doesn't work, please fix e.g. psexec \remotecomputer -h -u administrator -p password cmd.exe Which worked in psexec 2.20 and earlier, no longer works in 2.32. Works fine when I revert to 2.20 and earlier. But not with 2.32.…
portmon - instant crash on Windows XP (32-bit)
It's not running from a network drive and the user is an administrator. How can I diagnose/fix?
MSI installer for Sysmon?
I'd like to put in a feature request to have a MSI installer for Sysmon (and the related services). This would allow integration with normal package managers and desired state tools (e.g. Puppet), without having to create wrappers to handle the Sysmon…
Structure of process GUIDs used in Sysmon ETW events
Back in July 2018, Matt Graeber figured out the structure of the process GUID used in Sysmon events and published a PowerShell script to decode them. Since then however it seems that the structure has changed. If mmmmmmmm-tttt-tttt-cccc-ccccwwwwwwww is…
BGInfo not recognising AMD CPU
When I use BGInfo v4.28 to display the CPU on my Windows Server 2019 Hyper-V VM, it shows as "Unknown Family" but is showing correctly in system information: Can this be added in a future release? It's been like this since way before…
run psexec on remote pc
Hi I have a pc with a static ip address that has been moved to a site using DHCP. Can psexec be used to connect to it when the pc is connected to the network of a DHCP site when the pc has a static IP address. I guess not. I was just wanting to…
Explorer.exe constantly consumes CPU around 20% just after recent Windows Update
This issue has just started after recent Windows Update yesterday. No running application on my Windows 10. I had never seen it ever. How could I resolve this issue? This issue continues more than 30 hours. Windows 10 Home Version: 2004 …
Is there a way to see which dll created a specifc .txt file in a specific location?
I'm new to SysInternals and I have a text file being created and I'm not sure which .exe or .dll is creating the .txt file. Which SysInternal tool would be best for this? If it's Procmon, how would I filter it to find it? Does the process…
Sysmon 11.10 - force uninstall causes system reboot
We were having severe memory issues on multiple production servers running version 11.10. These systems are running Server 2016. We have since halted Sysmon use and were trying to move to a newer version, 12.03. When we attempted the uninstall on one of…
Sysmon 13.0 Config (System Error 1067)
Is Sysmon 13.0 backwards compatible with older configs ? Using SwiftOnSecurity's config with Sysmon 13.0 yields an error when trying to start the Sysmon64 service. No errors about the config are thrown when installing Sysmon 13.0, however upon trying to…
Sysmon 12.03 and Sysmon 13.00: RuleEngine Error: Multiple rule filters of the same type
Hello, Since Sysmon 12.03 we have the issue, that the config file can't be parsed by Sysmon 12.03. Even with the latest version 13.00 this issue still exists. The same config file is parseable with Sysmon 12.01.
Too Long Shutdown - kernal power event 43 to 107 takes 1 minute
I have fast startup enabled. But Shutdown takes too long, around 90 seconds in Win 10
Bug: QueryDirectory results item 2 missing
Process Monitor records the directory listing for QueryDirectory but it skips item 2. I noticed this when I had a directory with two sub directories and the QueryDirectory record in Process Monitor only showed 1. To test this I made 3 sub directories…
How to add Safer path filter in process monitor
One of the experiments in Windows Internals requires that I add a a path filter for Safer in process monitor. I tried this but no events are displayed. How does one add a path filter for "Safer" ?
DU utility shows 'á' instead of separator
I am using WIndows 10 (v 10.0.19042) and when I run the DU utility it does not format the output correctly. The screenshot below shows the problem. I am using the system locale 1053 / sv-SE.