rdcman Failed to decrypt using
Hi people! I love RDCMAN, but suddenly I'm having a lot of Failed to decrypt using when launched it. Can this be fixed?
How do you stop Sysmon64.exe so that the program can be uninstalled / upgraded
We have an issue with Sysmon 15.12 causing Windows Server 2022 VM's (ESX 7) to unexpectedly reboot. Microsoft Unified Support informed us to upgrade to Sysmon 15.14 however I am unable to stop the service despite having highest priveledges. What is the…
BGInfo native ARM64
Just wondering if BGInfo will be ported to be a native ARM version to support upcoming hardware?
Zoomit - Magnification 1.0
Zoomit is very useful but I would like to draw on snips (rectangles, lines, etc). I found a workaround which is zoom first Ctrl+1, draw, then snip Ctrl+6. The only thing is that there is no way to zoom with 1.0 magnification because I just want a…
mstsc works but RDCman doesnt
Hi all, I'd like to use RDCMan again after seeing this is being maintained again. I can remote onto a server using MSTSC without a problem but as soon as the same server connection is attempted via RDCMan it cannot be connected to. It's 2022 DC OS, with…
Process explorer systray / taskbar / tray icons lost on explorer.exe (shell) restart
If you use the process explorer graphs in your systray when explorer restarts all systray icons for process explorer are lost. Has been this way for quite awhile (probably ever? at least years?). It is a bit annoying as you must also kill the old one…
how to get the loaded assemblies of a process programatically
Reference to this old question : https://stackoverflow.com/questions/36431220/getting-a-list-of-dlls-currently-loaded-in-a-process-c-sharp I am writing a security application where we are monitoring our in house developed software (EPD) which is composed…
Bug in the latest RAMMAP version (v1.61)
There is a bug in RAMMAP v1.61. This bug doesn't crash the program. But it's VERY annoying and needs to be fixed in the next version of RAMMAP. Start the program and open the "Processes" tab. Then you'll see that the program will only displays…
Is sdbinst.exe malware if it is using options not listed in MS documentation?
I am using Sysmon and sending the logs to Wazuh for threat detection. It shows a level 12 event that pertains to sdbinst.exe. The event data command line was C:\WINDOWS\System32\sdbinst.exe -m -bg but according to MS documentation the options used by…
How do I hide "Filter by name" in "Process Explorer"
Maybe 6-8 months back, I noticed that a field called "Filter by name" appeared near the upper right corner of the main Process Explorer window. Considering what I use ProcExp for, I rarely need this field to be visible. From what I understand,…
psinfo reports incorrect information about physical memory
I'd like to raise again the bug that exists in psinfo v1.78 (published on June 29, 2016). As reported in a post on the archived forums psinfo (both 32-bit and 64-bit version) reports incorrect information about physical memory above 4 GB. It's quite…
Can Process Monitor watch for DCOM issues?
I was wondering if there was a way to have Process Monitor watch for DCOM issues, like Access Denied. I am asking because I was trying to diagnose an issue with a web service, and eventually discovered that it was a DCOM issue, but unfortunately, the…
Black screen when running an application remotely with PSExec
I'm going to run notepad remotely using PSExec with its interactive option as below but the notepad console appears with a black screen: PSExec -i -d \RemoteComputer notepad.exe And the following runs it in the background as SYSTEM and console doesn't…
How to fix PsExeSvc.exe %1 není platná aplikace typu Win32. XPe SP3
Please help me howto run psexesvc service. Old psexe.exe works, but display console on host PC.
Can we discriminate the actual reason for the behiavour of defragmentation?
Given that in this deployment history (and previous ones), storage disks analyze much more easily the fragmentation even when heavier with data than the system disk, Is it only the system disk that requires this effort or, like it is reported in…
Disk2VHD not starting
Hello forum, I downloaded disk2vhd from the official site. When I start disk2vhd64.exe as admin, I get the dialog to allow making changes to the hard drive, but afterwards nothing happens. Starting disk2vhd.exe results in "Error…
Bginfo and virtual computing
I'm having lots of network adapters show up, and "(null)"s in the related IP address, subnet mask, DHCP Server, etc. fields. I've already done the 'custom variable' thing with the test for IPEnabled=True, but these adapters may be 'real' in…
Request for option to carry process creation detail fields into other Sysmon event types
In Sysmon "Process Create" events, the details are invaluable, but many times I have wished that at least key process creation details like CommandLine, ParentImage, ParentCommandLine, and Hashes, could be carried over to other event types that…
Can the tool 'streams.exe' regard "Scan inside symbolic links" as an optional parameter?
I tried to use the command "streams64.exe -s -d" or "streams.exe -s -d" in Administrator access in the user folder "C:\Users\<username>", However, here is a symbolic link…
Zoomit64 LiveZoom (Ctrl+4) displays a blank, black screen on a Dell XPS 17 9730.
On a Windows 11 23H2 22631.3593. Intel i7-3700H 2.40 GHz laptop, Zoomit64 Live Zoom displays a black screen. Displays are 2 x BenQ 27" monitors via Intel Iris Xe graphics and NVIDIA GeForce RTX 4050 laptop GPU. Connections are via digital DVI.