Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
1 answer
One of the answers was accepted by the question author.
RDCMan 2.8 crashes when using Connect Group
Nice to see RDCMan getting some love again! Unfortunately I run into an unhandled exception when using "Connect group": System.NullReferenceException: De objectverwijzing is niet op een exemplaar van een object ingesteld. bij…
Sysinternals
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 25%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EX%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
new PROCEXP causes 'netsh trace' to stop running SystemTrace?
I downloaded your new code (16.42), but found a problem with it. I always use 'netsh trace' for all Web connections. For some reason, whenever I run this new PROCEXP, 'netsh trace' on Win7 will NOT capture the 'system trace' information at the…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 88%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
0 answers
Can the command line version of TCPView (tcpvcon) be updated to output ports ?
As the title says, can the command line version of tcpview be updated to output the local and remote ports?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 43%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
0 answers
Sysinternals VMMAP cannot load some MMP files
Trying to debug a problem on a remote machine, I have saved an mmp file and cannot load it. The file will not even load on the machine that generated it. "The specified file does not have a valid VMMap format" At first I thought it was a…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Displayed version has not been updated in the latest Sysmon v13.22
Is it only me or the latest released Sysmon binary still displays the old version during installation?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
3 answers
One of the answers was accepted by the question author.
Unable to login to Windows 10
I have Windows 10 Enterprise which is workgroup machine. I have only one local user account in it. I use this local account to login to the system. I don't use Microsoft Account for login. After few weeks, when i try to login it doesn't accept the…
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-21T03:41:53.877+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 30%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Sabarish Natarajan
456
Reputation points
accepted 2021-06-23T13:45:02.817+00:00
Sabarish Natarajan
456
Reputation points
0 answers
What is the disk space limit for FileDelete event archiving?
While playing around with Sysmon I noticed that one of my deleted files weren't archived due to insufficient disk space on one of my machines. This is a sample FileDelete event (EID 23): File Delete archived: RuleName: FileDelete - Files in…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 60%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
3 answers
One of the answers was accepted by the question author.
Certain rule combinations seems to prevent logging of Sysmon events
I'm trying to verify my Sysmon-configuration with small test cases inspired by Atomic Red Team. When checking my test cases for Mshta (Mitre Att&ck T1218.005) I noticed that certain combinations of rules seems to prevent logging of Sysmon…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
0 answers
Is it a bug in Autoruns that if file "c:\Program" exists some .lnk paths in Autoruns are shown as broken?
Hi. I've found a possible bug in Autoruns. If there's a file named "Program" in C:\ then all the .lnk autorun entries in StartUp folders that point to %ProgramFiles(x86)% or %ProgramFiles% will show broken paths. Should it be reported…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-22T08:56:54.293+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 8%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Dzmitry Drazdou
1
Reputation point
asked 2021-06-22T08:56:54.293+00:00
Dzmitry Drazdou
1
Reputation point
0 answers
bginfo stops showing after refreshing it
Hi We use bginfo on all windows server OS since years. On Windows 2012 (not R2) the refreshing bginfo information with the following command: "C:\Program Files\BgInfo\bginfo.exe" "C:\Program Files\BgInfo\w2012.bgi" /Timer:0…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-22T06:34:48.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 10%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Reto Gloor
6
Reputation points
asked 2021-06-22T06:34:48.3+00:00
Reto Gloor
6
Reputation points
0 answers
du fails with "not a valid application for this OS platform"
the strange thing is, it was working fine a short time ago. Maybe a Win 10 update broke it. https://learn.microsoft.com/en-us/sysinternals/downloads/du .\du.exe Program 'du.exe' failed to run: The specified executable is not a valid…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-22T05:32:14.977+00:00
john weiss
26
Reputation points
asked 2021-06-22T05:32:14.977+00:00
john weiss
26
Reputation points
0 answers
Procmon v3.82 does not allow keyboard shortcuts in the dialog boxes
Procmon v3.82 does not allow keyboard shortcuts in the dialog boxes. When in any of the dialog boxes, such as Event Properties, Process Monitor Filter, keyboard shortcuts seem to go to the main window. For example, using Ctrl-C copies text from the…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-15T21:35:43.707+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 27%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
Michail Frolov
16
Reputation points
commented 2021-06-21T11:54:12.877+00:00
Samuel Leslie
1
Reputation point
0 answers
Process Explorer shows incorrect Autostart Location
Using Sysinternals Process Explorer (procexp.exe / procexp64.exe) version 16.42, when opening the properties of a service host process (svchost.exe) running a specific service or service host group (in my case, netsvcs), the Autostart Location on the…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-19T07:32:08.673+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 62%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBN%3C/text%3E%3C/svg%3E)
Beat Nideröst
96
Reputation points
asked 2021-06-19T07:32:08.673+00:00
Beat Nideröst
96
Reputation points
0 answers
Detecting ScareCrow and the like...
In reading FireEye's recent blog on "Smoking out a DARKSIDE affiliate's supply chain software compromise" I followed the thread to one of the noted frameworks, ScareCrow. See github - optiv/ScareCrow . In reviewing process hollowing and…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-17T13:56:42.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 28.000000000000004%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
CuriousHunter
1
Reputation point
asked 2021-06-17T13:56:42.75+00:00
CuriousHunter
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Process Explorer (Filter Processes...)
what exactly does Find --> Filter Processes do? i click on the menu item expecting to see some sort of dialog box where i can include/exclude processes that are displayed. i get nothing happening? anybody have this working? thanks!!
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 57.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
1 answer
Procmon v3.82 will not add a filter when using context menu | Include | <any menu item>
Procmon v3.82 will not add a filter when using context menu | Include | <any menu item> Where <any menu item> is any of the available menu options such as Path.
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-15T16:43:11.007+00:00
Michail Frolov
16
Reputation points
answered 2021-06-16T04:16:59.897+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 55.00000000000001%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Rusty Russell
1
Reputation point
1 answer
Autoruns virus total shows MOST microsoft files as NOT SIGNED on BOTH my computers (EXTREMELY desperate for help)
Notice the strange differences in verification? From Microsoft corp To (verified) To Microsoft Windows (verified) And then the files that DO have valid signatures according to virus total all display MICROSOFT CORPORATIONS (verified)…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 48%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI3%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Sysmon help: I’m unable to filter on EID 13, data name ‘Details’
Seems I’m able to log ‘Details’ with an exclude nothing/include everything but can’t filter what I log. Keep getting a config update error of: “Element ‘Details’ is unexpected according to content model of parent element ‘RegistryEvent’.” Am I…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-03-25T18:03:01.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
McGahan, Timothy@CIO
86
Reputation points
commented 2021-06-14T18:39:11.197+00:00
McGahan, Timothy@CIO
86
Reputation points
0 answers
[Small nitpick bug] Dump files for processes that have multiple dots in name have wrong suggested name
The dump files I'm talking about are the ones created by Right Click -> Create Dump. The suggested name for the dump files is usually the prefix + ".dmp", eg: procexp64.dmp But if the program has multiple dots in it's name, for example:…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-06-13T23:26:12.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 4%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES8%3C/text%3E%3C/svg%3E)
Susko3-8488
1
Reputation point
asked 2021-06-13T23:26:12.7+00:00
Susko3-8488
1
Reputation point
1 answer
Autoruns 13.100 "Publisher" field bugged (resulting in broken MS/Windows filtering)
Most, but not all, entries show up with the publisher as "(Verified) ", i.e. it just says "Verified" and nothing after it, normally it would say something like "(Verified) Microsoft Corporation". Comparing to a saved file…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,261 questions
asked 2021-05-02T07:07:48.337+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 23%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Winkelmann
16
Reputation points
answered 2021-06-13T21:24:45.767+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 19%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEF%3C/text%3E%3C/svg%3E)
Eric Friesen
1
Reputation point