Windows Sysinternals

4 answers

A diversified value of a known host's error appears first in relation to sleep mode

In the event of engaging once the sleep mode after a long habitual absence, system fails consecutively to reach log-in screen and a reset is deemed inevitable to boot fresh; on performing afterwards AdvancedBoot (to fix mbr) it's too late to snipscreen…

asked

Claus Debanker 21

commented

Claus Debanker 21

0 answers

Is BGInfo compatible for both ARM64 and X64 platforms?

Hi, I am trying to leverage on BGInfo to set the desktop dynamically. Just want to check whether it is compatible for both ARM64 and X64 platforms as there seems no remarks indicating this. Thanks.

asked

Shawn Chen 0 Microsoft Employee

commented

Viorel 82,381

5 answers

ZoomIT Live zoom Missing Cursor after Windows 11 upgrade

Hi, I've never had any problem with ZoomIT before, but after Windows 11 upgrade the cursor is missing in Live Zoom mode which makes it very hard to navigate.. Anyone else have the same issue? Im running lates official build of Windows 11…

asked

Jesper Nilsson 51

answered

Josh Cahill 0

0 answers

Translation of the Process Monitor software interface

I want to translate the interface of the Process Monitor software I just need help knowing how to translate Thank you

asked

3148 0

1 answer

RDCMan Initialization error with incompatible mstscax.dll

We encountered Initialization error prompt with incompatible version of mstscax.dll, when we trying to start RDCman.exe (version 2.90) Have anybody manage to resolve the version incompatibility issue?

asked

NG, Chee Soon [CWS] 0

answered

NG, Chee Soon [CWS] 0

7 answers

Process Explorer - ProcExp152.sys Driver Flagged As Vulnerable

Hello- We are leveraging a new security solution in our environment that adds protection to our endpoints. The XDR solution has a rule that is detecting the driver ProcExp152.sys as being "vulnerable". I have asked our security vendor to…

asked

Marc Denman 26

commented

Dominic Erni 0

2 answers

Sysinternals: Autoruns missing entries?

I've encountered two apps that start with Windows even though they have no entries present/enabled in Autoruns: Foxit PDF Reader has a behavior where it will open on startup on the last PDF document you were looking at; this behavior cannot be disabled…

asked

Alexander Darino 0

edited an answer

Limitless Technology 8,871

1 answer

what is the alternative tool for PsExec

What is the impact for Application repackaging process without "PsExec.exe" tool. What is the alternative tool for PsExec.exe tool?

asked

Gangaraju, Srikanth 0

answered

MotoX80 23,491

4 answers

ZoomIt: how to get from Live Zoom Mode to drawing and back to Live Zoom seamlessly (plus: without losing mouse cursor)?

Maybe I am doing something wrong, but it seems as if it is not possible to get to drawing mode from Live View mode, stop drawing mode nad get back to Live View Mode directly. After the drawing I have to Zoom out and zoom into Live View Mode again,…

asked

Thomas Pöhler 6

edited a comment

martin 0

0 answers

In Process explorer the virus total links do not line up properly with the apps.

when clicking on the virus total column, it takes you to virus totals site, but the app show does not match the app in process explorer... tried pausing and restarting virus total, but does not solve this issue.

asked

Dave DaMaren 0

0 answers

ADExplorer crashes on Security Compare option

I'm using ADExplorer64 v 1.52. The option to compare snapshots works great but using the Compare Snapshot Security causes the program to crash. Anyone else see this?

asked

Czepiel, Michael 0

1 answer

Does VMMap support showing memory usage from a dump file

I have a full process memory dump file and I want to show memory usage information by VMMap. I know VMMap can show memory usage information very well of a live process. and I hope it can show this awesome information from a dump file too.

asked

wei liu 1

commented

wei liu 1

1 answer

Backup Process Explorer Column Sets

I know Process Explorer uses registry instead of files like a good portable app would and that the registry is at "HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer". I'm sick of setting up Columns sets for the billionth time so I'd…

asked

Dennis Bareis 1

answered

Xavier BEAUME 1

0 answers

[Bug report] proc list scroll suddenly freezes when scrolling by mouse wheel

When I try to scroll the process list with a mouse wheel, the scroll stops / sticks / freezes at the end of a single wheel move. Look at the screenshot: a hint on yellow background pops up under cursor (cursor is not visible on screenshot,…

asked

ka 1

3 answers

How to fix autoruns entry yellow highlighted?

Hello, I have windows 10 22h2 with autoruns. I also have the app downloaded from Microsoft Store Called Fluent Search. When i am running autoruns i found an entry on logon category highlighted yellow related with Fluent Search. I am…

asked

Hugo Plácido 1

answered

Hugo Plácido 1

0 answers

RDCMan: Not Using RemoteFX Codec

Does RDCMan support the RemoteFX (RFX) codec for RDP? When I connect to an Ubuntu server running xrdp, the latency between the time the mouse moves and the time the display updates is quite long. Other people report that the RemoteFX codec helps…

asked

Zian At FirstWatch 1

0 answers

Autoruns Command Line Tool - issue with output [-o] switch when querying all profiles

When using autorunsc.exe or autorunsc64.exe on systems with multiple profiles, when retrieving the data for all users I have found that the placement of the -o switch affects the output. If you run : autorunsc64.exe -accepteula -nobanner -a *…

asked

Paul E 1

0 answers

ZoomIt: Consistent modifier keys: Use SHIFT for rectangle

ZoomIt allow for drawing rectangles and lines. In Windows Explorer, the key to "create" a rectangle is the SHIFT key. In ZoomIt, SHIFT is used for the straight line, whereas CTRL is used for the rectangle. This is a bit counter-intuitive to…

asked

Oliver Kopp 1

2 answers

Sysmon created remote thread to LSASS Process

I have researched some ways to detect LSASS Credential Dumping in my infrastructure. I found that Sysmon often create remote thread (EventCode=8) to lsass.exe that looks very suspicious. Does it legit? Or some malware already injected to my Sysmon…

asked

Sergey Golub 6

answered

Faisalzabd 1

2 answers

Sysmon installation problem - virtual win11 arm

Hi, i am using sysmon couple of years so far, always works perfect. Right now, i am trying on macos UTM virtualization and installed fresh windows 11 arm64 version. I am trying to install sysmon, but there is error for which i cannot find…

asked

VM 1

answered

VM 1

Filter

Content

840 questions with Windows Sysinternals tags

A diversified value of a known host's error appears first in relation to sleep mode

Is BGInfo compatible for both ARM64 and X64 platforms?

ZoomIT Live zoom Missing Cursor after Windows 11 upgrade

Translation of the Process Monitor software interface

RDCMan Initialization error with incompatible mstscax.dll

Process Explorer - ProcExp152.sys Driver Flagged As Vulnerable

Sysinternals: Autoruns missing entries?

what is the alternative tool for PsExec

ZoomIt: how to get from Live Zoom Mode to drawing and back to Live Zoom seamlessly (plus: without losing mouse cursor)?

In Process explorer the virus total links do not line up properly with the apps.

ADExplorer crashes on Security Compare option

Does VMMap support showing memory usage from a dump file

Backup Process Explorer Column Sets

[Bug report] proc list scroll suddenly freezes when scrolling by mouse wheel

How to fix autoruns entry yellow highlighted?

RDCMan: Not Using RemoteFX Codec

Autoruns Command Line Tool - issue with output [-o] switch when querying all profiles

ZoomIt: Consistent modifier keys: Use SHIFT for rectangle

Sysmon created remote thread to LSASS Process

Sysmon installation problem - virtual win11 arm