Windows Sysinternals

1 answer

I would like to virtualise an install on Windows 2016 server but the drive is a GPT and virtual PC wont boot GPT drives how do I get around this

I have made a VHDx file from a working Windows 2016 server but cant get it to boot in Virtual PC, it seems its because of the GPT drive. How can I virtualise the server?

asked

Mark Cooper 0

commented

Mark Cooper 0

1 answer

Why does my computer have session 0 (Operating System Space) and session 2 but not session 1 (user space)?

Hello, I was experimenting with the Windows Sysinternal Tools and learned that typically speaking there are two sessions in Windows OS, Session 0 and Session 1. Session 0 is allocated to the Operating System and Session 1 is allocated to the User space.…

asked

Iziren Okhamafe 6

answered

Castorix31 68,671

0 answers

Process > Suspend/Resume menu text swap "sticks"

In Process Explorer, when performing the action Process > Suspend, the a text for that menu action changes to Resume. However, in v17.02 of the app, this menu text change "sticks": the menu item will switch to the text for the opposite of…

asked

Ben Sorensen 0

2 answers

Remote Desktop Connection Manager

I'm facing a problem with Remote Desktop Connection Manager. I have added 2 remote connections to two different PCs (VMs). I connect to one connection and open AnyDesk. I give access to someone via AnyDesk. Everything works normally but while RDCM's…

asked

Nick Angelopoulos 41

answered

Nejo1978 0

0 answers

Autoruns v 14.09 Painfully Slow

As the thread title, I have an Intel 8700k with ssd. To scan (open program): Version - 14.09, 120s Version - 13.5, 5s To close: Version - 14.09, >120s Version - 13.5, <1s Any ideas why this maybe the case? Thanks,

asked

Van Dammesque 6

commented

Wim Cossement 6

0 answers

Process Explorer does not start minimized any more

I'm currently using Process Explorer 17.02. Normally it could be started into System Tray by using command line parameter '/t'. This was working on older versions perfectly. After switching to 17.02 Process Explorer starts allways with full window,…

asked

H. Helbig 0

2 answers

Looking for sysmon64.exe version 13.01

I'm looking for previous versions of sysmon64.exe (v13.01). Might anyone know where I can get my hands on it? I need it for testing purposes.

asked

Masashi Asao 0 Microsoft Employee

answered

Eugene P 11

1 answer

RDCman 2.83 memory leak on reconnect

Hi! After applying updates to a server and restarting it, I drag it from the recent list to the reconnect folder after the automatic logoff/disconnect. RDCman then tries to reconnect very rapidly and the private and working set bytes shoot up rapidly…

asked

Christian Arnold 1

commented

Martin Martinec 0

2 answers

Autoruns appears(?) to not detect all startup items (even Microsoft ones).

Hello, I am uncertain if this is a "bug" (< or at least "omission") or user error (mine), but it appears that Autoruns does not comprehensively detect startup items - at least it does not appear to detect MS Teams where said…

asked

David Durlach 6

commented

John 0

3 answers

Missing sysinternalssuite.zip on live sysinternals.com

There is no files/sysinternalssuite.zip in live sysinternals after January 15, 2021. I know that I can download the latest version from https://download.sysinternals.com/files/SysinternalsSuite.zip, but it used to be available from…

asked

かずお山内 1 MVP

answered

Andrii 0

3 answers

Update for BGinfo in Windows 11

Hello, Do you know if/when BGinfo will be updated for Windows 11?

asked

Jared 16

commented

Thomas Persson 0

0 answers

Sysmon for old system 2003 SP2

Hi all, we installed sysmon 3.21 in old windows server 2003 SP2. Customer refer me that theare are unexpected restarts after sysmon installation. We read that sysmon 3.21 it's last one supported version for windows 2003 and 2008 from this link…

asked

Cristian Bullo 0

0 answers

disk2vhd hangs on exFAT disk

disk2vhd hangs without message and without visible application window on lauch when a large external exFAT disk (30Tb) is connected. After reformatting the disk to NTFS, disk2vhd could be used without a problem.

asked

Pieter Janssens 0

0 answers

Allow for the disabling of the termination of Process Explorer when Esc key is pressed

Unless there is already an option to "Not exit Process Explorer when the user hits the <Esc> key," this option really needs to get added to the application. Way too often does one hit <Esc> one time too many to exit some window or…

asked

Michael Goldshteyn 0

0 answers

Disable Filesystem Cache/File Direct write to Disk

Hi All, I am doing a testing inside disk(SSD FW) level. Whenever the files are copy/written from the windows it doesn't come to disk immediately, it cached the file write operation and written the disk as bulk. Eg: I am trying write 5000 files(each…

asked

Raja 6

edited a comment

Aida Amir 0

8 answers

Process Explorer - ProcExp152.sys Driver Flagged As Vulnerable

Hello- We are leveraging a new security solution in our environment that adds protection to our endpoints. The XDR solution has a rule that is detecting the driver ProcExp152.sys as being "vulnerable". I have asked our security vendor to…

asked

Marc Denman 51

answered

Dennis Seyersdahl 0

5 answers

Clicking on load filter does nothing!

Clicking/hovering on load filter does nothing! I Am using Process Monitor x64 ver: 3.61. I Am launched as admin...

asked

empleat 121

answered

Dav3ywrx 1

1 answer

How to detect what spins up my disk?

I am seriously trying to figure out what is spinning up one of my disks. I tried using filemon but it doesn't catch the issue. I am trying with DiskMon, but due to many disks in the system, the event log if flooded and unusable. Is there a way to detect…

asked

Bernhard 0

commented

Bernhard 0

0 answers

Sdelete overwrite function should avoid the letter Z as an extension overwrite function

The Sysinternals Sdelete utility has a secure overwrite function which will rename the files 26 times wherein each character in the file name will go from foo.bar to AAA.AAA, then BBB.BBB, and so on. However, if the file being overwritten happens to…

asked

Stoute, Jason /US 0

5 answers

Sysmon Event ID 22

Hello, I'm using newest version of sysmon with config i get from https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml I have a problem with Event 22 DNS query. It doesn`t generate the events with the domains I am…

asked

THAN VAN TRONG 20

accepted

THAN VAN TRONG 20

Filter

Content

873 questions with Windows Sysinternals tags

I would like to virtualise an install on Windows 2016 server but the drive is a GPT and virtual PC wont boot GPT drives how do I get around this

Why does my computer have session 0 (Operating System Space) and session 2 but not session 1 (user space)?

Process > Suspend/Resume menu text swap "sticks"

Remote Desktop Connection Manager

Autoruns v 14.09 Painfully Slow

Process Explorer does not start minimized any more

Looking for sysmon64.exe version 13.01

RDCman 2.83 memory leak on reconnect

Autoruns appears(?) to not detect all startup items (even Microsoft ones).

Missing sysinternalssuite.zip on live sysinternals.com

Update for BGinfo in Windows 11

Sysmon for old system 2003 SP2

disk2vhd hangs on exFAT disk

Allow for the disabling of the termination of Process Explorer when Esc key is pressed

Disable Filesystem Cache/File Direct write to Disk

Process Explorer - ProcExp152.sys Driver Flagged As Vulnerable

Clicking on load filter does nothing!

How to detect what spins up my disk?

Sdelete overwrite function should avoid the letter Z as an extension overwrite function

Sysmon Event ID 22