Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
0 answers
The Peak Handles value shows the same value as Handles
The Peak Handles value within the Handles group on the Performance tab (process properties) appears to show the same value as Handles. i.e. its value drops as well as increases, when I would expect the peak value to only increase. This is observable with…
Sysinternals
asked 2021-01-25T11:33:13.457+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 37%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMI%3C/text%3E%3C/svg%3E)
Mark Incley
1
Reputation point
asked 2021-01-25T11:33:13.457+00:00
Mark Incley
1
Reputation point
3 answers
One of the answers was accepted by the question author.
BGinfo "Network Card" internal string name; what is it?
I an trying to display BGinfo's Network Card name without some extraneous information that is on the end of the Network Card description that BGinfo displays. The problem is that I don't know what the string name BGinfo uses for "Network…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 66%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
Bug in psexec 2.32 still - remote access doesn't work (e.g. psexec \\remotecomputer -h -u administrator -p password cmd.exe )
Remote access in psexec 2.32 doesn't work, please fix e.g. psexec \remotecomputer -h -u administrator -p password cmd.exe Which worked in psexec 2.20 and earlier, no longer works in 2.32. Works fine when I revert to 2.20 and earlier. But not with 2.32.…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-19T08:54:52.617+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 42%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Mike Diack
51
Reputation points
answered 2021-01-21T09:38:17.183+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 78%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
mariora
376
Reputation points
1 answer
portmon - instant crash on Windows XP (32-bit)
It's not running from a network drive and the user is an administrator. How can I diagnose/fix?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-18T16:42:14.063+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 22%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
Kieren Johnstone
6
Reputation points
answered 2021-01-21T09:36:06.963+00:00
mariora
376
Reputation points
1 answer
MSI installer for Sysmon?
I'd like to put in a feature request to have a MSI installer for Sysmon (and the related services). This would allow integration with normal package managers and desired state tools (e.g. Puppet), without having to create wrappers to handle the Sysmon…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-18T17:57:29.837+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 38%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPO%3C/text%3E%3C/svg%3E)
Pat O'Connell
1
Reputation point
answered 2021-01-18T18:09:11.913+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Kevin Gould
16
Reputation points
0 answers
Structure of process GUIDs used in Sysmon ETW events
Back in July 2018, Matt Graeber figured out the structure of the process GUID used in Sysmon events and published a PowerShell script to decode them. Since then however it seems that the structure has changed. If mmmmmmmm-tttt-tttt-cccc-ccccwwwwwwww is…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-18T14:29:57.053+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 79%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Dave McCormack
11
Reputation points
asked 2021-01-18T14:29:57.053+00:00
Dave McCormack
11
Reputation points
1 answer
BGInfo not recognising AMD CPU
When I use BGInfo v4.28 to display the CPU on my Windows Server 2019 Hyper-V VM, it shows as "Unknown Family" but is showing correctly in system information: Can this be added in a future release? It's been like this since way before…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-14T08:06:04.773+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 36%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFV%3C/text%3E%3C/svg%3E)
Fernando VINAN-CANO
1
Reputation point
commented 2021-01-18T07:30:05.32+00:00
Fernando VINAN-CANO
1
Reputation point
2 answers
run psexec on remote pc
Hi I have a pc with a static ip address that has been moved to a site using DHCP. Can psexec be used to connect to it when the pc is connected to the network of a DHCP site when the pc has a static IP address. I guess not. I was just wanting to…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-13T10:31:48.877+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
MacFarlane, Alastair
1
Reputation point
commented 2021-01-17T19:58:18.147+00:00
MacFarlane, Alastair
1
Reputation point
3 answers
One of the answers was accepted by the question author.
Explorer.exe constantly consumes CPU around 20% just after recent Windows Update
This issue has just started after recent Windows Update yesterday. No running application on my Windows 10. I had never seen it ever. How could I resolve this issue? This issue continues more than 30 hours. Windows 10 Home Version: 2004 …
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 61%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Is there a way to see which dll created a specifc .txt file in a specific location?
I'm new to SysInternals and I have a text file being created and I'm not sure which .exe or .dll is creating the .txt file. Which SysInternal tool would be best for this? If it's Procmon, how would I filter it to find it? Does the process…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 97%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
3 answers
Sysmon 11.10 - force uninstall causes system reboot
We were having severe memory issues on multiple production servers running version 11.10. These systems are running Server 2016. We have since halted Sysmon use and were trying to move to a newer version, 12.03. When we attempted the uninstall on one of…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-12T15:12:42.993+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 57.00000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
vizibility
1
Reputation point
answered 2021-01-14T20:12:59.447+00:00
vizibility
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Sysmon 13.0 Config (System Error 1067)
Is Sysmon 13.0 backwards compatible with older configs ? Using SwiftOnSecurity's config with Sysmon 13.0 yields an error when trying to start the Sysmon64 service. No errors about the config are thrown when installing Sysmon 13.0, however upon trying to…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-13T00:35:42.853+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 4%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZG%3C/text%3E%3C/svg%3E)
Zane Gittins
21
Reputation points
accepted 2021-01-13T15:37:46.183+00:00
Zane Gittins
21
Reputation points
3 answers
Sysmon 12.03 and Sysmon 13.00: RuleEngine Error: Multiple rule filters of the same type
Hello, Since Sysmon 12.03 we have the issue, that the config file can't be parsed by Sysmon 12.03. Even with the latest version 13.00 this issue still exists. The same config file is parseable with Sysmon 12.01.
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 25%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
1 answer
Too Long Shutdown - kernal power event 43 to 107 takes 1 minute
I have fast startup enabled. But Shutdown takes too long, around 90 seconds in Win 10
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-11T04:19:39.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 45%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
M Sra
1
Reputation point
answered 2021-01-11T10:11:32.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 6%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mario Raccagni Consulente
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Bug: QueryDirectory results item 2 missing
Process Monitor records the directory listing for QueryDirectory but it skips item 2. I noticed this when I had a directory with two sub directories and the QueryDirectory record in Process Monitor only showed 1. To test this I made 3 sub directories…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-08T07:00:10.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 41%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Ray Satiro
46
Reputation points
accepted 2021-01-09T23:22:16.173+00:00
Ray Satiro
46
Reputation points
1 answer
How to add Safer path filter in process monitor
One of the experiments in Windows Internals requires that I add a a path filter for Safer in process monitor. I tried this but no events are displayed. How does one add a path filter for "Safer" ?
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 81%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 answer
DU utility shows 'á' instead of separator
I am using WIndows 10 (v 10.0.19042) and when I run the DU utility it does not format the output correctly. The screenshot below shows the problem. I am using the system locale 1053 / sv-SE.
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
1 answer
ScanPST Deletion Entry in Logs
Hello, I need to know the entry that ScanPST creates when a file is deleted. This is pertaining to the following Microsoft article: https://learn.microsoft.com/en-us/outlook/troubleshoot/data-files/how-to-repair-personal-folder-file Point 5…
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,071 questions
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2020-12-31T21:30:18.863+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 20%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWW%3C/text%3E%3C/svg%3E)
Warren Weston
1
Reputation point
commented 2021-01-06T10:27:49.92+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 84%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Jade Liang-MSFT
9,976
Reputation points Microsoft Employee
0 answers
BSOD Page Fault in Non Paged Area using SysInternals Sysmon V11
HI All We recently been getting BSOD's on our Windows Server 2016 servers. We had Sysmon V11 installed and running since September but the last few days we been getting BSOD's saying Page Fault in Non Paged Area and the mini dump shows Sysmondrv.sys as…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2020-12-07T10:55:03.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC0%3C/text%3E%3C/svg%3E)
chaps-0125
1
Reputation point
commented 2021-01-06T03:10:17.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 35%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
dstaulcu
351
Reputation points
1 answer
Crash in strings v2.53 with interactive EULA prompt
Open a Command Prompt (not PowerShell) and run something like: strings.exe C:\Windows\System32\notepad.exe > notepad.txt If the EULA has not been accepted the program will crash immediately after accepting it. Declining will not cause a crash,…
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
asked 2021-01-05T03:33:29.417+00:00
Samuel Leslie
1
Reputation point
commented 2021-01-06T02:36:52.823+00:00
Samuel Leslie
1
Reputation point