Sysinternals icon

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.

Sysinternals Live

Sysinternals Live is a service that enables you to run Sysinternals tools directly from the Web without manually downloading them.

Enter a tool's Sysinternals Live path in Windows Explorer as<toolname> or \\\tools\<toolname>. In a command prompt use \\\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser or Windows Explorer at

What's New RSS icon

What's New (November 9, 2023)

  • Sysmon v15.1
    This update to Sysmon improves file hash and delete performance, adds a summary message on events dropped due to high system load, fixes a crash during uninstall, and fixes a system hang.

  • ZoomIt v7.2
    This update to ZoomIt adds translucent highlighter and blur to draw mode, microphone selection for recording, and copies the recorded file to the clipboard.

What's New (October 18, 2023)

  • VMMap v3.4
    This update to VMMap, a virtual and physical memory analysis utility, adds support for .NET 6 and higher, including .NET 8 preview.

What's New (September 29, 2023)

  • ProcDump 2.2 for Linux
    This update to ProcDump for Linux adds support for Azure Linux and fixes a couple of memory leaks.

  • Sysmon 1.3 for Linux This update to Sysmon for Linux fixes a bug with rule case matching.

What's New (July 26, 2023)

  • ZoomIt v7.1
    This update to ZoomIt adds audio capture to screen recording.

  • ProcDump 2.0 for Linux
    ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, receives two new .NET GC triggers (-gcm and -gcgen) and updates the existing memory trigger to allow for multiple thresholds.

What's New (June 27, 2023)

  • Sysmon v15.0
    This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.

What's New (May 24, 2023)

  • ZoomIt v7.0
    This update to ZoomIt, a screen magnification and annotation tool, adds the ability to screen record cropped regions or a specific window, and lets you snip regions of the screen or zoomed views to the clipboard or to a file in a single gesture.