Sysinternals updates

Didn't get a chance to catch the changelog. Was ALL those updated or a choice selection of some.

 

Changes in Sysinternals Suite 2021.06.22:

• RDCMan v2.8 - RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools!
• AccessChk v6.14 - This AccessChk version adds support for NULL DACL reporting.
• Process Monitor v3.83 - ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog.
• Strings v2.54 - This Strings update improves handling of files containing long strings.
• Sysmon v13.22 - This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions.
• TCPView v4.13 - This TCPView update fixes a bug with connection state filtering.

https://www.neowin.net/news/sysinternals-suite-20210622/

 

Thank You @Buddel

 

Remote Desktop Connection Manager launches on official Sysinternals download site
June 24, 2021
https://www.neowin.net/news/remote-...nches-on-official-sysinternals-download-site/

 

Sysinternals Suite (July 27, 2021)
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

These applications have been updated:

 

Show the number of TCP connections for every Windows process

28/07/2021 Update: ProcessTCPSummary v1.15

 

Sysinternals Suite (August 18, 2021)
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

These applications have been updated:

 

Wish he could GUI ProDump too but no complaints here.

Totally NICE set - useful in the extreme -

 

Autoruns 14 is missing the .dll files

 

That went over my head @Spartan. Known DLL files tab by chance?

Scheduled Tasks TAB is missing many entries on this version here for sure on 8 for me. Unchecked ALL Hides. Only 4 showing

Reverting to older version.

 

New UI for Autoruns.

 

hi
it doesn't want to start v14
is there a way to download the previous one 13.98 or 13.100 from the official page?
i dont' remember the last v13.xx version
thanks

 

Autoruns.dll and Autoruns64.dll are missing from the ZIP Package

 

Autoruns for Windows 13.100
https://filehippo.com/download_autoruns/

 

hi
thanks , might you provide the hash if you have an older version ?
the only way i got malware was from filehippo and softpedia

 

autoruns.exe
MD5 46cf67d92e94368b7af3783b9e510043
SHA-1 2ae5fb6595738e057649e1ed7c4f0bd15ef3ebcc
SHA-256 b1d3862e14fa5d627ac229f3707c0640c3a95dff192a204d2969f2bd72546b5b
Vhash 075056655d155562b0806041900953z41z6075z904006803dz
------------------
autoruns64.exe
MD5 42929d764848836d283497daf9947866
SHA-1 bd7acf9c899f96e19e01625d7e06c588f3528922
SHA-256 2b5c20d794649503df48d0c6fecad3de8afe6c85933268bd6ac9d5a946c20d80
Vhash 075076655d1555155552602010409007c3z81z6075z302001503dz

 

hi @anon

autoruns.exe is ok
autoruns64.exe not it's different
i have
MD5: D2AD29727795597B162450B66855E1BB
SHA-1: 68A535DAD712D542C7F3E89BE3E0CBB1687CFB75
SHA-256: ED13A015A9426CA096CFC8EE8105FBA266D2B4E9179B9D95FF1B6009CBEF90A8

thanks

 

Hi @stapp
and the 32bit
MD5: 46CF67D92E94368B7AF3783B9E510043
SHA-1: 2AE5FB6595738E057649E1ED7C4F0BD15EF3EBCC
SHA-256: B1D3862E14FA5D627AC229F3707C0640C3A95DFF192A204D2969F2BD72546B5B

thank you , well I will keep it the 64bit too , appreciate it

 

Executables are much larger than in previous version so they might have transferred code from dll to exe.

 

From Web Archives: (2021.07.20)

Code:

https://web.archive.org/web/20210720011610/https://download.sysinternals.com/files/SysinternalsSuite.zip

 

I see now thanks. They dropped the ball badly on v14

 

Not onl

Not only that, a lot of the other tabs don't show anything or less entries on my system compared to the previous version: Known Dlls, Scheduled Tasks, Services, etc.

Looks like the Hide Microsoft Entries is enabled even if unchecked in the options.

 

I agree, the latest version of Autoruns (14) doesn't work as intended.

1. If the ARN log is grabbed with the latest version, and you are trying to open it with the previous version, it says that the ARN file is corrupt. So there is some kind of incompatibility between the old and the latest version.

2. ARN log file can't be open with double click anymore. It's starting scanning your own system... It should be loaded via Autoruns64 => File => Open.

3. Virustotal does not work in Autoruns 14.0 - It is reported here => https://docs.microsoft.com/en-us/an...virustotal-does-not-work-in-autoruns-140.html and the registry settings mentioned here are OK => https://social.technet.microsoft.co...fb7556e6061d/virus-total-blank?forum=autoruns

4. Some items cannot be disabled with the latest version as mentioned here => https://techcommunity.microsoft.com...heme-updates/bc-p/2678172/highlight/true#M402
On my system, it was unable to disable the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers (Adobe Type Manager) and I deleted it manually.

As someone said: "wow, the executable is over 3x bigger, looks worse, changed some hotkeys and doesn’t really work…"

I am returning to the previous one till this is fixed.

Sadly but 13.100 has his own problems as well:

https://techcommunity.microsoft.com/t5/sysinternals-blog/autoruns-v13-100/ba-p/2282998

 

Thanks a lot for the info, @B-boy/StyLe/ I thought it was just me. I don't use Autoruns often, so I will just stick with v14.0 and wait for an update.