Sysinternals is a suite of free utilities used to monitor, manage and troubleshoot the Windows operating system.
History (https://en.wikipedia.org/wiki/Sysinternals)
Sysinternals Blog (https://techcommunity.microsoft.com/t5/sysinternals-blog/bg-p/Sysinternals-Blog)
Downloads (https://docs.microsoft.com/en-us/sysinternals/downloads/)
From ZoomIt v6.01, BgInfo v4.31, and ProcMon v3.91 (https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v6-01-bginfo-v4-31-and-procmon-v3-91/ba-p/3586676)
ZoomIt v6.01 (https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit)
This release for ZoomIt fixes a 32 bit bug.
BgInfo v4.31 (https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo)
This release for BgInfo fixes a 32 bit crash.
ProcMon v3.91 (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)
This release for Process Monitor fixes an ARM64 driver load error.
Sysmon 14.0 has been just released by @Sysinternals (http://"https://twitter.com/olafhartong/status/1559599251612733442")
Update Information: Sysmon 14.0 — FileBlockExecutable (http://"https://medium.com/@olafhartong/sysmon-14-0-fileblockexecutable-13d7ba3dff3e")
Download: Sysmon v14.0 (http://"https://docs.microsoft.com/en-gb/sysinternals/downloads/sysmon")
Via Mark Russinovich on Twitter (https://twitter.com/markrussinovich/status/1559601981492056064):
QuoteNew Sysmon v14 release, introducing block-exe rule that we made specifically to foil Russian malware targeting Ukrainian systems
From Sysmon v14.1, Coreinfo v3.6, AccessEnum v1.35, BgInfo 4.32, and NotMyFault 4.21 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v14-1-coreinfo-v3-6-accessenum-v1-35-bginfo-4-32-and/ba-p/3641271)
Sysmon v14.1 (https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon)
This update to Sysmon, an advanced host monitoring tool, adds a new event type, FileBlockShredding that prevents wiping tools such as Sysinternals SDelete from corrupting and deleting files.
Coreinfo v3.6 (https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo)
This update to Coreinfo, a utility that reports system CPU, memory and cache topology and information, now has an option (-d) for measuring inter-CPU latencies in counter ticks.
AccessEnum v1.35 (https://docs.microsoft.com/en-us/sysinternals/downloads/accessenum)
This update to AccessEnum, a tool that summarizes account permissions on files and folders, fixes a version number mismatch in its version information.
BgInfo v4.32 (https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo)
This update to BgInfo, a tool for displaying system information on screen desktop, correctly reports Windows 11 Insider versions.
NotMyFault v4.21 (https://docs.microsoft.com/en-us/sysinternals/downloads/notmyfault)
This update to NotMyFault, a tool used to crash, hang, and cause kernel memory leaks on Windows, now works on ARM64 systems.
From ZoomIt v6.1 (https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v6-1/ba-p/3651811)
ZoomIt (https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit)
This update to ZoomIt, a screen magnification and annotation tool, adds right-justified text input, an option to scale the screen recordings resolution, and usability fixes.
From ZoomIt v6.11 (https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v6-11/ba-p/3653158)
ZoomIt (https://learn.microsoft.com/en-us/sysinternals/downloads/zoomit)
This update to ZoomIt fixes a crash with right-justified text input and improves multiline text handling.
From Process Explorer v17.0, Handle v5.0, Process Monitor v3.92, and Sysmon v14.11 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-explorer-v17-0-handle-v5-0-process-monitor-v3-92-and/ba-p/3663465)
Process Explorer (https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer)
This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds dark theme support, multipane view in the main window with a new threads pane, startup performance optimization and more.
Handle (https://learn.microsoft.com/en-us/sysinternals/downloads/handle)
This update to Handle, a tool that displays information about open handles for any process in the system, adds CSV output with a new -v switch and has an option to print the granted access mask with -g.
Process Monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon)
This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver's altitude.
Sysmon (https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon)
This update to Sysmon, an advanced host monitoring tool, fixes a bug preventing FileDeleteDetected events reporting and adds support for ARM64.
From ProcDump v11.0, ProcDump 1.3 for Linux, and Process Explorer v17.01 (https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-v11-0-procdump-1-3-for-linux-and-process-explorer-v17/ba-p/3669082)
ProcDump v11.0 (https://learn.microsoft.com/en-us/sysinternals/downloads/procdump)
This update to ProcDump, a command-line utility for generating memory dumps from running processes, adds ModuleLoad/Unload and Thread Create/Exit triggers, removes Internet Explorer JavaScript support, and improves descriptive text messages.
ProcDump 1.3 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux)
This update to ProcDump for Linux changes the CLI interface to match ProcDump for Windows, and adds a new process group trigger (-pgid) to allow monitoring all processes running in the same process group.
Process Explorer v17.01 (https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer)
This update to Process Explorer fixes a crash when right-clicking an empty area of the lower pane threads tab and improves menu rendering.
From Process Explorer v17.02 and Sysmon v14.12 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-explorer-v17-02-and-sysmon-v14-12/ba-p/3673982)
Process Explorer v17.02 (https://learn.microsoft.com/sysinternals/downloads/process-explorer)
This update to Process Explorer fixes two bugs that can lead to crashes and another that leads to an unexpected dialog in an error case.
Sysmon v14.12 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon fixes a bug related to volumes without file system security.
From Active Directory Explorer v1.52, Contig v1.82, and Sysmon v14.13 (https://techcommunity.microsoft.com/t5/sysinternals-blog/active-directory-explorer-v1-52-contig-v1-82-and-sysmon-v14-13/ba-p/3685500)
Active Directory Explorer v1.52 (https://learn.microsoft.com/sysinternals/downloads/adexplorer)
This update to Active Directory Explorer, an advanced Active Directory viewer and editor, fixes a crash caused by searching for strings in a snapshot longer than object names.
Contig v1.82 (https://learn.microsoft.com/sysinternals/downloads/contig)
This update to Contig, a single-file defragmenter, adds safe DLL loading and support for long command-line arguments.
Sysmon v14.13 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon addresses CVE-2022-41120 by ensuring the archive directory has permissions restricted to the system account.
ProcDump 1.4 for Linux (https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-1-4-for-linux/ba-p/3695439)
ProcDump 1.4 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux)
This update to ProcDump for Linux adds the capability to generate dumps when specified exceptions occur in a .NET process.
RDCMan v2.92, Sysmon v14.14, and ZoomIt v6.12 (https://techcommunity.microsoft.com/t5/sysinternals-blog/rdcman-v2-92-sysmon-v14-14-and-zoomit-v6-12/ba-p/3724973)
RDCMan v2.92 (https://learn.microsoft.com/sysinternals/downloads/rdcman)
This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, fixes a naming error impeding plugin operation, updates the icon set, and fixes mstscax.dll load on some systems where initialization would previously fail.
Sysmon v14.14 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon, an advanced host monitoring tool, fixes a timeout occurring with FileDelete and FileDeleteDetected events on low-speed media.
ZoomIt v6.12 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt, a screen magnification and annotation tool, eliminates drawing artifacts occurring when changing magnification, changing pen width, or combining these steps, and improves drawing settings persistence.
Sysmon 1.1 for Linux, Contig v1.83, ProcDump 1.4.1 for Linux, and Process Monitor v3.93 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-1-1-for-linux-contig-v1-83-procdump-1-4-1-for-linux-and/ba-p/3764299)
Sysmon 1.1 for Linux (https://github.com/Sysinternals/SysmonForLinux)
This update to Sysmon for Linux, an advanced host monitoring tool, adds support for a wider range of distributions (e.g., RHEL) by leveraging BTF enabled kernels.
Contig v1.83 (https://learn.microsoft.com/sysinternals/downloads/contig)
This release for Contig, a single-file defragmenter, fixes a bug preventing the 64-bit Contig64.exe from working, fixes a path parsing bug, and adds support for ARM64.
ProcDump 1.4.1 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux)
This update to ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, adds the capability to generate dumps based on the contents of an exception message.
Process Monitor v3.93 (https://learn.microsoft.com/sysinternals/downloads/procmon)
Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, receives fixes for several user interface and log file bugs.
Process Explorer v17.03, PsTools v2.5, Sysmon 1.1.1 for Linux, and TCPView v4.18 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-explorer-v17-03-pstools-v2-5-sysmon-1-1-1-for-linux-and/ba-p/3783657)
Process Explorer v17.03 (https://learn.microsoft.com/sysinternals/downloads/process-explorer)
This update to Process Explorer, an advanced process, DLL, and handle viewing utility, adds improved packaged app support, fixes a dark mode bug, and fixes a security bug.
PsTools v2.5 (https://learn.microsoft.com/sysinternals/downloads/pstools)
This update to PsTools, a suite of programs for interacting with local or remote Windows systems, fixes command-line argument processing issues in several tools.
PsExec v2.41 (https://learn.microsoft.com/sysinternals/downloads/psexec)
PsExec, a light-weight telnet/ssh alternative for launching processes on Windows, now supports file paths longer than MAX_PATH characters.
PsPing v2.12 (https://learn.microsoft.com/sysinternals/downloads/psping)
PsPing, a tool implementing the standard ping functionality, alongside TCP/UDP latency and bandwidth measurements, receives bugfixes for its benchmarks, and now uses random data for communication buffers.
PsShutdown v2.6 (https://learn.microsoft.com/sysinternals/downloads/psshutdown)
PsShutdown, a command-line utility for managing local or remote shut down, reboot, logoff, or lock for Windows computers, now displays its notification dialog on the target machine, and has a new flag, -x, for turning the monitor off, required to initiate Modern Standby where applicable.
PsFile v1.04 (https://learn.microsoft.com/sysinternals/downloads/psfile), PsGetSid v1.46 (https://learn.microsoft.com/sysinternals/downloads/psgetsid), PsInfo v1.79 (https://learn.microsoft.com/sysinternals/downloads/psinfo), PsKill v1.17 (https://learn.microsoft.com/sysinternals/downloads/pskill), PsList v1.41 (https://learn.microsoft.com/sysinternals/downloads/pslist), PsLogList v2.82 (https://learn.microsoft.com/sysinternals/downloads/psloglist), PsPasswd v1.25 (https://learn.microsoft.com/sysinternals/downloads/pspasswd), PsService v2.26 (https://learn.microsoft.com/sysinternals/downloads/psservice), and PsSuspend v1.08 (https://learn.microsoft.com/sysinternals/downloads/pssuspend) have been also updated to work with long file paths and command lines.
Sysmon 1.1.1 for Linux (https://github.com/Sysinternals/SysmonForLinux)
This update to Sysmon for Linux removes support for Ubuntu 18.04, Debian 10 and includes other fixes.
TCPView v4.18 (https://learn.microsoft.com/sysinternals/downloads/tcpview)
TCPView, a Windows program that shows detailed listings of all TCP and UDP endpoints, receives a fix for a crash that can occur when receiving events in certain cases, and improvements for the dark mode.
Process Explorer v17.04 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-explorer-v17-04/ba-p/3786659)
Process Explorer v17.04 (https://learn.microsoft.com/sysinternals/downloads/process-explorer)
This update to Process Explorer fixes a regression highlighting immersive processes and fixes a security bug.
From Sysmon v14.16 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v14-16/ba-p/3794388)
Sysmon v14.16 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This Sysmon update fixes a regression on older versions of Windows.
From ZoomIt v7.0 (https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v7-0/ba-p/3830183)
ZoomIt v7.0 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt, a screen magnification and annotation tool, adds the ability to screen record cropped regions or a specific window, and lets you snip regions of the screen or zoomed views to the clipboard or to a file in a single gesture.
From Process Monitor v3.94 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-monitor-v3-94/ba-p/3841920)
Process Monitor v3.94 (https://learn.microsoft.com/sysinternals/downloads/procmon)
This update to Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, improves handling of incomplete Procmon Log files (.pml), and restores "Copy All" functionality in the Event Properties window.
Sysmon v15.0, Autoruns v14.1, and Process Monitor v3.95 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v15-0-autoruns-v14-1-and-process-monitor-v3-95/ba-p/3857916)
Sysmon v15.0 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon, an advanced host security monitoring tool, sets the service to run as a protected process, hardening it against tampering, adds a new event, FileExecutableDetected, for when new executable images are saved to files, and fixes a system hang occurring in certain situations due to an interaction between network and file system events.
Autoruns v14.1 (https://learn.microsoft.com/sysinternals/downloads/autoruns)
This update to Autoruns, a utility for monitoring startup items, fixes a bug with detecting non-shortcut files in startup folders, fixes a bug with handling non-UNC, non-absolute paths, and improves theming support.
Process Monitor v3.95 (https://learn.microsoft.com/sysinternals/downloads/procmon)
This update to Process Monitor fixes a crash on loading certain PML files and improves boot logging.
ZoomIt v7.1, ProcDump 2.0 for Linux, Process Explorer v17.05, RDCMan v2.93 and VMMap v3.33 (https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v7-1-procdump-2-0-for-linux-process-explorer-v17-05/ba-p/3884766)
ZoomIt v7.1 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt adds audio capture to screen recording.
ProcDump 2.0 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/2.0)
ProcDump for Linux, a flexible tool for manual and trigger-based process dump generation, receives two new .NET GC triggers (-gcm and -gcgen) and updates the existing memory trigger to allow for multiple thresholds.
Process Explorer v17.05 (https://learn.microsoft.com/sysinternals/downloads/process-explorer)
This update to Process Explorer, an advanced process, DLL, and handle viewing utility, fixes a crash generated by the process list, fixes a bug with thread affinity decoding on systems with multiple processor groups (more than 64 processors / cores), and makes Escape key handling more consistent.
RDCMan v2.93 (https://learn.microsoft.com/sysinternals/downloads/rdcman)
This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, re-enables the option to scale thumbnails under the display settings.
VMMap v3.33 (https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap)
This update to VMMap, a tool that reports the virtual memory layout of a process, removes automatic loading of dbghelp.dll under "C:\Debuggers".
ProcDump 2.2 for Linux, Sysmon 1.3 for Linux, Process Monitor v3.96, and SDelete v2.05 (https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-2-2-for-linux-sysmon-1-3-for-linux-process-monitor-v3/ba-p/3942268)
ProcDump 2.2 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/2.2)
This update to ProcDump for Linux adds support for Azure Linux and fixes a couple of memory leaks.
Sysmon 1.3 for Linux (https://github.com/Sysinternals/SysmonForLinux/release/tag/1.3.0.0)
This update to Sysmon for Linux adds support for file hashes and fixes a bug with rule case matching.
Process Monitor v3.96 (https://learn.microsoft.com/sysinternals/downloads/procmon)
This update to Process Monitor speeds up the clear events operation, adds a security fix, and several bug fixes.
SDelete v2.05 (https://learn.microsoft.com/sysinternals/downloads/sdelete)
This update to SDelete, a command line utility for secure file deletion, fixes console output and improves command line parameter parsing.
Sysmon 1.3.1 for Linux (https://github.com/Sysinternals/SysmonForLinux/releases/tag/1.3.1.0)
This update to Sysmon for Linux fixes file hashing for Linux distributions without OpenSSL 1.1.
VMMap v3.4 (https://techcommunity.microsoft.com/t5/sysinternals-blog/vmmap-v3-4/ba-p/3958601)
VMMap v3.4 (https://learn.microsoft.com/sysinternals/downloads/vmmap)
This update to VMMap, a virtual and physical memory analysis utility, adds support for .NET 6 and higher, including .NET 8 preview.
Sysmon v15.1 and ZoomIt v7.2 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v15-1-and-zoomit-v7-2/ba-p/3977427)
Sysmon v15.1 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon improves file hash and delete performance, adds a summary message on events dropped due to high system load, fixes a crash during uninstall, and fixes a system hang.
ZoomIt v7.2 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt adds translucent highlighter and blur to draw mode, microphone selection for recording, and copies the recorded file to the clipboard.
Sysmon v15.12 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v15-12/ba-p/4025164)
Sysmon v15.12 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon fixes a case of system hanging on uninstall, a crash occurring while parsing configuration files, and a memory leak.
ProcDump 3.2 for Linux, ZoomIt v8.0, and Autoruns v14.11 (https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-3-2-for-linux-zoomit-v8-0-and-autoruns-v14-11/ba-p/4050610)
ZoomIt v8.0 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt adds a new feature called DemoType that automates typing.
Autoruns v14.11 (https://learn.microsoft.com/sysinternals/downloads/autoruns)
This update to Autoruns fixes a bug parsing parameters in startup folder items.
Sysmon v15.14 (https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v15-14/ba-p/4056285)
Sysmon v15.14 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon resolves a service crash on configuration change and a rare system crash.
ProcDump 3.3 for Linux and Process Explorer v17.06 (https://techcommunity.microsoft.com/t5/sysinternals-blog/procdump-3-3-for-linux-and-process-explorer-v17-06/ba-p/4154084)
ProcDump 3.3 for Linux (https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.3.0)
This update to ProcDump for Linux includes improvements related to containerized workflows.
Process Explorer v17.06 (https://learn.microsoft.com/sysinternals/downloads/process-explorer)
This update to Process Explorer fixes an issue resulting in the application window not being displayed, and updates the process suspend and resume menu items.
Process Monitor v4.01 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-monitor-v4-01/ba-p/4172999)
This update to Process Monitor colorizes the activity operation icons - Registry, File System, Network, Process and Thread, and Profiling Events.
Available from https://t.co/zlch58GEpK (https://t.co/zlch58GEpK).
Process Monitor 2.0 for Linux and Sysmon v15.15 (https://techcommunity.microsoft.com/t5/sysinternals-blog/process-monitor-2-0-for-linux-and-sysmon-v15-15/ba-p/4199063)
Procmon 2.0 for Linux (https://github.com/Sysinternals/ProcMon-for-Linux/releases/tag/2.0.0.0)
Process Monitor for Linux, a convenient and efficient way for developers to trace the syscall activity on the system, is now updated to support a broader range of Linux distributions.
Sysmon v15.15 (https://learn.microsoft.com/sysinternals/downloads/sysmon)
This update to Sysmon fixes a hang occurring when memory is constrained, improves FsFilter performance, and fixes two rare crashes related to FileBlockShredding and PipeEvent.
ProcDump 1.0 for Mac (https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-1-0-for-mac/4295719)
ProcDump-for-Mac (https://github.com/Sysinternals/ProcDump-for-Mac)Release repository for ProcDump-for-Mac. Source code is available in the ProcDump-for-Linux (https://github.com/Sysinternals/ProcDump-for-Linux) repo.
InstallationTo install ProcDump for Mac, you'll need to install Homebrew (https://brew.sh/) if you haven't already.
- Add the Sysinternals tap: brew tap sysinternals/sysinternalstap
- Install individual Sysinternals tools: brew install procdump
ZoomIt in PowerToys v0.88, ProcDump 3.4 for Linux, and Sysmon 1.3.4 for Linux (https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-in-powertoys-v0-88-procdump-3-4-for-linux-and-sysmon-1-3-4-for-linux/4371818)
ZoomIt in PowerToys v0.88 (https://github.com/microsoft/PowerToys/releases/tag/v0.88.0)
ZoomIt is now part of Microsoft PowerToys and open source. ZoomIt will continue being available from Sysinternals, as a stand-alone tool.
ProcDump 3.4 for Linux (https://github.com/microsoft/ProcDump-for-Linux/releases/tag/3.4.0)
ProcDump for Linux, a convenient way for developers to generate core dumps, now includes ARM64 support.
Sysmon 1.3.4 for Linux (https://github.com/microsoft/SysmonForLinux/releases/tag/1.3.4.0)
This update to Sysmon for Linux fixes two memory leaks.
Ctrl2Cap v3.0 and BgInfo v4.33 (https://techcommunity.microsoft.com/blog/sysinternals-blog/ctrl2cap-v3-0-and-bginfo-v4-33/4378481)
Learn about the latest updates to Ctrl2Cap and BgInfo
Ctrl2Cap v3.0 (https://learn.microsoft.com/sysinternals/downloads/ctrl2cap)
Ctrl2Cap, a tool to help remap the Caps Lock key to Ctrl, has been updated to run on Windows 10 and 11, and not require a driver.
BgInfo v4.33 (https://learn.microsoft.com/sysinternals/downloads/bginfo)
This update to BgInfo fixes two crashes, and adds text for Windows 11 and Windows Server 2025.
I love me some Sysinternals!
ProcDump 3.4.1 for Linux and Sysmon 1.3.5 for Linux (https://techcommunity.microsoft.com/blog/sysinternals-blog/procdump-3-4-1-for-linux-and-sysmon-1-3-5-for-linux/4394499)
Learn about the latest updates to ProcDump for Linux and Sysmon for Linux
ProcDump 3.4.1 for Linux (https://github.com/microsoft/ProcDump-for-Linux/releases/tag/3.4.1)
This update to ProcDump for Linux removes the ':' separator for the date/time section of the generated core dump filename, aligning across operating systems.
Sysmon 1.3.5 for Linux (https://github.com/microsoft/SysmonForLinux/releases/tag/1.3.5.0)
This update to Sysmon for Linux fixes the upgrade path to make sure the previous configuration is restored during the upgrade.
RDCMan v3.0 and Sysmon 1.3.6 for Linux (https://techcommunity.microsoft.com/blog/sysinternals-blog/rdcman-v3-0-and-sysmon-1-3-6-for-linux/4410914)
Learn about the latest updates to ProcDump for Linux and Sysmon for Linux
RDCMan v3.0 (https://learn.microsoft.com/sysinternals/downloads/rdcman)
This update to RDCMan, a tool for managing and connecting to Remote Desktop sessions, implements Windows 11 Terminal Services client features, and adds a series of security and quality of life improvements, like seamless session resizing, keyboard navigation, IPv6 support, and modern cryptography.
Sysmon 1.3.6 for Linux (https://github.com/microsoft/SysmonForLinux/releases/tag/1.3.6.0)
Sysmon 1.3.6 for Linux adds support for kernel 6.11 and newer.
Sysmon 1.3.7 for Linux (https://techcommunity.microsoft.com/blog/sysinternals-blog/sysmon-1-3-7-for-linux/4416088)
Learn about the latest update to Sysmon for Linux
Sysmon 1.3.7 for Linux (https://github.com/microsoft/SysmonForLinux/releases/tag/1.3.7.0)
Sysmon 1.3.7 for Linux fixes a compatibility issue with Debian 11 and adds configuration file hashes to configuration change events.
Process Monitor 2.1 for Linux, Sysmon 1.4 for Linux, and SysinternalsEBPF 1.5 (https://techcommunity.microsoft.com/blog/Sysinternals-Blog/process-monitor-2-1-for-linux-sysmon-1-4-for-linux-and-sysinternalsebpf-1-5/4431366)
Learn about the latest updates to Process Monitor for Linux, Sysmon for Linux, and SysinternalsEBPF
Procmon 2.1 for Linux (https://github.com/microsoft/ProcMon-for-Linux/releases/tag/2.1.0.0)
Sysmon 1.4 for Linux (https://github.com/microsoft/ProcMon-for-Linux/releases/tag/2.1.0.0)
SysinternalsEBPF 1.5 (https://github.com/microsoft/SysinternalsEBPF/releases/tag/1.5.0.0)
This release includes Azure Linux 3.0 support across Procmon for Linux, Sysmon for Linux and SysinternasEBPF, expanding compatibility with the latest version of Microsoft's Linux distribution.
jcd 1.0 for Linux and Mac, and ZoomIt v9.01 (https://techcommunity.microsoft.com/blog/sysinternals-blog/jcd-1-0-for-linux-and-mac-and-zoomit-v9-01/4454875)
Learn about the new jcd tool and the latest updates to ZoomIt
jcd 1.0 for Linux and Mac (https://github.com/microsoft/Sysinternals-jcd/releases/tag/1.0.0)
jcd (jump change directory) is a Sysinternals command-line tool that provides quick directory navigation with substring matching and smart selection for both Linux and macOS.
ZoomIt v9.01 (https://learn.microsoft.com/sysinternals/downloads/zoomit)
This update to ZoomIt fixes a regression that made the current drawing disappear after snip, reenables mouse click for drawing dots in draw mode, and fixes a bug with consecutive record activations.