Blog Post

Sysinternals Blog
1 MIN READ

TCPView v4.0, PsExec v2.33, WinObj v3.02 and Sysmon v13.02

lukekim's avatar
lukekim
Brass Contributor
Mar 23, 2021

https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
 

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
 

https://docs.microsoft.com/en-us/sysinternals/downloads/winobj

This WinObj release fixes a bug that could cause it to crash.
 

https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

This Sysmon update fixes a crash that could be caused by file deletion events, fixes the "is any" rule predicate, and adds several configuration parsing performance improvements.
 
Published Mar 23, 2021
Version 1.0
Release

7 Comments

  • NijazVista's avatar
    NijazVista
    Copper Contributor
    Apr 05, 2021

    Can you please fix Process Explorer? Status bar displays "paused" when we press pause sometimes twice, sometimes in place of physical RAM or other value, sometimes not at all, so difficult to know if that task manager is paused. Also can you add feature so that it automatically pauses when in background or minimized, so it uses less CPU? So I want you to fix status bar, where various values disappear, or appear or get corrupted, and ability for auto pause, hope you understand.

  • alex335678's avatar
    alex335678
    Brass Contributor
    Apr 01, 2021

    Any way to optimize ImageLoad events?  This really kills performance but it is a best practice recommendation from most security team guidance.  For example, https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml configuration has this enabled but decreases any server performance between 15-40% at any given time. 

     

    Is there any hope to see an open source version that the community can hope to optimize?

     

    Thanks!

     

  • JohnMoosenl's avatar
    JohnMoosenl
    Copper Contributor
    Mar 31, 2021

    Bug:

    TCPview 4.0 crashes when you only have TCP v4 selected and switch that off.

    It does that too with TCP v6, only after some time.

     

    Thanks

  • Christoph_Schneegans's avatar
    Christoph_Schneegans
    Copper Contributor
    Mar 26, 2021

    It seems the latest download from https://download.sysinternals.com/files/SysinternalsSuite.zip (published "March 23, 2021") contains two files named "Tcpview.exe" and "tcpview.exe". "tcpview.exe" appears to be the current version 4.0, while "Tcpview.exe" is the older version 3.5, which was built in 2011 according to its file properties.

  • bughit's avatar
    bughit
    Copper Contributor
    Mar 25, 2021

    tcpview suggestions:

     

    • "show unconnected" toggle from 3.x
    • column to show incoming vs outgoing tcp connection
    • highlighting (background color) of established tcp connections
      • different colors for incoming and outgoing
    • column reordering
    • minimize to tray

    thanks