Autoruns v14.0, RDCMan v2.83, Procdump v10.11, dark theme updates, ProcExp v16.43 and Sysmon v13.24
Published Aug 18 2021 11:12 AM 24K Views
Microsoft

Autoruns v14.0

Autoruns, a utility for monitoring startup items, is the latest Sysinternals tool to receive a UI overhaul including a dark theme.
 

RDCMan v2.83

This RDCMan update adds support for the Remote Desktop client from Windows 8.1+ and supports resizable sessions via automatic reconnect.
 

ProcDump v10.11

This update to ProcDump fixes a "The parameter is incorrect" error on Windows Server 2016 systems.
 

Winobj v3.11

WinObj, a utility for inspecting objects in the NT Object Manager’s namespace, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
 

TCPView v4.14

TCPView, a utility for monitoring network connections on Windows systems, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
 

Process Monitor v3.84

Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.
 

Process Explorer v16.43

This update to Process Explorer fixes a memory leak in the handle properties dialog, includes a new label, "medium+" for process integrity levels and has some display tweaks for systems with large memory capacity.
 

Sysmon v13.24

This Sysmon update improves the handling of FileDelete and FileDeleteDetected events which solves systems becoming unresponsive under certain conditions.
 
21 Comments

Thanks for the updates!

The new Autoruns is not showing results in the Virustotal column, only when right-clicking an item & selecting 'check virus total' the result shows up. refresh issue?

Copper Contributor

Bring back the old icons in ProcMon...seriously.  Why would you change the icons, like a magnifying glass to a box without full sides....makes absolutely no sense.  I actually went back to the old version of ProcMon because it annoyed me so much.

 

A toggle at least between the old and new interface...give me something!

Copper Contributor

As Eric Moreau says. Autoruns does not do an automatc scan of all Entries on Startup, you have to select each entry.

Iron Contributor

@Erik Moreau - although the VirusTotal column is always present, Autoruns doesn't check for VT results unless you request them. If you want VT results for all entries, choose Options | Scan Options and check the "Check VirusTotal.com" checkbox before running the scan.

Copper Contributor

@AaronMargosis_Tanium 

This function isn´t working since version 14.0, the option is checked but don´t work after click on rescan. Back in v13.100 its working like a charm.

Iron Contributor

@Karl_Frosch - OK, I'm seeing that too.

Copper Contributor

Thanks. Autoruns 14 issue - exits on 64 bit Win 7 Pro & Home (not displaying EULA); error = The ordinal 45 could not be located in the dynamic link library Cabinet.dll. For Administrator and Standard user. Same for Autoruns64.exe. File timestamp 06:42:27 17 August 21.  https://download.sysinternals.com/files/Autoruns.zip has fewer files than I'd expect, and no DLLs.

 

Copper Contributor

Where is autorunsc.exe ?

Copper Contributor

@jimdecb

Dependency Walker - cabinet.dll

Windows 7's cabint.dll has not inplement 30(CreateCompressor) - 45(CloseDecompressor).

Brass Contributor

Always happy for the releases for these tools which we rely on.

 

I would note that while this blog post notes many new releases, the What's New only shows that AutoRuns was updated.

 

Thanks.

 

Greg

Brass Contributor

I agree with aleinss. The icons in Process Monitor, aside from being larger, are NOT an improvement. And the Find icon is now the same symbol that Capture was before. Someone wasn't thinking about the fact that we've been using this tool since what, 1996?

 

If you drop rdcman.exe v2.83 in the original folder where rdcman was installed before it became part of the sysinternals tools, (C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager) it crashes on start.

removing the AxMSTSCLib.dll & MSTSCLib.dll files in the folder fixes it.

Copper Contributor

Getting failed to disable error while using autorun new version, even if i run as administrator and try to remove any startup entry...

 

Screenshot 2021-08-24 at 1.38.02 PM.png

 

 

Copper Contributor

I confirm the new Autoruns bug: "Failed to disable 'app.lnk'". running elevated rights.

Copper Contributor

Is Windows for ARM really going to be a thing? If so, when are we going to get Sysmon for ARM?

Copper Contributor

Win7/Win10 version 14.01, run as a system administrator, most items cannot be disabled/enabled or deleted

Iron Contributor

Great seeing these updates! :smile:

Brass Contributor

Confirming what others are saying.

BUG:

Both autoruns 14 and 14.0.1 do not allow entries to be deleted. VERY annoying.

 

Also:

COSMETIC REQUEST

PLEASE revert the icons etc to the version 13 ones. The new ones are LESS intuitive than the original ones and look slightly childish.

Copper Contributor

I found that RDCMan 2.83 no longer need to install. However, it is still not possible to add nested group from the UI. I was able to "add" nested group by manually editing the .RDG file.

Copper Contributor

May I know where I can officially down RDCMan v2.83? The link now redirect to v2.90 which is having same issue as described by user here - https://docs.microsoft.com/en-us/answers/questions/833870/rdcman-v290-hangs-at-connecting-with-no-au...

Copper Contributor

O Autoruns é um utilitário para monitorar itens de inicialização que permite ver o que é configurado para ser executado durante o processo de inicialização ou login do sistema e mostra as entradas no contexto de outros locais de inicialização. Ele também pode ser usado para habilitar ou desabilitar programas de inicialização. Ele permite que você veja o que é configurado para ser executado durante o processo de inicialização ou login do sistema e mostra as entradas no contexto de outros locais de inicialização. Além disso, ele pode ser usado para habilitar ou desabilitar programas de inicialização. O Remote Desktop Connection Manager (RDCMan) é um utilitário gratuito desenvolvido pela Microsoft que permite gerenciar várias conexões de área de trabalho remota em uma única interface de usuário. Ele permite que você salve grupos e mais objetos de servidor para se conectar. O RDCMan é amplamente usado por administradores de rede.  Esses arquivos são usados por outros aplicativos e a remoção deles pode causar problemas em outros aplicativos que dependem deles Por exemplo, se você remover o arquivo MSTSCLib.dll, o Remote Desktop Connection Client não funcionará corretamente.

Co-Authors
Version history
Last update:
‎Aug 18 2021 11:12 AM
Updated by: