ProcMon 3.80, Sysmon 13.20, TCPView 4.10, ProcExp 16.40, PsExec 2.34, Sigcheck 2.81 and WinObj 3.10

Published May 25 2021 10:16 AM 12K Views
Microsoft

Process Monitor v3.80

Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support.
 

Sysmon v13.20

This update to Sysmon, an advanced system security monitor, adds "not begin with" and "not end with" filter conditions and fixes a regression for rule include/exclude logic.
 

TCPView v4.10

This update to TCPView, a TCP/UDP endpoint query tool, adds the ability to filter connections by state.
 

Process Explorer v16.40

This update to Process Explorer, an advanced process, DLL and handle viewing utility, adds process filtering support to the main display and reports process CET (shadow stack) support.
 

PsExec v2.34

This PsExec release reverts to sending all PsExec output to stderr so that only target process output emits to stdout.
 

Sigcheck v2.81

Sigcheck v2.81 fixes a bug in filtering output for unsigned VirusTotal unknown files and now reports the signing time for files with untrusted certificate signatures.
 

WinObj v3.10

This WinObj update extends search functionality to include symbolic link targets.
 
6 Comments
Occasional Visitor

After a lot of updates of Process Explorer, I am still not able to have it started on startup on one PC. Error is a problem with assignment between username and security-id. Couldn't find any remedy. Using task manager didn't work.

Visitor
Microsoft

The Process Explorer bug should be resolved with today's v16.41 hotfix release. We're investigating the Sysmon v13.0+ issue.

Regular Visitor

I just updated and was excited to see the filtering functionality in Process Explorer.  Thank you!!!  I was using Process Hacker 2 for just that functionality.  I do have a problem with the System Information window for CPU.  I have an Intel I9-10900K with 20 logical CPUs and the last two graphs overlap the statistics boxes at the bottom when I show one graph per CPU.  It happens no matter what the window size is. I don't know when this issue started.  This is the first time I have updated the suite in at least 6 months.  I don't really use that window often so it is not a big issue for me but I figured I would share.  

cpu.png

 

 

Regular Visitor

I have been able to reliably reproduce a crash in the latest version of process explorer related to the new filtering logic.  If you set a filter and there are no processes by that name running you get an expected empty process list.  If you start an instance of the process you are filtering on after that, process explorer crashes.  It happens every time.  

 

 

Microsoft

Thanks for reporting!

%3CLINGO-SUB%20id%3D%22lingo-sub-2384766%22%20slang%3D%22en-US%22%3EProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203.10%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2384766%22%20slang%3D%22en-US%22%3E%3CDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fprocmon%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EProcess%20Monitor%20v3.80%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EProcess%20Monitor%20is%20the%20latest%20tool%20to%20integrate%20with%20the%20new%20Sysinternals%20theme%20engine%2C%20giving%20it%20dark%20mode%20support.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fsysmon%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ESysmon%20v13.20%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20update%20to%20Sysmon%2C%20an%20advanced%20system%20security%20monitor%2C%20adds%20%22not%20begin%20with%22%20and%20%22not%20end%20with%22%20filter%20conditions%20and%20fixes%20a%20regression%20for%20rule%20include%2Fexclude%20logic.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Ftcpview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ETCPView%20v4.10%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20update%20to%20TCPView%2C%20a%20TCP%2FUDP%20endpoint%20query%20tool%2C%20adds%20the%20ability%20to%20filter%20connections%20by%20state.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fprocess-explorer%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EProcess%20Explorer%20v16.40%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20update%20to%20Process%20Explorer%2C%20an%20advanced%20process%2C%20DLL%20and%20handle%20viewing%20utility%2C%20adds%20process%20filtering%20support%20to%20the%20main%20display%20and%20reports%20process%20CET%20(shadow%20stack)%20support.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fpsexec%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EPsExec%20v2.34%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20PsExec%20release%20reverts%20to%20sending%20all%20PsExec%20output%20to%20stderr%20so%20that%20only%20target%20process%20output%20emits%20to%20stdout.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fsigcheck%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ESigcheck%20v2.81%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3ESigcheck%20v2.81%20fixes%20a%20bug%20in%20filtering%20output%20for%20unsigned%20VirusTotal%20unknown%20files%20and%20now%20reports%20the%20signing%20time%20for%20files%20with%20untrusted%20certificate%20signatures.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsysinternals%2Fdownloads%2Fwinobj%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3EWinObj%20v3.10%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3EThis%20WinObj%20update%20extends%20search%20functionality%20to%20include%20symbolic%20link%20targets.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2384766%22%20slang%3D%22en-US%22%3E%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3ELearn%26nbsp%3Babout%26nbsp%3Bthe%26nbsp%3Blatest%26nbsp%3Bupdates%26nbsp%3Bto%26nbsp%3BProcmon%26nbsp%3Bv3.80%2C%26nbsp%3BSysmon%26nbsp%3Bv13.20%2C%26nbsp%3BTCPView%26nbsp%3Bv4.10%2C%26nbsp%3BProcess%26nbsp%3BExplorer%26nbsp%3Bv16.40%2C%26nbsp%3BPsExec%26nbsp%3Bv2.34%2C%26nbsp%3BSigcheck%26nbsp%3Bv2.81%26nbsp%3Band%26nbsp%3BWinObj%26nbsp%3Bv3.10%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2386369%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2386369%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20a%20lot%20of%20updates%20of%20Process%20Explorer%2C%20I%20am%20still%20not%20able%20to%20have%20it%20started%20on%20startup%20on%20one%20PC.%20Error%20is%20a%20problem%20with%20assignment%20between%20username%20and%20security-id.%20Couldn't%20find%20any%20remedy.%20Using%20task%20manager%20didn't%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2386600%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2386600%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20will%20you%20fix%20this%20bug%20in%20SYSMON%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F289579%2Fpossible-bug-in-1301-failed-to-open-service-config.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F289579%2Fpossible-bug-in-1301-failed-to-open-service-config.html%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2388073%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2388073%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20Process%20Explorer%20bug%20should%20be%20resolved%20with%20today's%20v16.41%20hotfix%20release.%20We're%20investigating%20the%20Sysmon%20v13.0%2B%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2398622%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2398622%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20updated%20and%20was%20excited%20to%20see%20the%20filtering%20functionality%20in%20Process%20Explorer.%26nbsp%3B%20Thank%20you!!!%26nbsp%3B%20I%20was%20using%20Process%20Hacker%202%20for%20just%20that%20functionality.%26nbsp%3B%20I%20do%20have%20a%20problem%20with%20the%20System%20Information%20window%20for%20CPU.%26nbsp%3B%20I%20have%20an%20Intel%20I9-10900K%20with%2020%20logical%20CPUs%20and%20the%20last%20two%20graphs%20overlap%20the%20statistics%20boxes%20at%20the%20bottom%20when%20I%20show%20one%20graph%20per%20CPU.%26nbsp%3B%20It%20happens%20no%20matter%20what%20the%20window%20size%20is.%20I%20don't%20know%20when%20this%20issue%20started.%26nbsp%3B%20This%20is%20the%20first%20time%20I%20have%20updated%20the%20suite%20in%20at%20least%206%20months.%26nbsp%3B%20I%20don't%20really%20use%20that%20window%20often%20so%20it%20is%20not%20a%20big%20issue%20for%20me%20but%20I%20figured%20I%20would%20share.%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22cpu.png%22%20style%3D%22width%3A%20828px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284853i396C89FABE5EF793%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22cpu.png%22%20alt%3D%22cpu.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2421095%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2421095%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20reporting!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2420592%22%20slang%3D%22en-US%22%3ERe%3A%20ProcMon%203.80%2C%20Sysmon%2013.20%2C%20TCPView%204.10%2C%20ProcExp%2016.40%2C%20PsExec%202.34%2C%20Sigcheck%202.81%20and%20WinObj%203%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2420592%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20been%20able%20to%20reliably%20reproduce%20a%20crash%20in%20the%20latest%20version%20of%20process%20explorer%20related%20to%20the%20new%20filtering%20logic.%26nbsp%3B%20If%20you%20set%20a%20filter%20and%20there%20are%20no%20processes%20by%20that%20name%20running%20you%20get%20an%20expected%20empty%20process%20list.%26nbsp%3B%20If%20you%20start%20an%20instance%20of%20the%20process%20you%20are%20filtering%20on%20after%20that%2C%20process%20explorer%20crashes.%26nbsp%3B%20It%20happens%20every%20time.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22e%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎May 25 2021 10:16 AM
Updated by: