Blog Post

Sysinternals Blog
1 MIN READ

Procmon v3.70, Sysmon v13.10, Autoruns v13.99, TCPView v4.01 and WinObj v3.03

Alex_Mihaiuc's avatar
Alex_Mihaiuc
Icon for Microsoft rankMicrosoft
Apr 21, 2021

Procmon v3.70

This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.
 

Sysmon v13.10

This update to Sysmon adds a FileDeleteDetected rule that logs when files are deleted but doesn't archive, deletes clipboard archive if event is excluded and fixes an ImageLoad event bug.
 

Autoruns v13.99

This update to Autoruns fixes a bug that resulted in some empty locations being hidden when the Include Empty Locations option is selected.
 

TCPView v4.01

This update to TCPView refines Quick search to look in IP addresses and ports.
 

Theme Engine

This update to the theme engine uses a custom title bar in dark mode, similar to MS Office black theme. WinObj and TcpView have been updated. Expect more tools using the theme engine in the near future!
 
Published Apr 21, 2021
Version 1.0
  • Алексей Долматов's avatar
    Алексей Долматов
    Copper Contributor
    Apr 21, 2021

    Note: before updating Autoruns v13.99, carefully check the operation of the program.

    In Windows 10 20H2 (Russian localization) with up-to-date updates, crashes of the program were noticed right away when scanning in 64-bit, as well as incorrect data for receiving data about publisher (microsoft) for some objects in both bits.

    Spoiler
    Имя сбойного приложения: Autoruns64.exe, версия: 13.99.0.0, метка времени: 0x607c5a46
    Имя сбойного модуля: Autoruns64.exe, версия: 13.99.0.0, метка времени: 0x607c5a46
    Код исключения: 0xc0000005
    Смещение ошибки: 0x000000000006cd15
    Идентификатор сбойного процесса: 0xda0
    Время запуска сбойного приложения: 0x01d736f22a6a924b
    Путь сбойного приложения: C:\Users\Dolma\Downloads\Autoruns64.exe
    Путь сбойного модуля: C:\Users\Dolma\Downloads\Autoruns64.exe
    Идентификатор отчета: 68e81b15-e577-4cb1-86c2-1924064c08f0
    Полное имя сбойного пакета:
    Код приложения, связанного со сбойным пакетом:

    I know that the code 0xc0000005 often means a problem outside a program. Sometimes in a program. In this case, multiple users reported the error.

  • Gary Shapiro's avatar
    Gary Shapiro
    Copper Contributor
    Apr 22, 2021

    Autoruns64 13.99 crashes on launch Windows 10 20H2 for me too.  Autoruns works fine.  Please look into this.

  • MikeVirtual's avatar
    MikeVirtual
    Copper Contributor
    Apr 21, 2021

    Same experience as above.

     

    Autoruns64 13.99 crashes on launch Windows 10 20H2

     

    Faulting application name: Autoruns64.exe, version: 13.99.0.0, time stamp: 0x607c5a46
    Faulting module name: Autoruns64.exe, version: 13.99.0.0, time stamp: 0x607c5a46
    Exception code: 0xc0000005
    Fault offset: 0x000000000006cd15
    Faulting process ID: 0x1fe0
    Faulting application start time: 0x01d736f88a7e2447
    Faulting application path: C:\Windows\Autoruns64.exe
    Faulting module path: C:\Windows\Autoruns64.exe
    Report ID: 01ca51c3-fcfa-4ebc-a8cf-5383a3c6ebb4
    Faulting package full name:
    Faulting package-relative application ID:

  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor
    Apr 22, 2021

    Thank you for these cool updates from sysinternals.

    May I request update the Blue Screen (sysinternals) screen server too?

    It is still showing styles for Windows 7 and Windows XP and I believe user need to select style to be like Windows 10 too.

     

  • Victor_S685's avatar
    Victor_S685
    Copper Contributor
    Apr 23, 2021

    Windows 10 21H1. Autoruns 13.99 crashes on startup, with the name of the faulty module CRYPT32.dll, unlike Autoruns64.

     

    Faulting application name: Autoruns.exe, version: 13.99.0.0, time stamp: 0x607c5aa9
    Faulting module name: CRYPT32.dll, version: 10.0.19041.844, time stamp: 0xa04ed391
    Exception code: 0xc0000005
    Fault offset: 0x0001f092
    Faulting process ID: 0x172c
    Faulting application start time: 0x01d73813100823b8
    Faulting application path: Z:\Zagruzki\Autoruns\Autoruns.exe
    Faulting module path: C:\WINDOWS\System32\CRYPT32.dll
    Report ID: 109122c7-f54f-4232-bd00-4d6ecce1abc4\
    Faulting package full name:
    Faulting package-relative application ID:

  • sufan's avatar
    sufan
    MVP
    May 08, 2021

    Procmon64 v3.70 crashes on launch Windows 10 21H1

     

    错误应用程序名称: Procmon64.exe,版本: 3.70.0.0,时间戳: 0x608049ce
    错误模块名称: Procmon64.exe,版本: 3.70.0.0,时间戳: 0x608049ce
    异常代码: 0xc0000409
    错误偏移量: 0x0000000000091761
    错误进程 ID: 0x4944
    错误应用程序启动时间: 0x01d7431de345df5e
    错误应用程序路径: C:\Users\fansu\SysinternalsSuite\Procmon64.exe
    错误模块路径: C:\Users\fansu\SysinternalsSuite\Procmon64.exe
    报告 ID: 6381c63b-5007-4249-b954-1bdb93208ca7
    错误程序包全名:
    错误程序包相对应用程序 ID: