cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TCPView v4.0, PsExec v2.33, WinObj v3.02 and Sysmon v13.02
By
lukekim
Published Mar 23 2021 12:25 PM 21.4K Views
lukekim
Microsoft
‎Mar 23 2021 12:25 PM

TCPView v4.0, PsExec v2.33, WinObj v3.02 and Sysmon v13.02

‎Mar 23 2021 12:25 PM

TCPView v4.0

This major update to TCPView adds flexible filtering, support for searching, and now shows the Windows service that owns an endpoint. It is also the second Sysinternals tool to feature the new theme engine with dark mode.
 

PsExec v2.33

This update to PsExec mitigates named pipe squatting attacks that can be leveraged by an attacker to intercept credentials or elevate to System privilege. the -i command line switch is now necessary for running processes interactively, for example with redirected IO.
 

WinObj v3.02

This WinObj release fixes a bug that could cause it to crash.
 

Sysmon v13.02

This Sysmon update fixes a crash that could be caused by file deletion events, fixes the "is any" rule predicate, and adds several configuration parsing performance improvements.
 
7 Comments
Luigi Bruno
Steel Contributor
‎Mar 23 2021 03:00 PM
‎Mar 23 2021 03:00 PM

Great improvement for a very useful tool. Thank you.

bughit
Copper Contributor
‎Mar 24 2021 06:50 PM
‎Mar 24 2021 06:50 PM

tcpview suggestions:

 

  • "show unconnected" toggle from 3.x
  • column to show incoming vs outgoing tcp connection
  • highlighting (background color) of established tcp connections
    • different colors for incoming and outgoing
  • column reordering
  • minimize to tray

thanks

0 Likes
Like
Christoph_Schneegans
Copper Contributor
‎Mar 25 2021 09:55 PM
‎Mar 25 2021 09:55 PM

It seems the latest download from https://download.sysinternals.com/files/SysinternalsSuite.zip (published "March 23, 2021") contains two files named "Tcpview.exe" and "tcpview.exe". "tcpview.exe" appears to be the current version 4.0, while "Tcpview.exe" is the older version 3.5, which was built in 2011 according to its file properties.

0 Likes
Like
JohnMoosenl
Copper Contributor
‎Mar 31 2021 05:06 AM
‎Mar 31 2021 05:06 AM

Bug:

TCPview 4.0 crashes when you only have TCP v4 selected and switch that off.

It does that too with TCP v6, only after some time.

 

Thanks

0 Likes
Like
alex335678
Brass Contributor
‎Mar 31 2021 08:53 PM
‎Mar 31 2021 08:53 PM

Any way to optimize ImageLoad events?  This really kills performance but it is a best practice recommendation from most security team guidance.  For example, https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml configuration has this enabled but decreases any server performance between 15-40% at any given time. 

 

Is there any hope to see an open source version that the community can hope to optimize?

 

Thanks!

 

0 Likes
Like
NijazVista
Copper Contributor
‎Apr 05 2021 06:10 AM
‎Apr 05 2021 06:10 AM

Can you please fix Process Explorer? Status bar displays "paused" when we press pause sometimes twice, sometimes in place of physical RAM or other value, sometimes not at all, so difficult to know if that task manager is paused. Also can you add feature so that it automatically pauses when in background or minimized, so it uses less CPU? So I want you to fix status bar, where various values disappear, or appear or get corrupted, and ability for auto pause, hope you understand.

0 Likes
Like
Melchior150
Copper Contributor
‎Apr 06 2021 09:42 PM
‎Apr 06 2021 09:42 PM

Mark thanks for the update to TCPView

0 Likes
Like
Version history
Last update:
‎Mar 23 2021 12:25 PM
Updated by: