14 DAY TRIAL // The Sysinternals Suite has received a new welcome update, and this time the highlight is the introduction of a new Sysmon version that brings lots of new capabilities.
The update Sysinternals Suite, which has reached version 27.04.2020, comes with Sysmon 11.0, one of the biggest updates in a long time.
The official changelog speaks for itself and provides a closer look at what’s coming to users with the release of Sysmon 11.0:
“This major update to Sysmon includes file delete monitoring and archive to help responders capture attacker tools, adds an option to disable reverse DNS lookup, replaces empty fields with ‘-‘ to work around a WEF bug, fixes an issue that caused some ProcessAccess events to drop, and doesn’t hash main data streams that are marked as being stored in the cloud.”
All Windows versions supported
For starters, Sysmon installs as a Windows system service that logs system activity, such as the hash of process image files using SHA1 (the default), MD5, SHA256 or IMPHASH. Furthermore, it logs the loading of drivers or DLLs with their signatures and hashes, while also detecting changes in file creation time.
“By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. Note that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers,” Microsoft explains.
Sysinternals Suite can be installed on any Windows version (Windows 7 is still supported, despite not receiving any updates since January this year after officially reaching the end of support).
You can download the Sysinternals Suite from Softpedia using this link to give a try to all the improvements detailed above.