Sysinternals new Sysmon tool looks for intruder traces

For the first time in almost two years, Microsoft's Mark Russinovich has added a new tool to the Sysinternals tool suite. The new tool is Sysmon which monitors for and logs certain specific events.

Sysinternals is a set of Windows utility programs first released in 1996, long before Russinovich joined Microsoft. Almost all were written by Russinovich and his then-partner Bruce Cogswell. Sysmon, written by Russinovich and Thomas Garnier, also of Microsoft, is the 73rd tool in the set, and has been used internally at Microsoft for some time.

The point of Sysmon is to monitor for three specific system events which are often used by malicious processes and which can be difficult to separate from the flood of events in a normal Windows system. Sysmon runs as a service using the Local System account and loads very early in the boot process in order to give the best chance of finding the origin of any problems.

Read more at: Sysinternals new Sysmon tool looks for intruder traces | ZDNet
 
I like Sysinternals utilities.
I have Process Explorer installed on my machine (and most of my VMs).
 

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
Back
Top