Sysinternals ships Sysmon 5.0, Process Explorer 16.20
Microsoft Sysinternals has released updates for some of its best tools, including Sysmon 5.0 and Process Explorer 16.20.
Sysmon gets a major update, with new support for recording file creations, Registry create and delete options, value sets and key and value renames.
Other logged events may include process creations and terminations, driver loads, raw disk access reads, network connections made, and more.
The new additions make the tool even more suitable for long-term system monitoring, although it’s also much more awkward to set up than other Sysinternals’ software. Be sure to read the official product page in full if you want to give it a try.
Process Explorer 16.20 has gained a new option to report process Control Flow Guard status.
Click View > Select Columns > Process Image and the Control Flow Guard option is at the bottom of the dialog.
In addition, Process Explorer now dynamically displays process Data Execution Prevention (DEP) status, helping you spot any changes.
Sysmon 5.0 and Process Explorer 16.20 are available now for Windows 7 and later.