Sysinternals updates Autoruns, Process Explorer, Process Monitor, more
Autoruns now lists print monitors, the DLLs responsible for sending data from the Windows print spooler to the kernel mode print driver. We tried this on a Windows 10 laptop and found 10 installed monitors, mostly relating to PDF and other virtual printers.
Unfortunately, Autoruns listed every monitor DLL as a "file not found", even for standard Windows files which definitely existed, and were stored in the usual locations. This could be a bug: if you see the same thing, don’t delete a print monitor entry until you’ve confirmed that you don’t need it, and the DLL doesn’t exist.
Autoruns 13.70 also extends its WMI support, apparently listing registrations in the WMI\Default namespace. This showed up as blank on our test PC, but we’ll take their word for it for now.
AccessCheck 6.1 has extended its Windows 10 abilities with reports on the new process trust access control entries and token security attributes.
Process Monitor has a new option to display process and thread IDs in hexadecimal format, which is a feature we never realized we needed.
More usefully, Process Monitor, Process Explorer and LiveKD have been updated to comply with the new driver signing policy in recent releases of Windows 10.
Autoruns, Process Monitor and Process Explorer have enhanced high DPI support on their toolbars, and some important bugs have been fixed, including one that might have stopped BgInfo working at all.