Microsoft Sysinternals has just announced its round of updates for April, this time including updates for Sysmon, Autoruns, Regjump and Process Monitor.
Background monitor Sysmon 3.0 now reports remote thread creation events, perhaps improving the chance of detecting code injection attempts. Process names have been added to process terminate events, and filters are more flexible and easier to use.
Windows startup manager Autoruns 13.3 extends its range still further by reporting Group Policy Extensions (client-side DLLs which do the work of implementing a policy). More usefully for the average user, it now shows the target of hosting processes like cmd.exe and rundll32.exe, helping you understand what they might be doing.
Console tool Regjump 1.1 gains a -c switch, requesting it to open Regedit to the path stored in the clipboard.
Finally, Process Monitor 3.11 is a maintenance release which fixes a couple of bugs: a potential crash in the Stack Summary dialog, and a problem which could prevent boot monitoring on Windows 10.
Your Comments & Opinion