Just a short note for Windows users and administrators. Mark Russinovich released the tools SYSMON v9.0 and AUTORUNS v13.94 from the Sysinternals suite on February 19, 2019.
Advertising
It had already been expected for a few days, as I noticed see from various tweets. Then I was already informed about the update on Thursday by the following tweet (thanks to @PhantomofMobile).
SYSMON v9.0 and AUTORUNS v13.94 HAVE BEEN RELEASED:
There still maybe some delay in realizing.ICYMI: @SBSDiva @AskWoody @AdminKirsty @thurrott @maryjofoley @bdsams @mehedih_ @ruthm @SwiftOnSecurity @pcper @MalwareJake @tweet_alqamar @JobCacka @etguennihttps://t.co/oOZMOgkSE9
— Crysta T. Lacey (@PhantomofMobile) 21. Februar 2019
The description of the changes in this Technet article is very compact – there are smaller fixes and group rules in Sysmon:
- Sysmon 9.0; Sysmon v9.0 introduces rule groups that enable the specification of AND or OR matching logic across a set of rules. It also fixes a memory leak in signature verification.
- Autoruns 13.94: This Autoruns update fixes a bug that prevented the correct display of the target of image hosts such as svchost.exe, rundll32.exe, and cmd.exe.
The links points to the descriptions with the download addresses of these free tools.
Advertising