Microsoft Updates the Venerable SysInternal
- 
 Mark Russinovich's baby has its latest update this week: http://windowsitpro.com/windows/sysinternals-updates-now-available-sysmon-accesschk-and-ru Sysmon (now at full version 2.0) – Used as a security tool for detection and analysis, version 2.0 now provides these capabilities: - Driver load and image load events with signature information
- Configurable hashing algorithm reporting
- Flexible filters for including and excluding events
- Support for supplying configuration via a configuration file instead of the command line
 AccessChk (now at version 5.21) – Used to query and display Windows object permissions for things like registry keys, files, services and more, version 5.21 brings: - Reporting permissions as SDDL strings
- New process permission types
- A fix for a bug with showing process security descriptors
 RU (now at version 1.1) – Version 1.1 of RU gets a couple minor but useful feature updates: - Supports loading hive files
- Reports last write timestamp in CSV output
 
- 
 Cool, nice to see those getting regular updates still. 
- 
 For sure. This was one product set that people really feared that Microsoft would discontinue but they really stood by these products and have supported them well. 
- 
 Nabbing a copy right now 
- 
 Thanks for the share 


