Subscribe

Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts

Search

Archives

New tool from SysInternals – SysMon

Post image for New tool from SysInternals – SysMon

by Steve Wiseman on September 12, 2014 · 1 comment

in Tools,Utility,Windows


.

Since Microsoft purchased SysInternals, there has not been much activity out of them over the last few years.

A few weeks ago that changed and they released SysMon.

It is an interesting tool that I think primarily would be used for research and investigations of malware.

At the same time, you might find it useful for debugging, and monitoring process creation and network connections on a specific machine.

It is a service that runs in the background, and needs to be installed from the command line.

Once you download, you can install it like this:

sysmon.exe -i -n

The -n tells it to include network connectivity information.

Once the service is installed, it logs all process creation, and network connections to the event log:

SysMon Event Overview

It is under its own log…so it can be a little hard to find. When you open the event log it is under:

“Applications and Services Logs/Microsoft/Windows/Sysmon/Operational”

The log can build up fast, and it can impact system performance, so use it carefully.

Each entry will show you user, process, and time info:

SysMon Event Log Entry

You can get it from Microsoft here:

http://technet.microsoft.com/en-us/sysinternals/dn798348.aspx

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 1 comment… read it below or add one }

1 Chris D September 17, 2014 at 2:38 pm

Hi Steve,

This is actually a great tool since it hashes the exe files that are launching and creating network connections. I used it a few weeks back to remove some pretty bad malware that none of the cleaners could find or touch.

Thanks for the tips!

Leave a Comment

Category Links - Windows Forum - Exchange Forum