Since Microsoft purchased SysInternals, there has not been much activity out of them over the last few years.
A few weeks ago that changed and they released SysMon.
It is an interesting tool that I think primarily would be used for research and investigations of malware.
At the same time, you might find it useful for debugging, and monitoring process creation and network connections on a specific machine.
It is a service that runs in the background, and needs to be installed from the command line.
Once you download, you can install it like this:
sysmon.exe -i -n
The -n tells it to include network connectivity information.
Once the service is installed, it logs all process creation, and network connections to the event log:
It is under its own log…so it can be a little hard to find. When you open the event log it is under:
“Applications and Services Logs/Microsoft/Windows/Sysmon/Operational”
The log can build up fast, and it can impact system performance, so use it carefully.
Each entry will show you user, process, and time info:
You can get it from Microsoft here:
http://technet.microsoft.com/en-us/sysinternals/dn798348.aspx
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 1 comment… read it below or add one }
Hi Steve,
This is actually a great tool since it hashes the exe files that are launching and creating network connections. I used it a few weeks back to remove some pretty bad malware that none of the cleaners could find or touch.
Thanks for the tips!