// This is the script to give summary on the main page.
Think IPM

Tuesday, February 21, 2017

New Versions of our favorite tools.

Just noticed that some of the tools we (at least I!) love and rely on has been updated. (You can find the complete list here.) From the list of updated ones, I wanted to bring attention to some of the ones that I consider truly indispensable and one in particular that gets very little press.image

· AutoRuns
· Process Monitor
· Process Explorer
· SysMon

I think SysMon is probably the least known from the list above, but maybe one of the most useful. For those who are not familiar, this tool installs very easily from the command line, creates a service, a new EventLog, starts itself up and immediately goes to work. One of the many benefits of the tool is that it installs as a boot-level driver, so it can capture information very early on in the boot process all the way through the logon and beyond.

I like to think of it almost like an Application level WireShark type of tool. It will log every access from your system by any application and tell you the name of the app, what it attempted to do and to where it attempted to do it. I have been able to track down everything from rogue add-ins in Office applications communicating to websites, to performance issues due to over-zealous security applications wreaking havoc on a system. [Ping me if you want to know which one].

To install it, you just run the app with three switches, SysMon.exe -i –n –AcceptEULA

clip_image002

Then launch any application (e.g. Excel) and go to the EventLog (Applications and Services Logs/Microsoft/Windows/Sysmon/Operational) to check out what it really does to your system:

clip_image004

There will be multiple entries for every application depending on what it is doing to your system, so go through the log.

Do you have any particular tool that you find indispensable? Let us know in the comments and we might even review it! Winking smile

Aaron Silber 
Follow Aaron on twitter at @amsilber


P.S. - · AutoRuns is my favorite! (me)  – It’s the quickest way to enable/disable things auto running on your system.  Excellent for cleaning out and tweaking system login times.

blog comments powered by Disqus Blog Widget by LinkWithin