Microsoft offers new versions of Autoruns and Procdump. In particular, Autoruns v12.0 offers an important new feature for the security minded admin.
Latest posts by Michael Pietroforte (see all)

Procdump is perhaps more a tool for developers than for admins. The command line tool allows users to create crash dumps of malfunctioning applications based on various triggers, such as CPU and memory thresholds. Procdump v7.0 “has improved support for lightweight reflection dumps on Windows 7 and Windows 8, adds debug print statements as a new trigger type, has support for memory commit duration triggers, and now includes an option to unregister Procdump as the system last-chance exception debugger.”

Autoruns is the most sophisticated start-up monitor I know, and it belongs in every admin’s toolbox. It allows users to view all auto-starting programs on a Windows machine. I must admit that lately, I have been using the Sysinternals tools less frequently because the start-up tab in the Windows 8.1 Task Manager is usually faster to access. Autoruns v12.0 adds the ability to view batch files and executable image entries in the WMI database. Malware programmers might use such entries more often when the new WIMBoot feature in Windows 8.1 gains popularity.

Subscribe to 4sysops newsletter!

Autoruns v12.0

Autoruns v12.0

+1
0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account