Sysmon is one of the newest tools added to the Sysinternals suite. From this single screen it’s easy to spot problem applications and then use the filtering tool to dive deeper into the process to determine exactly what’s going on. A Process Activity Summary screen available from the Tools menu presents a visual picture of all active processes with graphs of file, network and registry activity. The real power behind Process Monitor comes from the summary tools and filtering feature. Figure 1 shows a screenshot of the Process Monitor screen with information gathered over a few seconds. The biggest problem most people have with using Process Monitor is the sheer amount of information it produces. It provides a real-time view of all file system, Windows Registry and process activity for each running process. Process Monitor is one of those tools you wish you’d known about a long time ago. It will also show the owner of each running process. Process Explorer is the tool to use for identifying files, DLLs, registry keys and other objects attached to a running process.
Process Explorer is currently at version 16.03 and has been around in one form or another since the days of Windows NT.
The two most popular tools, Process Explorer and Process Monitor, provide deep insight into the inner workings of Microsoft Windows. Many experienced system administrators keep either a USB key or a CD with the entire suite of Sysinternal tools at the ready. Sysinternals Process Explorer, Process MonitorĪll Sysinternals tools are free to download and provide information you can use to do your own sleuthing. If you really want to dig deep, you’ll want to take a look at the Windows Sysinternals Administrator’s Reference book. You’ll also find links to webcasts and other training materials to help get you up to speed on the entire suite of tools.
Some tools overlap different categories and make it possible to perform both system maintenance and security tasks. The Sysinternals website provides links to a wide range of tools categorized into functional areas. It’s worth taking time to browse his blog and watch recorded sessions from TechEd. Russinovich’s blog contains a long list of articles documenting how different system problems, including security issues, were analyzed using Sysinternals tools. While he spends most of his time focusing on the Azure platform, he remains involved with the development of the tools his company created.Īt Microsoft events like TechEd, Russinovich presentations on Sysinternals tools are often standing room. Microsoft acquired Sysinternals in 2006, and today Mark Russinovich is a technical fellow in the Cloud and Enterprise division. If you’ve even a modicum of experience with more than a few versions of Microsoft Windows, you’ve probably heard of Sysinternals and know the name Mark Russinovich.
0 kommentar(er)
