Sysmon gets a major update, with new support for recording file creations, Registry create and delete options, value sets and key and value renames.
Other logged events may include process creations and terminations, driver loads, raw disk access reads, network connections made, and more.
The new additions make the tool even more suitable for long-term system monitoring, although it’s also much more awkward to set up than other Sysinternals’ software. Be sure to read the official product page in full if you want to give it a try.
Process Explorer 16.20 has gained a new option to report process Control Flow Guard status.
Click View > Select Columns > Process Image and the Control Flow Guard option is at the bottom of the dialog.
In addition, Process Explorer now dynamically displays process Data Execution Prevention (DEP) status, helping you spot any changes.