Mark Russinovich, revealed the features added to the updated versions of Autoruns 13.90 and Sysmon 8.0. The latest update to these system diagnostic utilities includes several new features.
As per the release note, the updated version of Sysmon 8.0 adds rule tagging to it resulting in appearance of tags in event log entries that they generate. It further expands the logged command-line length. In addition to this, the update also fixes a GUID printing bug which was present in the parent process GUIDs and prints friendly registry path names for easy renaming.
Autoruns, which is a comprehensive autostart entry point (ASEP) manager for Windows, now includes Runonce\*\Depend keys, GPO logon and logoff locations. It also fixes a bug present in WMI path parsing. According to Microsoft, simply running Autoruns will show the currently configured auto-start applications as well as the complete Registry and file system locations available for auto-start configuration.
The document further reveals, “Autoruns‘ Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.”
The updates will be helpful for the system admins and technicians in diagnosing work stations and systems.