Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.
You can view the entire Sysinternals Live tools directory in a browser at
What's New (January 29, 2014)
Process Explorer v16.0
Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.
What's New (January 21, 2014)
This is a major release to PsPing, a command-line utility that tests network bandwidth and latency. Version 2.0 adds UDP latency and bandwidth testing, support for timed tests, introduces custom histogram support, has an option for automatically opening Windows firewall ports during execution, and includes usability enhancements.
What's New (December 19, 2013)
Disk2vhd, a utility for performing physical-to-virtual conversion of Windows systems, adds support for VHDX-formatted VHDs (thanks to Brendan Gruber for contributions), now supports WinRE volumes, can capture removable media, and includes an option to capture live volumes instead of relying on volume shadow copy (VSS).
What's New (October 23, 2013)
PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.
This major update to Sigcheck, a command-line file version and digital signature verification utility, adds integration with the VirusTotal antivirus scanner aggregation service. Sigcheck can now check the status of a file against over 40 antivirus engines and launch the associated online VirusTotal report, and even upload files for scanning that have not already been scanned by VirusTotal. This release also reports the machine type of executable images, whether 16-, 32-, or 64-bit.
What's New (August 1, 2013)
This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under.
Process Explorer v15.40
Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems.
What's New (June 20, 2013)
Mark’s TechEd Sessions Available On-Demand
Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations.
Zoomit is a screen zooming and annotation tool for technical presentations, and this release introduces better support for zooming in on Windows 8 Windows Store applications.