Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.
You can view the entire Sysinternals Live tools directory in a browser at
What's New (October 23, 2013)
PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently with a system, since each will have a dedicated PsExec service.
This major update to Sigcheck, a command-line file version and digital signature verification utility, adds integration with the VirusTotal antivirus scanner aggregation service. Sigcheck can now check the status of a file against over 40 antivirus engines and launch the associated online VirusTotal report, and even upload files for scanning that have not already been scanned by VirusTotal. This release also reports the machine type of executable images, whether 16-, 32-, or 64-bit.
What's New (August 1, 2013)
This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the one that Autoruns is running under.
Process Explorer v15.40
Process Explorer, a Task Manager replacement, now shows WMI providers hosted in Wmiprvse processes (thanks to Mohamed Elghetany for contributions); includes an option that configures it to automatically run when you logon; and introduces a process view column that shows process DPI awareness support on Windows 8.1 systems.
What's New (June 20, 2013)
Mark’s TechEd Sessions Available On-Demand
Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he gives an overview of the deployment and operation of Virtual Machines and Virtual Networks; in Windows Azure Internals Mark goes under the hood of Windows Azure to show its physical and logical datacenter architecture and operation; in Case of the Unexplained you’ll see how to use the Sysinternals tools to solve impossible problems; and in Malware Hunting with the Sysinternals Tools you’ll learn how to use Sysinternals tools to identify and clean malware infestations.
Zoomit is a screen zooming and annotation tool for technical presentations, and this release introduces better support for zooming in on Windows 8 Windows Store applications.
What's New (June 4, 2013)
Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc output.
Sigcheck is a command-line utility for reporting image version and signature information. With this update, Sigcheck now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.
What's New (May 16, 2013)
Procdump is an advanced utility for capturing process memory dumps based on a variety of triggers including CPU usage, memory usage, performance counter values, and exceptions. Version 6.0 is a major upgrade that adds the ability to specify multiple filters, attach to a process by service name, and display/filter-on the message text of a CLR or JScript exception.
What's New (March 21, 2013)
This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory.
Registry Usage (RU) v1.0
Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.