Skip to main content

Windows Sysinternals

The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Get up to speed fast!

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool's Sysinternals Live path into Windows Explorer or a command prompt as<toolname> or  \\\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at

What's New What's New

What's New (August 29, 2016)

  • Autologon v3.1
    Autologon, a utility that configures Windows to automatically log on a specified user account after booting, now validates the entered credentials before accepting them.

What's New (July 29, 2016)

  • Sysmon v4.11
    Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, now includes the ability to log process opens of other processes. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. It also adds a configuration switch that disables checks of Certificate Revocation List (CRL) servers for digital signature validation, preventing Sysmon-initiated network activity.

What's New (July 4, 2016)

  • Sysinternals Support for Nano Server
    Over 40 of the Sysinternals tools now support Nano Server! You can download the full set by clicking on the Sysinternals Nano Server Suite on the Sysinternals suite page, and each tool that supports Nano Server reports that on its download page. The Nano versions are also compatible with 64-bit Windows and have “64.exe” as their suffix in the download files. Many of the updated tools include bug fixes as well. Check out the Channel 9 Defrag Tools episode where Mark and Andrew Mason, Program Manager for Nano Server, describe Nano Server, show how the tools work on Nano Server, and describe how the tools were ported.

What's New (April 28, 2016)

  • Sysmon v4.0
    This release of Sysmon, an advanced background monitor that records process-related activity to the event log for use in intrusion detection and forensics, introduces more powerful filtering capabilities, allowing for both include and exclude rules to be specified for specific events types, as well as complex matching on different event fields.
  • Procdump v8.0
    Procdump, a utility for capturing process dump files based on CPU, memory, and other triggers, has improved support for lightweight reflection dumps on Windows 7 and Windows 8, now creates a named event that can be signaled by another process to gracefully terminate it, does more intelligent default path searches for the debugging tools libraries, and makes trigger timing and repeat behaviors consistent across trigger types.

What's New (February 2, 2016)

  • Sigcheck v2.5
    This update to Sigcheck, a command-line utility that reports detailed information about images, including their signatures and VirusTotal status, as well as certificate stores, now reports all the signatures of images that have multiple signers.