Microsoft Installs New Monitoring Tool For Windows

Shortly after its July 2006 purchase of Winternals Software by Mark Russinovich, Microsoft has substituted the established Regmon and Filemon softwares with a device providing sophisticated proficiency for instantaneous screening of registry and process thread movement.

The issue of the novice utility, known as Process Monitor corresponds with the re-introducion of the Sysinternals gateway on Microsoft TechNet as the Sysinternals TechCenter by Windows.

The package records registry and file entry through one window, together with supplying comprehensive data about the recorded activities. Hitherto, three distinct softwares were needed: Regmon, Filemon and Process Explorer. The Process Monitor doesn't serve as a Task Manager substitute, unlike the still accessible Process Explorer.

"Process Monitor is a sophisticated screening device for Windows that instantaneously displays file system, registry and thread movement. It blends the properties of both the legacy Sysinternals softwares, Filemon and Regmon, like thorough and enduring screening, along with panoptic features like session and user IDs, valid data process; complete thread stacks with inbuilt symbol backup, synchronous logging to a file and more. The Process Monitor with its effective properties is sure to become the hub for fixing your system's problems and a toolkit for tracking malicious software," explicates Microsoft.

The esteemed Windows core analyst, Russinovich, who teamed up with the Redmond, Wash. dealer as a Technical Fellow in the Platforms and Services Department, explains Process Monitor as "an effective new screening device that is best explained as Regmon and Filemon on hormones."

Regmon and Filemon are enormously admired by malware investigators who utilize the instantaneous file and registry screening devices to specify alterations effected on an affected OS.

Process Monitor can be employed to follow startup and exit of threads, together with exit status program; check graphic (DLL and core device driver) loadings. It also secures information for process input and output factors and acquires thread stacks to spot the origin of an activity.

The code operates on Windows 2000 along with SP4 and Update Rollup 1, XP on SP2, Server 2003 and Vista plus every x64 variant of XP, Server 2003 and Vista. Process Monitor 1.0 can be transferred from Technet pages of Microsoft's.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 11/13/2006