To improve the Operating System’s internal security and the devices running on Windows 10, Microsoft has released the Sysmon v13 to the public. Sysmon is a Sysinternals tool for Windows 10 that can be used to detect system anomalies.
Download Sysmon v13.01 for Windows 10
In version 13 of the tool, Microsoft has added the capacity to detect the process hollowing technique used by attackers. Process hollowing is used to execute unauthorized and malicious commands on an infected Windows system even though the actions are shown to be coming from a legitimate process of the OS.
Besides, the latest version of Sysmon would also contain protection from process Herpaderping. Despite the wacky name, hackers use Process Herpaderping to launch a process that does not share its true intentions. The malware behind would intelligently modify the content on a disk to give a clear image for the procedure.
In the past, many malware attacks, including TrickBot, BazarBackdoor, and the Malto/defray777 ransomware attack, had used Herpaderping to bypass the built-in protection from the OS as well as the antivirus suite.
Starting from now, Windows 10 can automatically detect and prevent Process Herpaderping, thanks to the new version of Sysmon. Apart from detecting process hollowing and Process Herpaderping, Sysmon can also do some other things.
For instance, Sysmon 13 can now generate events in the early stage of the boot process. Doing so will help the Sysinternals tools to find if there are any kernel-mode malware on the system. There are also some advanced options for setting up filters and logs.
Similarly, the full control options for the logs process creation of processes can also help the tool perform better when it comes to notifying users.
Microsoft has shared information on installing and using the new tool in the documentation section of this security utility. There is also an official link from where you can download the latest version.
Your PC must be running Windows 7 or later or Windows Server 2008 R2 or later to support this new Sysinternals tool, by the way. On Windows 10, though, Sysmon 13 will work more effectively.
