Microsoft Sysinternals has released updates for some of its best tools, including Sysmon 5.0 and Process Explorer 16.20.
Sysmon gets a major update, with new support for recording file creations, Registry create and delete options, value sets and key and value renames.
Other logged events may include process creations and terminations, driver loads, raw disk access reads, network connections made, and more.
The new additions make the tool even more suitable for long-term system monitoring, although it’s also much more awkward to set up than other Sysinternals’ software. Be sure to read the official product page in full if you want to give it a try.