Windows Systinternals: A Necessity for Every Windows PC Security Toolbox

Have you ever thought about security of your confidential and vital data as well as files and folders stored randomly on your PC? Are you aware of the consequences that you might face, if your valuable data is compromised? If no, then you should immediately install system as well as Internet security software on your PC to safeguard your data from hijackers and identity thieves. Sometimes administrators need to know that what kind of accesses is provided to specific users or groups and how can they avoid the risks associated with these unauthorized access. Hence, Windows Systinternals has come up with numerous tools that can display all these information to the administrators and also allow them to restrict the same.

In this article, you will read about the various Sysinternals Security Utilities that can help you safeguard your valuable data and other confidential information on a huge administered network.

1. RootkitRevealer

RootkitRevealer is an advanced rootkit detection tool and is specially developed for Windows XP and Windows Server 2003, each one following the 32-bit OS architecture. Developed with an aim to detect presence of a user-mode or kernel-mode rootkit in the Registry and file system, the RootkitRevealer is capable of detecting a variety of persistent rootkits including AFX, Vanquish and Hacker Defender. It only detects those rootkits that attempt to hide their files or registry keys and is not meant for those, which don’t attempt to hide their registry keys.

The tool is no longer following the command-line version because many malware developers have started targeting the scan by making the use of RootkitRevealer’s executable name. Therefore, the Sysinternals utility tool executes the scanning process from a random copy, which is already running in the background as a Windows service. It is an effective tool that helps in detecting viruses, spyware, and Trojans, who sit in your system and attempt to hide themselves from antivirus programs and system management utilities.

2. ShareEnum

ShareEnum is an efficient Sysinternals utility tool for overlooking the file shares from a specified PC. The tool allows you to lock down the file sharing on your network and to ask for permission from administrator while trying to share some confidential files. When the file is not provided with any encryption and security measures, the unauthorized users have the full authority to see and access them. But with ShareEnum, you can not only easily restrict the unauthorized access but can also view the various files that have been forcefully shared from your system.

The tool uses NetBIOS enumeration to scan various computers connected to a network and displays their file sharing and printing details along with their security settings. If you are running your computers through a proper network, then this is an efficient yet effective tool for domain administrators to view all file resources and their sharing settings.

3. Sigcheck

Sigcheck, one of the most popular command-line utilities, is widely used by IT developers and technicians to view the file version number and its timestamp information. The tool is capable of producing the digital signature details and the certificate chains that are associated with a particular file. For offering high-end security to the confidential files, the utility tool from Sysinternals includes an option to check their status on VirusTotal, a site used for file scanning against over 40 antivirus engines.

The tool can also:

• Display the information about the extended version
• Scan executable images irrespective of their extensions
• View file hashes
• Display files that are not supported by VirusTotal
• Shows non-zero detection, if the file is not infected by a virus or malware

4. PsLoggedOn

Have you ever bothered to determine that who else is using your PC and its resources, when you are away? Do you think that while leaving your computer alone for a while is all about endangering the crucial data located on its hard drives? If yes, then you might have not heard about the ‘net’ command or ‘net session,’ which allows you to determine that who is using the resources of a remote computer. With PsLoggedOn, you can easily view the information of users who are accessing your device both locally and remotely. An additional feature of this Sysinternal utility tool allows you to know whether a networked user in your neighborhood is currently logged on or not.

Once a user is logged on, their profile is loaded into the Registry and the tool scans the keys under the HKEY_USERS key to seek information about a particular user and his PC activities. Registry keys have specific sections to store user SID (Security Identifier), hence, the tool finds a particular section and display the corresponding username. NetSessionEnum API, another feature, is used by the utility to detect the users who are using the PC and its resources via resource shares.

5. LogonSessions

LogonSessions is a utility tool that can help you log on multiple sessions on a single system. Many users think that they can run a PC while having only one active logon session but it is not true. This tool can help you in displaying the list of the currently active logon sessions. You can also use the ‘–p’ option to list down the details of processes running in each logon session.

Above mentioned are some of the important Sysinternals security utilities that can help you in maintaining and troubleshooting system security requirements. AccessChk, Autologon, PsLogList, SDelete, ShellRunas, PsExec and Process Explorer are some of the other major system security utilities used by IT technicians to fix your PC’s security issues. Download these utilities individually or the full ‘Sysinternals Suite’ to offer an extra layer of security to your networked PC’s. If you are not willing to download these utilities, then you can also use ‘Sysinternals Live’ to execute these utility tools directly from the Internet.

About the Author: Polly M Quinton has been serving at as a tech support engineer and offers tech support to global customers. Polly is known for her skills and wide experience in providing online tech support for laptop, Mac,desktop, iPods,tablets, iPhone, smartphones and virus removal. She has been an active blogger and article writer related to computers, information technology, peripherals and devices. Her articles let users know about the benefits of online tech support, computer support and the latest emerging technologies.