New versions of Procmon and Sysmon were released.
Sysmon supports a new rule: FileDeletedDetected. Use it to log deletions (without archiving the deleted file).
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
