LOG-MD version 2.2.1 is available

Version 2.2.1 is out! It took us a while because we converted LOG-MD to Unicode to better support foreign language and other Windows API and Unicode characters. This introduced a lot of bugs that had to be fixed to the Unicode format.

With version 2.2 and later the 32bit version of LOG-MD Free Edition is no longer supported. Microsoft has announced it has End-of-Lifed Windows 32bit, so it is now only available to LOG-MD-Professional users on request.

We added several new features:

  • Converted all whitelists and settings files to UNICODE to be more compatible with Windows internals

  • Converted to using .TMP files to make consumption to log management easier

  • Added -a option that runs just the audit check

  • Updated -c to be just a configuration check

  • Added -99 to harvest all existing log events that LOG-MD harvests (Pro only)

  • Added -proc Running Processes and Modules check

  • Added -vt so VirusTotal can be run with -ar and -proc (Pro only)

  • Added MasterDigest_3rd_Party.txt to store VT and other results separate from the MasterDigest (Pro only)

  • Added Report_Remote_Access.csv to record RDP session activity (Pro only)

  • Added more user details to Report_User_Activity.csv

  • Added Admin tools executing in odd place to Interesting Artifacts report (Pro only)

  • Added files with unicode characters to the Interesting Artifacts report (Pro only)

  • Added Producer Consumer Ratio (PCR) to the SRUM report (Pro only)

  • Separate reports are now created for Autoruns with and without Virustotal (Pro only)

  • Updated Quick Start Guide and Manual

  • Other minor bugs and improvements, fixed Win 7 Autoruns issue that left out many known locations