We'd love to hear about it! Click here to go to the product suggestion community
Given how useful the Sysinternals suite of tools is, it's probably worth a quick post to show how these can be obtained and used via Live Response to save disrupting an end user.
Thankfully Sysinternals exposes the tools at the following location:
Therefore, given the power of PowerShell, we can download Process Monitor, run a trace and zip up the file. To do so, the following commands can be issued:
The above sequence are all PowerShell commands, of course you could create a directory with 'mkdir' and 'CD' to it first.
Once you have obtained the zip file, i.e. copied to a filer location or asked the end user to send it, you can delete the directory if needed.
It is worth bearing in mind that some of the Sysinternals tools maybe classified as PUAs until authorised. E.g. PsExec, PsKill.
I hope the above is a helpful!