github adamgell/cmtraceopen v1.1.0
CMTrace Open v1.1.0
on GitHub

latest release: v1.2.0
11 days ago

What's New in v1.1.0

New Workspaces

  • Event Log Viewer — Parse .evtx files or query live Windows Event Log channels. "This Computer" auto-loads Application, System, Security, and Setup in parallel. Event Viewer-style nested tree sidebar, severity badges, channel grouping, and resizable detail pane.
  • Sysmon Dashboard — Full Sysmon analysis workspace: open .evtx files or query the live Sysmon event log. Dashboard with metric cards, event type chart, timeline histogram, security alerts, and top process/network/DNS/registry lists. Events table with virtual scrolling and severity filtering. Classifies 23 Sysmon event types with structured field extraction.

Intune Enhancements

  • Microsoft Graph API integration (Windows, opt-in) — Resolve app GUIDs to display names via Graph API. Authenticates silently using WAM with the device's existing Entra ID session — no app registration required. Pre-populate cache fetches apps, remediation scripts, platform scripts, and shell scripts. Gated behind Settings > Graph API toggle.
  • AppWorkload enrichment — Parse "Get policies" JSON payloads to build GUID-to-app-name mappings. InfoPane shows resolved app names, structured policy metadata cards, and decoded base64 PowerShell detection scripts.
  • Activity view — Groups timeline events by app into collapsible cards with worst status, event count, duration, and parsed structured fields (intent, detection, applicability, reboot, enforcement).
  • GUID Registry dialog — Searchable table of all GUID-to-app-name mappings with source confidence ranking and tabbed view (All/Apps/Scripts/Remediations).
  • SideCarScriptDetectionManager events — PowerShell script detection lifecycle events in the Intune timeline.

Log Viewer Features

  • Settings dialog — Full settings UI replacing the Accessibility dialog: Appearance, Columns, Behavior, Updates, File Associations tabs. Ctrl+, to open.
  • Context menu — Right-click any log row for Copy, Jump to Line, Quick Filter, Reveal in File Manager, and Error Lookup via native OS menu.
  • Multi-file unified timeline — Merge entries from multiple open log files into a single time-sorted view with color-coded source borders and cross-file timestamp correlation.
  • Session save/restore — Save workspace state to .cmtrace JSON files (Ctrl+Shift+S). Files integrity-checked with SHA-256 hashes on restore.
  • Log diff — Compare two open log files side-by-side or inline. Fuzzy matching normalizes GUIDs and timestamps for smarter diffing.
  • Resizable InfoPane, Jump to Line, Reveal in File Manager, Quick Filter

Bug Fixes

  • Rotated AppWorkload files now correctly parse as LogicalRecord framing
  • GUID extraction prefers "for app <GUID>" patterns over generic first-GUID matching
  • Session save no longer silently fails when no tabs are open
  • Session restore no longer bails entirely when saved files are missing
  • Tab close properly clears log content, filters, and UI state

Downloads

File Description
CMTrace-Open_1.1.0_x64.msi MSI installer (includes Full + Lite)
CMTrace-Open_1.1.0_x64.exe Standalone full edition
CMTrace-Open-Lite_1.1.0_x64.exe Standalone lite edition
Check out latest releases or
releases around adamgell/cmtraceopen v1.1.0

Don't miss a new cmtraceopen release

NewReleases is sending notifications on new releases.

Get notifications