What's New in v1.1.0
New Workspaces
- Event Log Viewer — Parse .evtx files or query live Windows Event Log channels. "This Computer" auto-loads Application, System, Security, and Setup in parallel. Event Viewer-style nested tree sidebar, severity badges, channel grouping, and resizable detail pane.
- Sysmon Dashboard — Full Sysmon analysis workspace: open .evtx files or query the live Sysmon event log. Dashboard with metric cards, event type chart, timeline histogram, security alerts, and top process/network/DNS/registry lists. Events table with virtual scrolling and severity filtering. Classifies 23 Sysmon event types with structured field extraction.
Intune Enhancements
- Microsoft Graph API integration (Windows, opt-in) — Resolve app GUIDs to display names via Graph API. Authenticates silently using WAM with the device's existing Entra ID session — no app registration required. Pre-populate cache fetches apps, remediation scripts, platform scripts, and shell scripts. Gated behind Settings > Graph API toggle.
- AppWorkload enrichment — Parse "Get policies" JSON payloads to build GUID-to-app-name mappings. InfoPane shows resolved app names, structured policy metadata cards, and decoded base64 PowerShell detection scripts.
- Activity view — Groups timeline events by app into collapsible cards with worst status, event count, duration, and parsed structured fields (intent, detection, applicability, reboot, enforcement).
- GUID Registry dialog — Searchable table of all GUID-to-app-name mappings with source confidence ranking and tabbed view (All/Apps/Scripts/Remediations).
- SideCarScriptDetectionManager events — PowerShell script detection lifecycle events in the Intune timeline.
Log Viewer Features
- Settings dialog — Full settings UI replacing the Accessibility dialog: Appearance, Columns, Behavior, Updates, File Associations tabs. Ctrl+, to open.
- Context menu — Right-click any log row for Copy, Jump to Line, Quick Filter, Reveal in File Manager, and Error Lookup via native OS menu.
- Multi-file unified timeline — Merge entries from multiple open log files into a single time-sorted view with color-coded source borders and cross-file timestamp correlation.
- Session save/restore — Save workspace state to .cmtrace JSON files (Ctrl+Shift+S). Files integrity-checked with SHA-256 hashes on restore.
- Log diff — Compare two open log files side-by-side or inline. Fuzzy matching normalizes GUIDs and timestamps for smarter diffing.
- Resizable InfoPane, Jump to Line, Reveal in File Manager, Quick Filter
Bug Fixes
- Rotated AppWorkload files now correctly parse as LogicalRecord framing
- GUID extraction prefers "for app " patterns over generic first-GUID matching
- Session save no longer silently fails when no tabs are open
- Session restore no longer bails entirely when saved files are missing
- Tab close properly clears log content, filters, and UI state
Downloads
───────────────────────────────┬────────────────────────────────────
File │Description
───────────────────────────────┼────────────────────────────────────
CMTrace-Open_1.1.0_x64.msi │MSI installer (includes Full + Lite)
───────────────────────────────┼────────────────────────────────────
CMTrace-Open_1.1.0_x64.exe │Standalone full edition
───────────────────────────────┼────────────────────────────────────
CMTrace-Open-Lite_1.1.0_x64.exe│Standalone lite edition
───────────────────────────────┴────────────────────────────────────
