Process Explorer provides you with information that the Windows Task Manager does not offer. While you can use the default task manager to check the running processes on a system, that is about as far as it goes.
Process Explorer adds a multitude of information so that you can check each running process thoroughly on the system. It is for instance possible to check command line parameters that a process was started with, get a list of all of a processes' threads, files and Registry keys that it makes use of, or get detailed performance or network statistics.
It is a program for professionals mostly, but it has its uses for regular users as well. The most recent version of Process Explorer was released today to Microsoft's Windows Sysinternals website.
Process Explorer 16 introduces Virustotal support to the application. Here is how this works.
When you start Process Explorer you can enable Virustotal checks in two ways. You can either right-click any process listed by the application and select the "check Virustotal" option from the context menu, or select Options > Virustotal.com > Check Virustotal instead.
Process Explorer will check file hashes on Virustotal by default, and display the results in its interface. The process itself does not take long, and you should see the number of hits and the total number of engines used to scan the file in the Process Explorer window.
What happens when an unknown executable is discovered? Nothing, unless you enable the sending of unknown executables under Options > Virustotal.com.
If you do, unknown files get automatically transferred to Virustotal where they are scanned by all malware engines. The result is then displayed by Process Explorer, and is also available to all other users who may run into the same file on their system.
All Virustotal results are links, which means that you can click on a link to be taken to the review page on Virustotal to access the detailed results of the scan.
Integration of Virustotal adds another useful feature to Process Explorer, Especially the ability to quickly scan all running processes for traces of malware needs to be mentioned here, as it enables you to quickly scan everything that is running on the system.
The scanning is unobtrusive and works well, provided that you do not run any files that are greater than the maximum allowed file size of Virustotal. (via Carsten Knobloch)Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.