Process Explorer 16.0 brings Virustotal support

Martin Brinkmann
Jan 30, 2014
Antivirus, Software

Process Explorer provides you with information that the Windows Task Manager does not offer. While you can use the default task manager to check the running processes on a system, that is about as far as it goes.

Process Explorer adds a multitude of information so that you can check each running process thoroughly on the system. It is for instance possible to check command line parameters that a process was started with, get a list of all of a processes' threads, files and Registry keys that it makes use of, or get detailed performance or network statistics.

It is a program for professionals mostly, but it has its uses for regular users as well. The most recent version of Process Explorer was released today to Microsoft's Windows Sysinternals website.

Process Explorer 16 introduces Virustotal support to the application. Here is how this works.

When you start Process Explorer you can enable Virustotal checks in two ways. You can either right-click any process listed by the application and select the "check Virustotal" option from the context menu, or select Options > > Check Virustotal instead.

Process Explorer will check file hashes on Virustotal by default, and display the results in its interface. The process itself does not take long, and you should see the number of hits and the total number of engines used to scan the file in the Process Explorer window.

process explorer virustotal

What happens when an unknown executable is discovered? Nothing, unless you enable the sending of unknown executables under Options >

If you do, unknown files get automatically transferred to Virustotal where they are scanned by all malware engines. The result is then displayed by Process Explorer, and is also available to all other users who may run into the same file on their system.

All Virustotal results are links, which means that you can click on a link to be taken to the review page on Virustotal to access the detailed results of the scan.


Integration of Virustotal adds another useful feature to Process Explorer, Especially the ability to quickly scan all running processes for traces of malware needs to be mentioned here, as it enables you to quickly scan everything that is running on the system.

The scanning is unobtrusive and works well, provided that you do not run any files that are greater than the maximum allowed file size of Virustotal. (via Carsten Knobloch)


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Ted said on February 5, 2014 at 7:56 pm

    VirusTotal added a new AV yesterday: AegisLab
    Process Explorer now shows 15 detections for Windows 7 OS processes, all from AegisLab
    Anyone else noticing this?

    1. Martin Brinkmann said on February 5, 2014 at 8:21 pm

      Getting only Emsisoft false positives.

      1. Ted said on February 5, 2014 at 10:23 pm

        Ok. Thanks for checking!
        I forgot to mention that these doesn’t show up until I select “Show Details For All Processes”, and Process Explorer then restarts as Administrator.
        All detections are for system processes. Probably FPs but strange that it’s so many. example:

  2. joseph coyle said on February 4, 2014 at 3:16 pm

    nice update but v16. Shows my icore 7440 as having only 4 cores – everywhere else it Shows up as having 8

  3. Quantum777 said on February 4, 2014 at 1:07 pm

    Yeah I laughed when I saw that too!
    What did the link to Virustotal say?

    1. Martin Brinkmann said on February 4, 2014 at 1:29 pm

      I did not look it up, and it is gone now. Was 100% sure it was a false positive, so likely some “gen” generic hit.

  4. rnoire said on February 4, 2014 at 9:26 am

    Funny how procexp.exe itself got a hit on Virustotal on that screenshot…LOL.
    Anyway, this nice and nifty new feature make Process Explorer my top application for Windows!

  5. beemeup2 said on February 1, 2014 at 3:48 pm

    I have used Process Explorer a lot and still do, but I also like Process Hacker:

    Process Hacker has more customization options than Process Explorer but they’re both great programs that I find indispensable. Every toolkit should have at least one of these programs If not both.

  6. Karl Gephart said on January 30, 2014 at 9:45 pm

    Very nice! After right-clicking, I’m getting a link under the Virus Total column in PE that takes me to a web page with a nice rundown of all the major AV services and safety checkmarks.

  7. Tim said on January 30, 2014 at 7:22 pm

    Nice addition, but it’s buggy. When I select ‘Show Lower Plane’ with Virus Total switched on, it causes procexp64.exe to crash. Something about BEX64, whatever that is.

  8. Tim said on January 30, 2014 at 7:20 pm

    Nice addition, but it’s buggy. When I select ‘Show Lower Plane’ with Virus Total checking switched on, it causes procexp64.exe to crash. Something about BEX64 whatever that is.

    1. Martin Brinkmann said on January 30, 2014 at 7:46 pm

      Good to know. The only issue that I experienced was that no value was returned for some files, but that was likely a transfer issue. After a restart, all files checked out fine.

      1. Tim said on February 5, 2014 at 1:09 am

        It seems they’ve fixed the crash problem now with v16.01. I had verifying digital signatures switched on, so maybe that’s why it crashed with me, but not for you.

        “Process Explorer v16.01: This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures.”

  9. ytopi said on January 30, 2014 at 5:27 pm

    The only thing I get is “JSON object could not be decoded”.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.