When you open the Windows Task Manager using the shortcut Ctrl-Shift-Esc, a mighty list of processes running on the system is presented to you (note: in Windows 8, this is only the case if you expand the manager first).
While that is helpful in determining what is running on the system or to kill a process that is no longer required, it is often difficult to tell if a process is safe or not.
It is usually not a good idea to rely on antivirus software to make those judgement calls for you. While they may pick up many malicious processes, none is perfect and the chance of malware slipping through is always present.
That leaves manual checks, for instance on Virustotal, or third-party software that provides you with those information.
This guide looks at process managers that scan processes for you to determine whether they are safe or not.
As always, we start with the requirements first.
The guide begins with short summaries of each program that made the test. After that you will find a comparison table that highlights similarities and differences between programs. Last but not least, recommendations are added to the very end of the guide.
Note: We have always downloaded and tested the portable version of a program if provided. Since we did not test installers in this case, make sure you follow the dialog carefully as installers may contain adware offers.
Note: The installer contains adware offers. Make sure you decline and uncheck those if you don't want them installed.
The free version of the Task Manager displays security ratings for each process and startup item on start. It only displayed "not available" for all entries on the other hand, and a check on another PC confirmed that.
This leaves the Virustotal option which you can use for individual processes running on the system. When selected, you are taken to the Virustotal website where results of the scan are displayed to you.
Process Explorer is probably the most popular Task Manager alternative for Windows. It is a portable application that you can run from any location.
Recently support for Virustotal scans has been added to the program. Options to check individual processes or all running processes are available.
The program uses hashes by default for the checks but can upload files to Virustotal on your behalf if the hash is unknown on Virustotal.
Process Hacker is an open source program for Windows that is provided as a portable version and installer. While it won't display security ratings of processes right in its interface, it supports a total of three online virus scanners (Virustotal, Jotti and Comodo's Camas) and online search on top of that.
At least on Virustotal, it will check the hash of the selected file before displaying the update prompt. All results are opened on the service's website on the other hand.
The free program displays all running processes on startup. For each program, its name, cpu and memory usage is displayed as well with options to add more information to the table from the view menu.
Processes are rated by the software program using an internal rating system. Besides that, it is also possible to search for information on Google directly from within the interface.
When you start System Explorer on your system you are asked if you want to run a security check. Doing so will query an online security database to verify processes.
The program provides you with information about found threats, if any, after the scan. Here it is also possible to open a report on the System Explorer website which appears to be public and only obfuscated by url.
Security information seem to be based on an internal rating system with options to run a scan for unknown processes on Virustotal.
The free task manager replacement displays security levels for each process right on start. According to the program website, the rating "is purely based on behavior and code analysis".
The main issue here is that it displays an unknown rating for many programs including popular applications such as firefox.exe, chrome.exe or excel.exe.
|Anvir Task Manager Free||internal rating system, individual Virustotal checks||12.7 Megabyte||adware, Replace Task Manager, HijackThis log|
|Process Explorer||Virustotal||30.1 Megabyte||Replace Task Manager, portable|
|Process Hacker||Virustotal, Jotti, Comodo Camas||16.2 Megabyte||Replace Task Manager, portable, plugin support|
|Security Process Explorer||internal rating system||5.4 Megabyte||Replace Task Manager|
|System Explorer||internal rating system||11.1 Megabyte||Replace Task Manager, portable|
|WinUtilities Process Security||internal rating system||4.7 Megabyte|
It is rather surprising that only a handful of task manager alternatives offer security scans. Even more problematic than that is the fact that many rely on internal rating systems only which often fail to provide ratings for all processes running on the system.
This leaves Process Explorer as the main recommendation. While it is a bit high on the memory side of things, it is portable and its integration of Virustotal is the one that makes most sense as results are displayed internally in the program interface.
Update: Process Hacker is a close second to Process Explorer. It supports several engines and plugins, but does not offer the comfortable option to scan all processes at once right in its interface.
Now You: Have another process checker with security scan feature? Feel free to share it with everyone in the comments.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.