howtogeek — 2014-03-25T08:06:29-04:00 — #1
Originally published at: http://www.howtogeek.com/school/sysinternals-pro/lesson2/
This lesson in our Geek School series covers Process Explorer, perhaps the most used and useful application in the SysInternals toolkit. But how well do you really know this utility?
harv — 2014-03-25T09:02:36-04:00 — #2
Excellent tutorial, I hadn't found the Virus Total thingy, thanks for that.
There is one good reason NOT to use Process Explorer to replace Task Manager and that's if you need to restart Windows Explorer. It works 100% of the time with Task Manager but occasionally it simply doesn't with PE.
iszi — 2014-03-25T12:16:50-04:00 — #3
I didn't know about the VirusTotal option either - that's a pretty cool feature! I especially like how you can go into the Options menu and have it turned on for all processes, and then submit any files Virus Total doesn't recognize as a batch.
I found it rather interesting to see some of the items that got flagged by some of the VirusTotal scanners. (Well, just one scanner really.)
The Verified Signer column is also a cool feature I hadn't come across yet. For as long as I've been using Process Explorer, I'm a little surprised at some of the things I never realized it could do.
tracy_scanlon — 2014-03-25T19:16:38-04:00 — #4
This is a great article, but PE has more colors i would like to find out about. On the sysinternals, and Microsoft site is very complicated for a beginner.I have yellow, and brown too.
iszi — 2014-03-26T10:43:42-04:00 — #5
To get the full coloring legend, go to Options->Configure Colors. According to that dialog, the default yellow may either be "Relocated DLLs" or ".Net Processes" and brown would be "Jobs" - however, none of these are enabled by default. (Neither, for that matter, is the "Immersive Process" option mentioned in the HTG article.)
geek — 2014-03-26T10:49:00-04:00 — #6
Immersive Process is enabled by default if you run Process Explorer on Windows 8.1 from what I can tell.
The .NET, Relocated, and Jobs are just mostly for developers and aren't actually used much or useful for regular troubleshooting.
iszi — 2014-03-26T10:49:10-04:00 — #7
A couple more interesting VirusTotal findings. It looks like this "Anity-AVL" scanner has a fairly broad definition of "Trojan".
iszi — 2014-03-26T10:49:58-04:00 — #8
That explains it. I'm still sticking with Windows 7.
tracy_scanlon — 2014-03-26T12:31:30-04:00 — #9
Thank you for the answer, I figured it out by playing around with the program (should have done that first...) Greenie.
system — 2014-04-04T08:06:38-04:00 — #10
This topic was automatically closed after 10 days. New replies are no longer allowed.