howtogeek at March 25th, 2014 08:06 — #1
Originally published at: http://www.howtogeek.com/school/sysinternals-pro/lesson2/
This lesson in our Geek School series covers Process Explorer, perhaps the most used and useful application in the SysInternals toolkit. But how well do you really know this utility?
harv at March 25th, 2014 09:02 — #2
Excellent tutorial, I hadn't found the Virus Total thingy, thanks for that.
There is one good reason NOT to use Process Explorer to replace Task Manager and that's if you need to restart Windows Explorer. It works 100% of the time with Task Manager but occasionally it simply doesn't with PE.
iszi at March 25th, 2014 12:16 — #3
I didn't know about the VirusTotal option either - that's a pretty cool feature! I especially like how you can go into the Options menu and have it turned on for all processes, and then submit any files Virus Total doesn't recognize as a batch.
I found it rather interesting to see some of the items that got flagged by some of the VirusTotal scanners. (Well, just one scanner really.)
The Verified Signer column is also a cool feature I hadn't come across yet. For as long as I've been using Process Explorer, I'm a little surprised at some of the things I never realized it could do.
tracy_scanlon at March 25th, 2014 19:16 — #4
This is a great article, but PE has more colors i would like to find out about. On the sysinternals, and Microsoft site is very complicated for a beginner.I have yellow, and brown too.
iszi at March 26th, 2014 10:43 — #5
To get the full coloring legend, go to Options->Configure Colors. According to that dialog, the default yellow may either be "Relocated DLLs" or ".Net Processes" and brown would be "Jobs" - however, none of these are enabled by default. (Neither, for that matter, is the "Immersive Process" option mentioned in the HTG article.)
geek at March 26th, 2014 10:49 — #6
Immersive Process is enabled by default if you run Process Explorer on Windows 8.1 from what I can tell.
The .NET, Relocated, and Jobs are just mostly for developers and aren't actually used much or useful for regular troubleshooting.
iszi at March 26th, 2014 10:49 — #7
A couple more interesting VirusTotal findings. It looks like this "Anity-AVL" scanner has a fairly broad definition of "Trojan".
iszi at March 26th, 2014 10:49 — #8
That explains it. I'm still sticking with Windows 7.
tracy_scanlon at March 26th, 2014 12:31 — #9
Thank you for the answer, I figured it out by playing around with the program (should have done that first...) Greenie.
system at April 4th, 2014 08:06 — #10
This topic was automatically closed after 10 days. New replies are no longer allowed.