Virus Scan with Microsoft Process Explorer

Process Explorer Virustotal? Process Explorer from Microsoft Sysinternals can also be used to scan Windows servers and workstations for viruses. In addition to system utilization, attackers can also be detected and combated.

Virus scan with Microsoft Process Explorer

The free Sysinternals Process Explorer can display the running processes on Windows computers and helps with analysis. This also makes it possible to detect unauthorized or even dangerous processes, as well as malware. Process Explorer can also scan individual processes online for viruses.

The computer must be connected to the Internet for this. To search for viruses, the Microsoft tool uses the Virus Total online service, which currently has almost 75 virus scanner engines. If the online scanner finds a virus in a process, Process Explorer displays it and administrators can take countermeasures.

How to Scan for Viruses with Process Explorer

Process Explorer does not need to be installed. The tool can therefore also be used on the move. After downloading, Process Explorer can be started directly from its executable file. Immediately after starting, Process Explorer displays all running processes on the respective computer.

  What Is Encryption?

Processes running with the same user as Process Explorer are displayed in light blue. Processes that are related to a Windows service are displayed in pink. Processes that contain executable code that can be dangerous to the computer are displayed in purple.

This color scheme helps in the first steps of analysis. When hovering over a process with the mouse, Process Explorer displays information such as the process executables and their location. The Com class and the DLLs used can also be seen here.

Scan Processes for Viruses

Process Explorer can also control processes in Windows. For this purpose, the tool’s context menu is available for the individual processes. Via the context menu, a process can be scanned for viruses using the menu item “Check Virus Total”. With the first use still, the license conditions must be confirmed. For further scans, the license conditions no longer appear.

Then Process Explorer transfers the hash value of the file to Virustotal. The status of this can be found in the “Virustotal” column. If Virustotal detects the hash value, Process Explorer displays in the “Virus Total” column how many of the scan engines have classified the process as a virus. Ideally, the result should be “0/74”.

Clicking on the search result link in Process Explorer opens the Virus Total web page with the result of each of the scan engines. Using the icon in the upper right corner, Virustotal will scan the files again.

If Process Explorer finds a virus in a process, the process should not be terminated head over heels. In most cases, malware has other capabilities and processes. If the malware detects that it is being tracked, it may start actions to stay on the system. This includes, for example, starting a new process with a new name. It makes sense to first stop the process with “Suspend” via the context menu. After that, the computer should be thoroughly scanned for viruses.

  What is A Computer Virus?

Scan All Processes of A Computer

It is also possible with Process Explorer to scan all processes of a computer with Virustotal for viruses. By clicking on “Options\\Check” Process Explorer automatically scans all running processes for viruses.

Again, the result can be found in the VirusTotal column. When this function is enabled, Process Explorer automatically scans all running processes for viruses after each startup and displays the result in the column. Of course, this only works if a connection to the Internet can be established on the server.

In addition, the option “Submit Unknown Executables” is also available here. With this operation, Process Explorer uploads the complete executable file to VirusTotal and does not just submit the hash value.

Include More Information for Processes in The Scan

Using the “Detail” menu item on the VirusTotal page, the antivirus service displays more detailed information about the file. These are not only interesting for security reasons but can also shed light on who the process originated from and what task it has. The “Community” menu item provides user comments from other VirusTotal users, which help to assess what the process is about and, in the case of a virus attack, how the virus can be removed.

Parallel to using VirusTotal, Process Explorer can also be used to search for the process in a search engine. Of course, this is also possible without Process Explorer, but it is easy with the tool via the context menu and the selection of “Search Online”. Extensive information can also be obtained in this way.

  What is Indicator of Compromise (IoC)?

In the properties of a process, which are also available via the context menu in Process Explorer, information can also be seen on the “Image” tab, in the “VirusTotal” field. Again, the process can be re-submitted to ViorusTotal using the “Submit” button.

The “Verify” button can be used to ensure that a process also comes from the manufacturer that is stored as the developer and manufacturer. Often viruses hide behind known manufacturer names, which are of course fake.

What is Microsoft Process Explorer?

Microsoft Process Explorer is an advanced system monitoring and diagnostic utility for Microsoft Windows. It is part of the Windows Sysinternals suite, which consists of a collection of free, powerful system utilities designed for IT professionals and advanced users. Process Explorer, often abbreviated as ProcExp, is particularly useful for analyzing and managing running processes, monitoring system performance, and troubleshooting various issues related to software and system stability.

Key features and functions of Microsoft Process Explorer include:

  • Detailed Process Information: It provides extensive information about running processes, including their names, icons, paths, memory usage, CPU usage, and more.
  • Process Tree: You can view the hierarchical relationships between processes, making it easier to identify parent and child processes. This feature is valuable for tracking how one process spawns others.
  • Color-Coding: Process Explorer color-codes processes to help users quickly identify potential issues. For example, processes highlighted in pink or red may indicate higher resource usage or suspicious behavior.
  • Real-Time Monitoring: It offers real-time graphs for CPU usage, memory, and I/O activity, which help users identify processes consuming system resources.
  • Properties and Threads: You can access in-depth information about processes by right-clicking on them and selecting “Properties.” This includes details about threads, handles, DLLs, and more.
  • Search and Find: You can search for specific processes, handles, or DLLs, making it easier to locate processes of interest.
  • Kill and Suspend Processes: Users can suspend, kill, restart, or adjust the priority of processes directly from the Process Explorer interface.
  • VirusTotal Integration: Process Explorer can send process files to VirusTotal for online scanning, helping users identify potential malware.
  • System Information: It provides insights into system performance, including CPU and memory usage, as well as network activity and open handles.
  What is STIX (Structured Threat Information eXpression)?

Microsoft Process Explorer is widely used by IT professionals, system administrators, and power users as a valuable tool for diagnosing system problems, tracking down resource hogs, identifying malware, and optimizing system performance. It offers a more comprehensive and user-friendly alternative to the built-in Windows Task Manager and is considered a crucial utility for system troubleshooting and maintenance on Windows operating systems.

What is Virus Total?

VirusTotal is a web-based service that provides a free and valuable resource for scanning and analyzing files and URLs for potential malware and other security threats. It is not a standalone software that you install on your computer but a cloud-based platform operated by Google. VirusTotal aggregates and utilizes multiple antivirus engines, along with various other tools and resources, to detect and report on potential threats.

Key features and uses of VirusTotal:

  • File Scanning: VirusTotal allows users to upload files for scanning. These files can be executables, documents, archives, or any other file types. VirusTotal then checks the uploaded file against a large number of antivirus engines to determine if any of them flag the file as malicious.
  • URL Scanning: You can also enter URLs into VirusTotal for scanning. This feature helps to check the safety of websites and web links. VirusTotal analyzes the URL’s content and reputation to identify potential security risks.
  • Multiple Antivirus Engines: VirusTotal integrates with dozens of antivirus engines from various security companies. This multi-engine approach helps in providing a more comprehensive assessment of files and URLs, reducing false positives and increasing detection accuracy.
  • Community Feedback: Users can comment on and vote for files and URLs, sharing their experiences and insights. This community feedback can provide additional context about the safety or threat level of a resource.
  • Additional Tools: In addition to antivirus scans, VirusTotal offers other checks, such as file behavior analysis, file similarity analysis, and more.
  • Reports: After scanning a file or URL, VirusTotal generates a report that displays the results of each antivirus engine, along with details about the resource’s behavior and other information.
  • Developer APIs: VirusTotal provides APIs that allow developers to integrate its scanning capabilities into their own applications and services.
  What is WebAuthn?

VirusTotal is a valuable resource for security professionals, IT administrators, and everyday users who want to ensure the safety of files they download, websites they visit, or emails they receive. It can help identify potential threats early and provide a second opinion on the safety of files and links, enhancing overall computer security.

While the basic functionality is free, VirusTotal also offers a premium subscription service with additional features for businesses and advanced users.

Frequently Asked Questions about Process Explorer with Virus Total

What is the benefit of using Process Explorer with VirusTotal?

Process Explorer with VirusTotal integration allows you to check the legitimacy of running processes on your Windows computer by leveraging VirusTotal’s extensive database of known malware signatures. This integration helps you quickly identify potentially malicious processes and make informed decisions about their safety.

How do I check a process with VirusTotal in Process Explorer?

To check a process with VirusTotal in Process Explorer, right-click on the process in the Process Explorer interface and select “Check VirusTotal.” This action sends the associated process file to VirusTotal for an online scan. The results are displayed, indicating if any antivirus engines detected the file as a potential threat.

What do I do if VirusTotal flags a process as potentially malicious in Process Explorer?

If VirusTotal flags a process as potentially malicious, it’s essential to investigate further. You can take several actions, including quarantining the file, terminating the process, or seeking guidance from your organization’s IT security team. You may also want to cross-verify the process with other security tools and resources for a comprehensive assessment.

  What is Common Criteria?

Can I use Process Explorer with VirusTotal on older versions of Windows?

Yes, you can use Process Explorer with VirusTotal on older versions of Windows, including Windows 7, Windows 8, and Windows 10. Process Explorer is designed to work on various Windows versions, and the VirusTotal integration is a valuable feature that can enhance security on these operating systems.

Is the VirusTotal integration in Process Explorer free to use?

Yes, the VirusTotal integration in Process Explorer is free to use. Both Process Explorer and VirusTotal are free tools. However, VirusTotal also offers a premium service with additional features and increased scanning capabilities, but the basic functionality used through Process Explorer remains free.