Man on the Moon: great breakthrough or space scam?

The Complete Guide to Process Explorer

This lesson from the SysInternals Utility Suite Tutorial Series covers Process Explorer, perhaps the most commonly used and useful application in the SysInternals toolkit. But how well do you really know this utility?

Process Explorer, a task manager and system monitoring application, has been around since 2001, and although it used to work even on Windows 9x, modern versions only support XP and above, and they are constantly updated with new features for modern versions of Windows. In fact, this program has become the standard for troubleshooting.

If you have downloaded the full SysInternals package, then to launch Process Explorer, double-click on the procexp64.exe file or on the procexp.exe file (for 64- and 32-bit systems, respectively.

So what can Process Explorer do?

Some of the best features include the following, although this is by no means an exhaustive list. This app has a lot of features and many of them are hidden deep inside the interface. Surprisingly, it all fits into a small file.

The default tree view shows the hierarchical parent relationships between processes and displays them using colors to easily understand processes at a glance.
Very accurate tracking of CPU usage for processes.
Can be used to replace the task manager, which is especially useful in XP, Vista and Windows 7.
You can add multiple taskbar icons to monitor CPU, disk, GPU, network, etc.
Find out which process loaded the DLL file.
Find out what process is running the open window.
Find out in which process the file or folder is open and locked for deletion and renaming.
View complete data about any process, including threads, memory usage, handles, objects, and more you need to know.
Can kill the entire process tree, including any processes started by whatever you choose to kill.
Can suspend a process by freezing all its threads so they do nothing.
You can see which thread in the process is actually consuming the CPU.
The latest version (v16) integrates VirusTotal into its interface, so you can scan a process for viruses without leaving Process Explorer.

Any time you have a problem with an application, or something keeps freezing on your computer, or maybe you're trying to figure out what a particular DLL file is used for, Process Explorer is the tool for just the job.

5 / 5 ( 1 voice )

Ofitsialnaya-versiya.org

The System Explorer utility in Russian is a free program for monitoring and managing Windows system processes. Thanks to a large number of useful functions, it can serve as a good replacement for the standard Windows task manager. The System Explorer program free of charge allows you to fully monitor the operation of the processor, page file, memory, drivers, open network connections, etc.

In addition to the above features, using this program you can check files for malicious code on the VirusTotal online service. Also, the official System Explorer will help manage startup and system services. You can remove installed software, configure browser add-ons, and display information about the operating system.

Key features of the 2020 Explorer program:

Managing Windows services.

Ability to close a process or group of related processes.

Display information about the system.

Monitoring and management of processes.

Autorun control.

Setting up browser modules and add-ons.

Ability to check files for malicious code.

More details:

All information is displayed in the form of a tree structure and a list. The application can be used to analyze installers and uninstallers of programs (like Total Uninstall). Graphics performance to monitor system resource usage over time.

By the way, the program is a very high-quality replacement for the standard Windows OS task manager. In addition to ordinary functionality for tracking system processes, it can be useful to the user in a number of other aspects.

As you can see, the program is a convenient and multifunctional tool for monitoring system resources, running processes, services and other system parameters.

You can download System Explorer for free using the links below. We will be glad if you rate the program with stars at the top of the page, write a comment or share the publication with your friends via social networks. We hope to see you among the regular visitors to our site of free programs.

[collapse]
Changes in the latest version of System Explorer 7.1.0.5359:

Added:

Ability to hide the status bar.

Updated:

Translations of the program.

Corrected:

Errors in the previous version of System Explorer.

[collapse]

Version	System Explorer 7.1.0.5359
Status	For free
operating system	Windows 10, 8.1, 8, 7, Vista, XP
Interface	Russian
Developer	Mister Group
Updated	15.01.2018
Category	Diagnostics
Safety	Verified by Virus Total

download System Explorer

download System Explorer 7.1.0.5359 from the official website

[collapse]

Windows Loader 2.2.2
DirectX
Vivaldi 3.3.2022.47
Adobe Photoshop CC 2020

Understanding Process Tree Representation

When you launch Process Explorer, you're immediately presented with a wealth of visual data - by default, it shows a hierarchical tree view of the processes running on your computer, showing CPU and RAM usage for each process, among other things. At the top of the toolbar there are several small mini-graphs showing CPU usage that you can click to display in a separate window.

There's definitely a lot going on, and it can be overwhelming to see what's happening on screen at first glance.

Let's start understanding each of the elements of what Process Explorer shows.

The Start screen displays a set of columns that includes:

Process - The name of the executable along with an icon if it exists.
CPU - percentage of processor time in the last second (or regardless of the set update rate)
Private Bytes - the amount of memory allocated only to this program.
Working Set is the actual amount of RAM allocated to this Windows program.
PID - process identifier.
Description - description, if the application has one.
Company Name is more useful than you think. If something is wrong, start by looking for processes that are not owned by Microsoft.

You can customize these columns and add many other options, or you can simply click on any of the columns to sort by that field. If you've ever used Task Manager before, you've probably sorted by memory or CPU, and you can do that here as well.

Clicking on " Process " toggles between sorting by process name or returning to the tree view we see by default, which is very useful once you get used to it.

The information displayed is updated once per second, but you can go to View → Update Speed and adjust the update rate: the minimum value is 0.5 seconds, and the maximum level is 10 seconds. If you're using it for troubleshooting, the default setting will probably be fine, but if you want to use it as a taskbar-based CPU monitor so that the program consumes less CPU time, you can choose a refresh rate of 5 or 10 seconds .

You can also pause viewing from the same submenu or simply by pressing the space bar. This will freeze the program screen and give you a snapshot, which can be useful if you're trying to identify a process that starts and quickly dies, or if you decide to sort by CPU usage and all the lines keep jumping around.

For a running process, you can open the detail view and drill down into all the columns. You need to know that if you hit pause and the screen doesn't refresh, while you can see the process that has completed its work, the detail view for completed processes does not show additional information. For this reason, you should add additional columns to the program window in advance if you are catching and studying a process that terminates quickly.

What do colors mean in Process Explorer

There are definitely a lot of colors in a typical Process Explorer list, which can be a little confusing for a new computer geek. It is very important to know what all these colors mean because they are not just for beauty - each of them has its own meaning.

If you can't remember what one of the colors means, you can go to Options → Configure Colors to open the Color Selection dialog box. Essentially, this is a short cheat sheet of what color means. Keep reading as we are going to explain the meaning of all the Process Explorer colors here.

Based on the colors in the picture above, here's what each of the selected elements means (the rest aren't really important).

New Objects (bright green) - When a new process appears in Process Explorer, it starts out bright green.
Deleted Objects (red) - When a process terminates or closes, it will usually flash red right before it is deleted.
Own Processes - Own processes (light blue) - processes running under the same account as Process Explorer.
Services (light pink) are Windows service processes, although it's worth noting that they may have child processes that run as a different user, and these may be a different color.
Suspended Processes - Suspended Processes (dark gray) - When a process is suspended, it cannot do anything. You can easily use Process Explorer to pause the application. Sometimes crashing apps appear grayed out for a short time while Windows processes the crash.
Immersive Process - Immersive Process (bright blue) is just a fancy way of saying that the process is a Windows 8 application using the new APIs. In the screenshot earlier, you may have noticed WSHost.exe, which is the “Windows Store Host” process that runs Metro applications. For some reason, Explorer.exe and Task Manager will also show up as immersive.
Packed Images (purple) - These processes may contain hidden compressed code, or at least Process Explorer thinks they do using heuristics. If you see a purple process, be sure to scan for malware!

Since it is clear that the same process can have properties from more than one of the groups described, the colors will be applied in order of priority. If the process is a service and is suspended, it will appear in dark gray because that color is more important.

The order of process priority that we were able to draw up during our study of the program: Suspended → Packed → Immersive → Services → Own Processes (that is, Suspended → Packed → Immersive → Services → Own Processes).

What is this program?

Process Explorer provides more visual and detailed reports than Windows Task Manager.

It is part of Sysinternals Process Utilities and has a selection of tools to give the program more control and options to improve Windows performance.

Process Explorer can be used to track issues . For example, it provides a facility for listing or searching for named resources that are stored by a process or all processes. This can be used to track what is holding a file open and prevent another program from using it.

As another example, it can show the command lines used to run a program, allowing identical processes to be distinguished.

Like Task Manager, it can show the process that is using up the CPU, but unlike Task Manager, the program shows which thread is using the CPU, this information is not even available in the debugger.

Application Identity Verification

One really useful option that we're surprised isn't enabled by default is under Options → Verify Image Signatures .

This option checks the digital signature for each executable file in the list, which is an invaluable troubleshooting tool when you're looking at some suspicious application running on that list.

At this point, the vast majority of reputable software should be digitally signed. If something is wrong, you should consider very carefully whether you should use it.

Actions on processes

You can quickly take action on any process by right-clicking on it and selecting one of the options or, if you prefer, using keyboard shortcuts. These options include:

Window - Contains a number of options, including Bring to Front, which can be useful for identifying the window associated with a process. If there are no windows for this process, this option will not be available.
Set Priority - You can use this to set the priority of a process. This is mainly useful for taming a runaway process that you don't want to kill.
Kill Process - Kill a process - as you understand, this option quickly kills the specified process.
Kill Process Tree - Kills a process tree - kills not only the element in the list, but also the children of this parent process.
Restart - Very useful for testing, this simply kills the process and then restarts it. It is worth noting that terminating processes may result in data loss.
Suspend - This handy option is great for troubleshooting when a process is getting out of control. You can simply pause the process rather than kill it and check what exactly is wrong.
Check VirusTotal - Check by VirusTotal is a new option that we will talk about next. This is really very convenient, as it checks the process for viruses.
Search Online - Search Online - This option will simply search the Internet for the name of the process.

And obviously, if you open Properties, it will take you to even more useful information about the process, much of which we'll cover in the next lesson.

Process Explorer - appearance

Now let's see the appearance.

This is what the program looks like:

And we immediately see that the processes are conveniently ordered, you can immediately see which ones are subsidiaries, and who launched whom. Plus, the program has a Russian language, which is also a significant plus.

The program has one very useful option, which, for example, I didn’t know about - it turns out it can show the result of checking a file on VirusTotal:

The VirusTotal column is located at the very end and in general I have not seen it in all versions (maybe the column can simply be disabled). It is possible that the program takes data from a ready-made database, checking not only the name of the process, but also the file size and its hash.

And again we see how convenient it is to find out which processes were launched by another process; as a result, it’s easy to understand which program the process came from:

Now let's see what you can do if you right-click on the process:

Set Affinity is to set the affinity, that is, to use only 1 or only 2 processor cores. Convenient feature.
Set Priority - I think it’s clear, you need to set the priority. If the process loads the PC very much, then you can set it a low priority + allow it to use 1 core = in the end, you will significantly limit its appetites.
Kill Process - terminate the process, that is, turn it off.
Kill Process Tree - kill the process tree, that is, not just one process, but plus all its children. And as for me, this is also a very convenient feature.
Restart - restart the process, sometimes useful if it loads the PC too much.
Suspend - as we have already found out, this is to freeze the process.
Create Dump - create a dump; in general, this option is needed to take, in a sense, a snapshot of RAM (more precisely, its contents). And then the snapshot (file) can be analyzed to understand the cause of some error or some kind of failure. But advanced users can analyze it; not everything is so simple.
Check VirusTotal is another super function to immediately check a file for viruses with one click. Then at the end in the VirusTotal column there will be a result, perhaps you can click on it and a verification page will open in the browser.
Properties - I don’t know what this is, but it’s possible to display the properties of a file.
Search Online - search for information on the Internet. By the way, I wouldn’t be surprised if the search is done using Bing, this is a search engine from Microsoft and they are promoting it with all their might, although Google is as close to the moon as it is to Yandex.

Run as administrator

While you don't necessarily need to run Process Explorer as an administrator, many useful features won't work without it, and you won't be able to see as much information about each process as you can by running the program with elevated privileges.

If you are running Windows XP or 2003, you will need to be running under an account with full administrator rights to use most features. This probably isn't a problem for most people because XP gives the default account full rights anyway, but if you're trying to use the program at work without administrator rights, it won't work.

To run the application as administrator, simply right-click and select the desired option from the menu.

Fun fact: Process Explorer actually uses the Debug Programs privilege, which explains a lot about why it's so powerful.

How to download, install and run?

To download and install Process Explorer, do the following:

go to the Process Explorer page;
download and unzip the ProcessExplorer.zip file (direct download link - https://download.sysinternals.com/Files/ProcessExplorer.zip);
run the file procexp.exe (3.38MB);
In the Process Explorer License Agreement window, click Agree.

Important. It is recommended to run the program as an administrator.

After launching the program, a characteristic icon appears in the notification area of the Taskbar; when you hover the mouse cursor over it, a tooltip appears with information about the CPU load and which process loads the CPU the most.

If you do not run the tool as an administrator, you will not be able to view information about all processes.

The Task Manager is built into Windows, so it is often disabled by viruses. Process Explorer is a standalone program that can be launched even if the Task Manager is disabled.

Using Process Explorer to Replace Task Manager

Process Explorer has long been used as a powerful replacement for the previously anemic built-in Task Manager - if you want real power in your hands, it gets the job done.

Note. The Windows 10 Task Manager has been significantly improved compared to previous versions. It's still not as powerful as Process Explorer, but it's probably easier for average people to use. So don’t change the Task Manager on your mom’s computer to Process Explorer.

To force Process Explorer to replace the task manager, all you have to do is select Options → Replace Task Manager . All is ready.

Once you do this, CTRL+SHIFT+ESC or right-clicking the taskbar will launch Process Explorer rather than Task Manager. Easy, right?

Warning: If you do replace Task Manager, make sure you place Process Explorer in a place where you won't accidentally move or delete a file. Otherwise, you'll be stuck with a system that won't be able to launch the task manager.

Flie Menu

The File menu offers the same functionality as the Task Manager, plus a few additional features. Most of the features offered allow you to perform normal computer management activities in case Explorer is not working, which means there is no graphical interface (no icons, no taskbar). The File menu includes the following functions:

Shutdown implements the usual functions of rebooting (restart) and shutting down (shut down) the computer.
Run offers access to the run-line of programs, however, it is necessary to specify the path to the executable image of the program. Process Explorer includes the following features that Task Manager does not have:
Run as—run the program under another user's account.
Run as Limited User is a security-related feature that allows you to run a program as a limited user, even if you are logged in as an administrator user. This feature can be used to launch the Internet Explorer browser to make Internet surfing more secure.
Exit exits Process Explorer.
Save saves process information from both the top and bottom panels to a text log file in the Process Explorer folder.
Save As allows you to specify the name and path of the log file you are saving.

Using Process Explorer to Add Nice System Monitor Icons to the Tray

One of Process Explorer's best features is the ability to collapse it into the system tray, but instead of just one icon, it can collapse into a full set of icons that can monitor the CPU, I/O, disk, network, GPU and RAM, or any combination thereof. You can choose to display them separately or not display them at all if you prefer.

To set this up, open the Options , go to Tray Icons , and then click to enable all the icons you'd like to see on your taskbar.

You can simply launch Process Explorer every time you start your computer, and then roll it up into the system tray so it's always with you. And of course, if you've used the Task Manager replacement option, you can quickly access it at any time using a keyboard shortcut - although you may want to use the Allow Only One Instance option to make sure that You don't open a bunch of windows with Process Explorer.

Using Process Explorer to Quickly Search VirusTotal

If you're working on a problematic PC and want to find out if a process is a virus, you can save time by using Process Explorer version 16 or higher because they've added VirusTotal integration directly into the application. Simply right-click anything in the list to see this option.

The first time you launch it, you will be asked to accept VirusTotal's terms of use, but after doing so, you will see VirusTotal results appear directly in the list.

You can click on a result to go to VirusTotal and view details. This is a great addition to one of the best utilities out there.