Leave a comment

Manage, Monitor, and Kill Windows Processes with Process Explorer

Written by:  • Edited by: Ronda Roberts
Updated Jul 4, 2011 • Related Guides: Microsoft | Task Manager | Windows

Microsoft's task manager is fine for high-level looks at running processes. However, we often require a deeper look into process resource use, dependencies, registry entries, executable paths, etc. Process Explorer, a free Sysinternals download, provides these views, and more.

The Challenge

Today's Microsoft Windows-based systems are relatively easy to monitor using tools provided out-of-the box with Windows. However, when a security issue arises, which requires knowledge beyond which wizard to bring up, we often have to resort to process analysis. In some circumstances, we might have to work backward, from registry keys or DLLs to processes that created or use them. Without the right tools, this is a daunting task.

Task Manager, a free utility provided with Windows, is not intended for serious process analysis. It can get you started, but dependencies and other critical information are not available. However, you don't have to spend your entire security budget for the right tool. Microsoft's Sysinternals Process Explorer is a great way to achieve process visibility--and it's free.

Process Explorer

Process Explorer has the same functionality as Task Manager and a lot more.

Installing Process Explorer is easy. Just download, extract it from .ZIP format, and your ready to go. Double-clicking on the executable brings up the windows shown in Figure 1. Choosing to display a bottom pane provides additional information on a process when you click in the main display. As you can see in Figure 2, the lower pane provides detailed information about system use of the iTunes process, including:

  • Threads
  • Registry keys
  • Ports
  • Events
  • Files
  • Directories

If you need overall system information, as shown in the Performance tab of Task Manager, Process Manager provides that too--with a little more information. See Figure 3.

While a single click on a process refreshes the lower pane, double clicking brings up a more organized, tabbed window. Figures 4 through 6 are examples of information available unique to the target process, including security attributes.

There is another feature that might be useful when performing real-time analysis with a single display--the opaqueness setting. You can configure Process Explorer for various levels of transparency, providing a view of the running program. An example is shown in Figure 7. Apple iTunes is running in the window without focus, but is visible through the Process Explorer window I'm actively using to monitor system and process activity.

The Final Word

This is a great utility for analyzing processes running on a Windows platform. There is also a toolbar function which allows you to replace Task Manager with Process Explorer. I don't use all the Sysinternals utilities, but this one I'll keep.

Tables and Figures (Hover for caption, click to enlarge)

Figure 1: Main WindowFigure 2: Split Pane DisplayFigure 3: System InformationFigure 4: Image TabFigure 5: Performance Graph TabFigure 6: Security TabFigure 7: Monitoring iTunes
Next Article »
Use SysInternals security utilities to manage network and system security
SysInternals provides free security utilities for managing Microsoft Windows networks and systems. Available for download from Microsoft, they provide a powerful set of applications for oversight and protection of network assets.
 
blog comments powered by Disqus
Enterprise Security
FEATURED AUTHORS
Arun Kumar, MVP Donna Buenaventura Steve Mallard Mojave Media Group
Rhonda Callow Steve McFarlane Tony Bradley Robert Faustus
Most Popular Articles
Email to a friend