The introductory post on Sysinternals called
If You Want to Be Knowledgeable in Windows You Need to Know Windows Sysinternals explained that Process Explorer was a better-featured version of Windows Task Manager. It’s the first tool to turn to when you need to troubleshoot your computer, no matter what problem you may have.
What kind of features does Process Explorer have?
. You get a detailed hierarchical tree view of every process and its sub-processes, all color-coded to help keep you properly keep track.
. You know the exact process is behind any open window.
. You know what process has a folder or file locked.
. You can end any process tree or find out what thread under a process is using up too much of your CPU’s resources.
. You can use Process Explorer’s VirusTotal function to determine any process for virus-like activity.
The color coding on Process Explorer
Process Explorer’s color coding is an important part of the way you identify different processes. The colors aren’t just for fun — each color actually means something. You can customize them any way you want, too — by going to Options and then Configure Colors . The default colors, though, are used in these ways.
. Green : All new processes are coded green as soon as they start up.
. Red : All killed processes are red.
. Pale blue : Any process that’s on the same user account as Process Explorer is pale blue.
. Pink : All Windows service processes are pink.
. Gray : Suspended processes are gray
. Bright blue : All Windows 8 Metro app processes are bright blue.
Obtaining application identity
Process Explorer has a feature called Verify Image Signatures that isn’t enabled by default. It’s a useful feature, though — you enable it by going to Options and selecting Ve rify image signatures . Once enabled, it verifies the digital signature on every executable file on every running process on its list. If you find some that your computer is running something that isn’t signed, you can take a closer look at it to see if it’s legitimate.
Working on different processes
Process Explorer offers you great control over your processes. You have a number of options.
. Set priority : If you have a process that’s taking too much of your CPU but you don’t want to kill it, you can set its priority low.
. Suspend : When you have an out-of-control process, you can pause it or suspend it instead of killing it.
. Kill process : When you’re ready to kill a process, this is what you choose.
. Kill process tree : Killing a process sometimes only gets rid of the parent process — all child processes remain alive. Kill process tree makes sure that the entire set is stopped.
. Restart : This kills a process and then restarts it automatically.
. Search online : When you don’t understand what a process does, this feature looks for an explanation on the Internet.
If you’re troubleshooting a problem, the latest version of Process Explorer offers something called VirusTotal that can be of help. You simply right-click on any process you need to check out and click on Check VirusTotal. It checks the process out on its free online malware database.