Sunday, February 16, 2014

Windows Process and Service Tools

The big-gun I use for most of my Windows process and activity monitoring remains Windows Sysinternal’s Process Explorer.

For supportive logging work, I primarily use Windows Sysinternal’s Process Monitor.

Unless you have been in the deep woods for the past few weeks, you probably noticed that Sysinternals recently did a major minor update to Process Explorer to bump it to version 16.0 and then quickly to 16.01

And the biggest new feature was to integrate VirusTotal with it so you can search processes “on the fly” with VirusTotal. Pretty handy and cool.

However, don’t limit yourself just to the grand-master of Process Explorer.

Among the many, I keep the following other Windows process monitoring tools handy as well as they bring some different feature-sets to the game.

Process Hacker - It’s easy to get lost in this application. Install/portable versions available or use this Process Hacker Portable version from PortableApps.com.

Another cool tool I use and am getting to know is “PowerTool” - It is a “…a free anti-virus&rootkit utility. It offers you the ability to detect, analyze and fix various kernel structure modifications and gives you a wide scope of the kernel.” It supports both x86 and x64 platforms. It has all kinds of special bells and whistles for detecting aberrations in standard operations on a Windows system.

Finally, I’ve mentioned the free ESET SysInspector (x32 & x64 versions available) to not just generate a detailed log report of running processes, but also scan for hidden processes and objects, compare generated logs, and automatic heuristic analysis (color coded) of those processes and other system contents for focused analysis. It rocks.

Cheers,

--Claus Valca

No comments: