Process Explorer 16 and VirusTotal: A Massive Improvement

Sysinternals Process Explorer 16

For a tool as well known and mature as Process Explorer, it seemed unlikely that a major improvement would come along. Well, that thinking proved quite false with the 16th version of the tool. Process Explorer includes the ability to check loaded processes with the virus checking aggregator VirusTotal. This combination of seeing running processes and virus checking is a great way to get a quick idea if machines are running malware.

While Process Explorer doesn’t check against VirusTotal automatically, it’s very easy to enable. Click on the menu “Options” and follow “VirusTotal” -> “Check”. This will forward you to the VirusTotal license terms and start checking running processes (that can be opened). Once you close your browser, you’ll probably see most of the processes checked right away. Those found to be listed on VirusTotal will be red and include a count of scanners. Also nifty, clicking on this count takes you to the scanned page on VirusTotal.

Here’s what Process Explorer looks like when you enable VirusTotal checking:

This support is all very timely considering the fact that VirusTotal has been getting lately, unnecessarily so. As a technical services support person, you’ll probably have come accross this tool a number of times. You’ll want to update Process Explorer if you keep a copy, or use the basic cloud access server to get the newest version of procexp.exe.