Welcome, Guest. Please login or register.

Author Topic: Process Explorer 16 adds full VirusTotal integration  (Read 968 times)

0 Members and 1 Guest are viewing this topic.

snadge

  • Guest
Process Explorer 16 adds full VirusTotal integration
« on: 01 February 2014, 09:19:28 »
Advertisement
very handy

http://www.softwarecrew.com/2014/01/process-explorer-16-adds-full-virustotal-integration/

Quote
Windows Sysinternals has released Process Explorer 16, a major update which sees the popular system monitoring tool gain full VirusTotal integration.

If you spot a process which looks suspicious, you can now right-click it, and select “Check VirusTotal”. Process Explorer then submits the file hash, displays the number of antivirus engines which detect it as a threat (“4/48″), and clicking that figure opens a browser window with the full report.

Better still, click Options > VirusTotal.com > Check VirusTotal.com and Process Explorer 16 will check the hashes of all processes (those running now, or launched later) and loaded DLLs with VirusTotal, displaying the results a few seconds later.


The new VirusTotal column displays the antivirus score for all your running processes in real time

The use of hashes means that, by default, Process Explorer 16 can only highlight known threats. Click Options > Submit Unknown Files, though, and the program can upload mystery executables for further analysis. Of course this will also take much longer, and consume far more network bandwidth, so it’s probably best to leave this option off unless you’re sure you need it.

There are some issues here. When we first enabled the “Check VirusTotal.com” setting, Process Explorer displayed a “The system cannot find the file specified” error for some processes, rather than its VirusTotal score. This is misleading; the real problem is that Process Explorer doesn’t have the rights to access those processes, and launching the program as an administrator should allow it to check everything.

More seriously, we found Process Explorer 16 crashed several times, after it had been running for a few minutes. We don’t understand why, so it’s possible there’s some local cause, but keep that in mind if you also have problems. Try turning off VirusTotal checking, perhaps, and see if that helps.

Whether there is a bug here or not, VirusTotal integration is going to be a major plus for the program, as it helps even inexperienced users to quickly spot potential threats. Process Explorer 16 is available now.

steve195527

  • Guest
Re: Process Explorer 16 adds full VirusTotal integration
« Reply #1 on: 01 February 2014, 14:32:20 »
sounds like a very good app as been made even better,I wonder how many of the "Microsoft are spawn of the devil brigade" wont download or use it just because it is "Microsoft"?
(for those that don't know Microsoft bought Sysinternals years ago)

Offline Den1

  • STAFF - Tech Expert
  • Super-Hero Member
  • ******
  • Posts: 1805
  • Gender: Male
    • myallotment.net
Re: Process Explorer 16 adds full VirusTotal integration
« Reply #2 on: 01 February 2014, 18:34:44 »
Forgotten about Sysinternals  used to use a few of their tools  ;)   
An intelligent man is sometimes forced to be drunk to spend time with his fools.

Offline Roco

  • Super-Hero Member
  • ******
  • Posts: 2299
  • Gender: Male
Re: Process Explorer 16 adds full VirusTotal integration
« Reply #3 on: 03 February 2014, 16:39:13 »
been using it for years , still on V12 ,  a right click on a unknown does a look up ,
I agree with Steves comment "  I wonder how many of the "Microsoft are spawn of the devil brigade" wont download or use it just because it is "Microsoft"?

BTW it's also available as a portable  http://portableapps.com/apps/utilities/process-explorer-portable , although I haven't tried it

snadge

  • Guest
Re: Process Explorer 16 adds full VirusTotal integration
« Reply #4 on: 03 February 2014, 19:33:21 »
yup its a good app AND you can get it too take over Windows Task Manager so that it Process Explorer launches instead.... the good thing about PE is it shows System Interrupts too

Process Explorer detected as virus lol:

https://www.virustotal.com/en/file/31d7e647cf70cdd56d2effbb27941229c32649e4d5b382e487a8314935b44559/analysis/

 

Powered by EzPortal