Skip to content

How to check all Windows running processes for modifications

Sysinternals' Process Explorer is just the best when it comes to watching all processes that are running on your machine. I've been using it for years and I'm not afraid to say it's the best single executable I ever came across. Tools such as this one are what makes Windows a great OS to work on.

process-explorer-overview

I use it all the time to check:

  • how much memory/cpu processes take
  • to kill processes
  • to find new processes running on my machine (such as after a new software install: I dislike those pesky installers that silently install services and processes that start with Windows)
  • to find the path to a certain executable

What I recently discovered however is that right from within Process Explorer, you can actually verify the signatures of all presently running executables.

process-explorer-verify-signatures

and even better submit the hash of every single running executable to Virustotal for validation with all major antivirus engines.

process-explorer-check-virustotal

Here's how it looks once the check was done.

process-explorer-virustotal-results

As you can see I have one process that requires further attention. It's Notepad++. Simply clicking on the "1/57" brings up the virustotal report which after verification proves to be harmless.

process-explorer-virustotal-result-notepad