Windows Sysinternals has released Process Explorer 16, a major update which sees the popular system monitoring tool gain full VirusTotal integration.
If you spot a process which looks suspicious, you can now right-click it, and select “Check VirusTotal”. Process Explorer then submits the file hash, displays the number of antivirus engines which detect it as a threat (“4/48”), and clicking that figure opens a browser window with the full report.
Better still, click Options > VirusTotal.com > Check VirusTotal.com and Process Explorer 16 will check the hashes of all processes (those running now, or launched later) and loaded DLLs with VirusTotal, displaying the results a few seconds later.
The use of hashes means that, by default, Process Explorer 16 can only highlight known threats. Click Options > Submit Unknown Files, though, and the program can upload mystery executables for further analysis. Of course this will also take much longer, and consume far more network bandwidth, so it’s probably best to leave this option off unless you’re sure you need it.
There are some issues here. When we first enabled the “Check VirusTotal.com” setting, Process Explorer displayed a “The system cannot find the file specified” error for some processes, rather than its VirusTotal score. This is misleading; the real problem is that Process Explorer doesn’t have the rights to access those processes, and launching the program as an administrator should allow it to check everything.
More seriously, we found Process Explorer 16 crashed several times, after it had been running for a few minutes. [Update, 5th February: a possible cause for this has been found and fixed in Process Explorer 16.01]
Whether there is a bug here or not, VirusTotal integration is going to be a major plus for the program, as it helps even inexperienced users to quickly spot potential threats. Process Explorer 16 is available now.