14 DAY TRIAL // Using an anti-malware application is sometimes not quite the best solution as in noosing the baddies they are restricted by the definitions in the database. Even the behavioral activity cannot be 100% detected by the security softwares. And most of the times it's the user's job to discover what is going wrong on the computer.
Generally, a look in Task Manager will reveal some nasty processes having fun on your account. But Microsoft's Task Manager is not the most powerful on the market either and it's designed to show the average user the processes running on the computer and, with the latest enhancement, the services are also visible.
So what can you do? Out of the tons of process managers out there, there are very few of them I really trust. One is called Starter and was developed by CodeStaff. The other one is Process Monitor, created by the late Sysinternals and now under the big Microsoft umbrella.
The applications are not intended for the same purpose as Starter is one of the best process managers I have seen and Process Manager reveals the activity of every process running on your computer, showing real-time file system and giving detailed information on registry and processes/thread activity. But both of them deal with process activity and do an extraordinary job.
Process Monitor is not for the weak-hearted as the data displayed is not for the average user. It displays file system activity for all Windows file systems regardless of whether they are stored locally or remotely. Registry operations are also taken into sight by Process Monitor. To make the landscape complete the application monitors all process and their threads as well as exit operations and DLL and device driver load operations.
For those that can digest this kind of information the program is a godsend as all these details help better detect malicious codes running loose in your PC and terminating them. From the moment it is deployed, Process Monitor starts its activity providing accurate information on everything that is executed on your computer, be it user launched or pertaining to the system.
As the program displays a continuously increasing logfile, it is a bit difficult to make out the new operations taking place. So the solution comes under the form of creating filters that once applied will display only the desired content. Process Monitor's filter is extremely easy to use if you know what you are looking for. It is a simple matter of applying some conditions. Filtering options have a menu of their own in the menu bar and are not difficult to use.
Just to give you an example, let's say you want to see all the operations of a certain process, say Foobar2000. Simply select Process Name from the first drop down menu (attributes menu), apply the condition in the second drop down menu (exact match, beginning with, excluding etc.), select in the third drop down menu the process you need and in the last one choose if you want it included in the list or excluded.
However, filters are not restricted to processes and you can also select them by category, architecture they are built for, company, description, category (read/write metadata), sequence, session, user, time of day, virtualization, detail, event class etc. The choices are numerous and, again, if you know what you are looking for and the terminology is not unknown, you can easily sift them out.
A very important feature sported by the application is its ability to store the filters. Thus, it is enough to create a filter only once, save it, and the next time you are looking for the processes/operations defined by that filter, simply choose it from the list.
Under Tools menu there are the Trace Summary Tools. These include Unique Values which let you see the values for each of the selected attributes. This means that if you choose processes, you will be displayed the processes running on your computer. Next, you can filter on that process and check the log of the entire operation logged for the item.
Count Occurrences option will show the number of times an event contained the unique value in the trace for a user-defined attribute. I know it sounds complicated, but it is easier than it seems. If you choose Process Names, the application will display the number of times that process has appeared in the trace/log.
Process Summary tool comes in very handy when you want to have a briefing of the processes in the log. The brief contains their process ID (PID), name, command line activity span, file events, registry events and time, date and time of the first and last event.
Process Monitor goes as far as showing all the file activity on your computer, including reads, writes, how many times the file was opened and closed, amount of time spent performing I/O to the file etc. The same details are provided in the case of registries.
And to get advanced users more hyped up with the program, I just have to tell you that the history depth of the application goes as far as recording 199 million events. To get a grip on the value, think that two hours of staring at Process Manager and deploying other applications as well took me to almost two million and a half of recorded events. I saved that log (CSV and native PML formats supported) file just to see the size of it (could not resist the temptation). After a while (about two minutes) the operation completed and the CSV file reached the incredible size of 500MB.
Process Monitor is truly amazing. Every operation of every process is logged and provides a very good view of all the operations taking place on your computer.
The Good
Process Monitor logs every operation taking place on your computer. Nothing is overlooked and it is flexible enough to let you filter all the information it provides.
Trace Summary Tools are all you need to learn about this or that process or registry operation. Filters are easy to use and handle.
The Help menu comes to the rescue in case you are lost among all that information and terminology. All the answers are there and looking for them is very easy.
The Bad
It is a professional application and many users may not see beyond all the difficult terminology and values. Beginners and average users will definitely have trouble interpreting all the data.
The Truth
Truly a must on every advanced user's computer. Detailed information on events, operations, times sequences, process, file and registry summaries, they all help detect malfunctions on your computer and allow you to prevent disaster provided there's a good interpretation.
Above all, Process Monitor is absolutely free and will continue to stay that way (at least there is no evidence that the application is heading towards more commercial purposes).
From an expert user's point of view, Process Monitor's rating is definitely five stars all the way. But for the average users, the application may seem quite difficult to handle so the overall will be four stars. Newbies are not included as the application is not addressed to them.
Here are some snapshots of the application in action:
