System Explorer is a powerful freeware utility that allows you to display and manage quite a few system components. There is a portable and an installable edition. I think, this tool belongs in every admin's toolbox.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
If you have a quick look at this tool's Windows Explorer-like user interface, you will get a first impression of its capabilities. I will only discuss those features that seem to be most interesting to me.
One usage scenario of System Explorer is the investigation of a system with suspicious behavior. You can quickly access many Windows components where malware can hide: processes, modules (system DLLs), drivers, auto starting applications, network connections, Internet Explorer addons, Explorer extensions (protocol filters, protocols, shell extensions, column handlers), and installed software. An important feature here is that you can hide all Microsoft system entries so you can get a swift overview of third-party components.
Most useful is that you easily get more information about the displayed components through their context menus. System Explorer allows you to search at SystemExplorer.com, ProcessLibrary.com, Google, VirtusTotal.com, and VirusScan.jotti.org.
Also very helpful is the history function that logs the activity of processes, network connections, events, and file changes. All activities are displayed chronologically, which helps you understand how a malware program operates. For example, you would see that it first starts a certain process, changes a file, and then connects to the internet. The only thing I miss here is a filter-like Sysinternals Process Monitor has that allows you to limit the output.
But System Explorer is not only for hunting malware. You can use this tool for all kinds of troubleshooting and system cleaning. Although, some of its features are included in Windows, System Explorer's main advantage is that you can switch quickly between its functions. So if you have to repair a computer that a user messed-up, you will instantly get an overview of the whole chaos and then use the tool to uninstall software, remove auto starting programs, disable drivers, etc. System Explorer also allows you to export a complete system report into a text file.
Another nice feature is the snapshot function. Its purpose is to compare two system states. For example, if you want to know what files or registry entries a setup program adds, you can create a snapshot before and after the installation, and then compare the two snapshots. The results can be displayed as a text file in chronological order and in a tree view. It is just a pity that the snapshots can't be used to revert system changes.
The WMI explorer completes this mighty system tool. Unfortunately, System Explorer 2.1.0 had problems with Windows 7 when I tested it, despite its publisher claims that the latest Windows version is supported. The General View of Additional Info folder (which offers an overview of many system settings) didn't work, the Opened Files folder (which allows you to close the handle of opened files) didn't show up at all, and the Startup folder (which displays auto starting apps) didn't display all relevant registry keys. It is possible that other features don't work properly under Windows 7. After I had these problems, I continued my test on Windows Vista where everything worked properly.
With so many portable tools like this already craming my toolbox, I’m not sure if I need another one. It’s feature set is very similar, so I may just do a feature-to-feature comparison and eliminate a few tools.
…and the fact that it appears to be having issues with Win7, will make it a little less desirable as well.
Yeah, I admit the Win7 problems are a downside of System Explorer. However, I think they will fix the problem soon. I think one can never have enough tools in the toolbox. If your favorite tool fails, you can still try another one.
Yeah, I use scriptomatic and VBS Edit and they always have an issue loading the WMI libraries on Win7 and 2008.
A new ‘feature’ I am sure.
I am looking for a LAN inventory tool I can run from USB. Any recommendations?
How about SoftPerfect Network Scanner?