- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
I don’t think I have to explain here what Process Explorer is. I first blogged about Process Explorer about eight years ago, and that was version 10. Every once in a while, Microsoft adds a cool new feature to the Sysinternals tool. (I wonder if Mark Russinovich is really still doing the coding. At least it says so on the download page.)
Process Explorer - Check VirusTotal
Process Explorer is usually the first tool I fire up when suspicious things are going on with a PC. With the new VirusTotal integration, you now just need a click (or two) to send hashes of files to VirusTotal. If a file has been previously submitted to VirusTotal, Process Explorer will tell you if the file is likely harmless or malicious.
Process Explorer - VirusTotal result
If you click “Check VirusTotal” in the context menu of a file that VirusTotal can’t identify, Process Explorer will display “Unknown” in the new VirusTotal column. If VirusTotal can identify the file by its hash, Process Explorer displays a link to the VirusTotal website containing a list of the scan results of various well-known antivirus tools.
It is also possible to look up all files displayed in the process and DLL view by selecting "Check VirusTotal" in the Options menu. You can then send all unknown files to VirusTotal by navigating to "Submit Unknown Executables" in the VirusTotal.com Options menu. (Note: In a previous version of this article, I mentioned that this functionality was discussed in a WindowsITPro article and that I wasn't able to find this feature.)
Process Explorer - Submit unknown files to VirusTotal
I guess it was too hot for Microsoft to offer a tool that sends files across the Internet to a third-party site. This limits the usefulness of this new feature a little. However, I use VirusTotal frequently, and it only happens in very rare cases that a file hasn’t been scanned previously. In my test, VirusTotal didn’t know the relatively new Amazon WorkSpaces client.
VirusTotal result page
On a Windows 8.1 computer, Process Explorer v16 was extremely unstable and crashed several times. So, you might want to keep a copy of the previous version. Update: Microsoft is aware of the bug and will probably offer an update.