Process Explorer 16 now with VirusTotal integration

Microsoft’s free Process Explorer is one of those utilities that every admin should have in his tool box. The new version 16 allows you to send hashes of suspicious files to VirusTotal, a subsidiary of Google, which analyzes files to identify malware.

Author
Recent Posts

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

Latest posts by Michael Pietroforte (see all)

Pip install Boto3 - Thu, Mar 24 2022
Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022

I don’t think I have to explain here what Process Explorer is. I first blogged about Process Explorer about eight years ago, and that was version 10. Every once in a while, Microsoft adds a cool new feature to the Sysinternals tool. (I wonder if Mark Russinovich is really still doing the coding. At least it says so on the download page.)

Process Explorer - Check VirusTotal

Process Explorer is usually the first tool I fire up when suspicious things are going on with a PC. With the new VirusTotal integration, you now just need a click (or two) to send hashes of files to VirusTotal. If a file has been previously submitted to VirusTotal, Process Explorer will tell you if the file is likely harmless or malicious.

Process Explorer - VirusTotal result

If you click “Check VirusTotal” in the context menu of a file that VirusTotal can’t identify, Process Explorer will display “Unknown” in the new VirusTotal column. If VirusTotal can identify the file by its hash, Process Explorer displays a link to the VirusTotal website containing a list of the scan results of various well-known antivirus tools.

Unknown hash

It is also possible to look up all files displayed in the process and DLL view by selecting "Check VirusTotal" in the Options menu. You can then send all unknown files to VirusTotal by navigating to "Submit Unknown Executables" in the VirusTotal.com Options menu. (Note: In a previous version of this article, I mentioned that this functionality was discussed in a WindowsITPro article and that I wasn't able to find this feature.)

Process Explorer - Submit unknown files to VirusTotal

I guess it was too hot for Microsoft to offer a tool that sends files across the Internet to a third-party site. This limits the usefulness of this new feature a little. However, I use VirusTotal frequently, and it only happens in very rare cases that a file hasn’t been scanned previously. In my test, VirusTotal didn’t know the relatively new Amazon WorkSpaces client.

VirusTotal result page

On a Windows 8.1 computer, Process Explorer v16 was extremely unstable and crashed several times. So, you might want to keep a copy of the previous version. Update: Microsoft is aware of the bug and will probably offer an update.

Want to write for 4sysops? We are looking for new authors.

4sysops members can earn and read without ads!