System Explorer and System Security Guard – A Review

Depending on which version of Windows Task Manager you use, you may find that it provides you with usable information – or not. Windows Task Manager is most commonly used to display information on all processes running on your computer, as well as advising you of the CPU and memory usage stats for a given process. Additional selective information on running applications, performance, local area connection and information on users, is also available.

But, back to running processes for a moment. What if you need additional information on a running process – or, processes? How, for example, would you determine which processes are safe if you rely on Windows Task Manager?

Running Windows Task Manager in Windows 8 (a major improvement over previous versions), as I’ve done for the following example, is not particularly useful since the only option is a raw online search. Which, in a real sense, is a hit and miss affair. Give it a try with your version of Windows Task Manager – you might be surprised to see just how cumbersome it is.

Instead, taking advantage of one of the built-in features in the freeware application, System Explorer, is a much more appropriate solution. In the following example, the selected process can easily be checked at VirusTotal, and at VirusScan, directly from within System Explorer.

It’s unlikely however, that you’ll have to take this extra step – since System Explorer has been designed to automatically rate, and provide details on processes that are listed in the developer’s extensive database.

Further information can be obtained by clicking on the “See More Details” link which will open the database reference at the developer’s site, as shown below.

System Explorer is not a one-trick pony since it has the capacity to provide detailed information on Tasks, Processes, Modules, Startups, IE Add-ons, Uninstallers, Windows, Services, Drivers, Connections and Opened Files. For this review I’ve focused on the security aspect and next up is System Explorer’s “Security Scan” which is easily launched from the GUI.

As you can see in the following screen capture – running processes are checked online against the developer’s extensive database.

The following screen capture shows a small portion of the 808 processes compared against the developer’s database.

Additional information on any specific process can easily be obtained by clicking on the “Details” link, as illustrated below.

One aspect of this application which I found intriguing is the “History” function. Running this function allows the user to view and develop information on currently running processes as well as those process running earlier but which are no longer running.

System requirements: Windows XP, Vista, Win 7.

Download at: System Explorer Net

Note: also available in a portable version that is just right for geeks on the go.

System Security Guard

System Security Guard, in a broad sense, is very much like the “Security Scan” built into System Explorer. System Security Guard however, as a stand alone small security utility, is designed to run at system startup and automatically scan running processes. As well, all new processes, as they are launched, are scanned.

The results of the initial run with System Security Guard shown below.

For this review I set the application to run at startup, and the following graphic represents the results following a week or so of automatic running. You’ll note that the application has identified 4 “Threat Files” – which, in reality, is the same file which has been flagged 4 times (each time the application was launched).

The application (CurrPorts), was flagged for good reason since it behaves in a way similar to that of a remote access Trojan. That is – it connects to the Internet in a peculiar way.

For illustrative purposes only, I ran the file against the developer’s database. However, since I use this application frequently throughout the day, I’m aware that this is a safe program.

System requirements: Windows XP, Vista and Win 7.

Download at: the developer’s site.

A big “Thank You” to regular reader Charlie L. for referring me to these applications.

Comodo Cleaning Essentials – An Aggressive On-Demand Malware Scanner

This past week, Neil J. Rubenking, PC Magazine’s lead analyst for security, in his article – The Best Free Antivirus for 2012 – included Comodo Cleaning Essentials.  Earlier this year, I took this freebie application for a test run and wrote up my impressions. Curiously, this post had both Twitter and Facebook referrals but, limited response from regular readers.

Comodo Cleaning Essentials is a tough application when used in the fight against malware, and in the event you missed this post, I’ve republished it here.

Comodo Cleaning Essentials

Comodo’s recently released portable Comodo Cleaning Essentials (freeware), is an interesting breed of applications within applications – an aggressive on-demand malware scanner (the core application), combined with several system tools – a variation of Windows Task Manager (Killswitch), and an Autorun Analyzer.

Users who are familiar with Sysinternals Process Explorer will have little difficulty getting down to work with Comodo’s Autorun Analyzer. Or, for that matter, Killswitch – an impressive Windows Task Manager replacement.

For now, I’ll focus on the on-demand malware scanner. All graphics in the following review can be expanded to their original size.

Simple, straightforward, and easy to understand GUIs are the standard – and, Comodo Cleaning Essentials meets that standard.

For my initial test run, I did not hold back in terms of the volume of information the application had to deal with – as illustrated in the following graphic. I should add – I set the selectable heuristics at “low level”. Users may choose to bump up  this setting.

Updating of the database is an automatic process, as illustrated.

Following application launch, my first reaction was – Get It Done! Thirty six minutes in, and memory scanning had not yet been completed. SLOW!

Three hours plus. Yawn – I’M WAITING!!!!!!!!

Waiting still – at the four hour plus mark. At this point I exited the application (2 Million objects scanned), since drive E: is malware free. As well, the 49 threats found by the scanner were all false positives – not a bad thing necessarily. More on this to follow.

Comodo Cleaning Essentials is no slouch at eating up the clock cycles – as illustrated in the following screen shot.

I jumped ahead here a little bit here, and ran a comparable scan with Microsoft Security Essentials which, as you can see in the following graphic, is not a system resource hog.

MSE test run – using the same test parameters.

The MSE scan completed in just under three hours. Keep in mind however – MSE is not portable, and is designed to act as a first line of defense against malware penetration.

Comodo Cleaning Essentials on the other hand, has been crafted as a “real world – everything is messed up” solution. Especially valuable in circumstances where malware has blocked access to onboard AVs.

The false positive issue.

No doubt, warnings and cautions generated by antimalware scanners, can often be a major frustration – time consuming and just a pain in the butt. On the other hand, scanning a HD which has been overrun by malware, demands the use of an aggressive tool – and, Comodo Cleaning Essentials certainly qualifies as “aggressive”. Simply put – you can’t have your cake and eat it too.

Autorun Analyzer:

As mentioned earlier, this component is a Process Explorer takeoff – with a number of worthwhile additional features.

The following screen capture (showing all entries), indicates 3 possible unsafe entries which, on investigation proved to be benign. Still, better safe than sorry. So, I take no issue with warnings which prove to be a “false alarm”. I’m all in favor of a “give me the bad news philosophy” – I’ll determine the relevancy of the information provided.

KillSwitch:

As a Windows Task Manager Replacement, KillSwitch has it in spades. The following screen shots illustrate just a few of the enhancements.

Over the years, I’ve happily been able to convince more than a few readers to occasionally spot check their network connections, using stand alone applications such as CurrPorts.  KillSwitch includes this capability – a very good move in my estimation.

Finally (at least for this report), KillSwitch includes a “Quick Repair” tool which, in the right circumstance, could be invaluable. Sorry, for this review I couldn’t find any items on this test platform to repair.  

Fast facts: 

Classifies the threat level of all objects and processes currently loaded into memory and highlights those that are not trusted

Allows the admin to terminate, delete or suspend every untrusted item with a single click.

On-demand malware scanner quickly finds viruses, rootkits and hidden services

Extremely efficient malware removal routines thoroughly disinfect virus stricken endpoints

Detailed statistics and graphs allow admins to analyze and fine tune system activity to almost infinite levels of detail

Leverages Comodo’s huge whitelist database to accurately identify the trust status of every running process with minimal false positives

Integration with Comodo cloud scanning technology delivers instant behavioral analysis of unknown processes

Powerful system tools provide control over even the most obscure system settings

Simple interface for admins to manage trusted vendors list

Comprehensive event logs provide detailed overview of system activity on endpoint machines

Quick repair feature allows fast restoration of important Windows settings

Can replace the standard Windows Task Manager if required

Another indispensable addition to admin’s security toolkit to complement software such as Comodo Internet Security

Lightweight – requires no installation and can be run right from a USB stick

System Requirements: Windows 7 – 32 and 64 bit, Windows Vista – 32 and 64 bit, Windows XP – 32 and 64 bit

Download at: Comodo

I’m not suggesting that Comodo Cleaning Essentials is the perfect tool (if you find such a tool, please let me know     ), but, if you’re on the hunt for a lightweight, standalone security application – that doesn’t require installation – Comodo Cleaning Essentials deserves a close look.

A caveat: This application is not designed to be used by anyone other than highly knowledgeable, and well experienced users.

Comodo Cleaning Essentials – Fast It’s Not – Powerful It Is

Comodo’s recently released portable Comodo Cleaning Essentials (freeware), is an interesting breed of applications within applications – an aggressive on-demand malware scanner (the core application), combined with several system tools – a variation of Windows Task Manager (Killswitch), and an Autorun Analyzer.

Users who are familiar with Sysinternals Process Explorer will have little difficulty getting down to work with Comodo’s Autorun Analyzer. Or, for that matter, Killswitch – an impressive Windows Task Manager replacement.

For now, I’ll focus on the on-demand malware scanner. All graphics in the following review can be expanded to their original size.

Simple, straightforward, and easy to understand GUIs are the standard – and, Comodo Cleaning Essentials meets that standard.

For my initial test run, I did not hold back in terms of the volume of information the application had to deal with – as illustrated in the following graphic. I should add – I set the selectable heuristics at “low level”. Users may choose to bump up  this setting.

Updating of the database is an automatic process, as illustrated.

Following application launch, my first reaction was – Get It Done! Thirty six minutes in, and memory scanning had not yet been completed. SLOW!

Three hours plus. Yawn – I’M WAITING!!!!!!!!

Waiting still – at the four hour plus mark. At this point I exited the application (2 Million objects scanned), since drive E: is malware free. As well, the 49 threats found by the scanner were all false positives – not a bad thing necessarily. More on this to follow.

Comodo Cleaning Essentials is no slouch at eating up the clock cycles – as illustrated in the following screen shot.

I jumped ahead here a little bit here, and ran a comparable scan with Microsoft Security Essentials which, as you can see in the following graphic, is not a system resource hog.

MSE test run – using the same test parameters.

The MSE scan completed in just under three hours. Keep in mind however – MSE is not portable, and is designed to act as a first line of defense against malware penetration.

Comodo Cleaning Essentials on the other hand, has been crafted as a “real world – everything is messed up” solution. Especially valuable in circumstances where malware has blocked access to onboard AVs.

The false positive issue.

No doubt, warnings and cautions generated by antimalware scanners, can often be a major frustration – time consuming and just a pain in the butt. On the other hand, scanning a HD which has been overrun by malware, demands the use of an aggressive tool – and, Comodo Cleaning Essentials certainly qualifies as “aggressive”. Simply put – you can’t have your cake and eat it too.

Autorun Analyzer:

As mentioned earlier, this component is a Process Explorer takeoff – with a number of worthwhile additional features.

The following screen capture (showing all entries), indicates 3 possible unsafe entries which, on investigation proved to be benign. Still, better safe than sorry. So, I take no issue with warnings which prove to be a “false alarm”. I’m all in favor of a “give me the bad news philosophy” – I’ll determine the relevancy of the information provided.

KillSwitch:

As a Windows Task Manager Replacement, KillSwitch has it in spades. The following screen shots illustrate just a few of the enhancements.

Over the years, I’ve happily been able to convince more than a few readers to occasionally spot check their network connections, using stand alone applications such as CurrPorts.  KillSwitch includes this capability – a very good move in my estimation.

Finally (at least for this report), KillSwitch includes a “Quick Repair” tool which, in the right circumstance, could be invaluable. Sorry, for this review I couldn’t find any items on this test platform to repair.  

Fast facts: 

Classifies the threat level of all objects and processes currently loaded into memory and highlights those that are not trusted

Allows the admin to terminate, delete or suspend every untrusted item with a single click.

On-demand malware scanner quickly finds viruses, rootkits and hidden services

Extremely efficient malware removal routines thoroughly disinfect virus stricken endpoints

Detailed statistics and graphs allow admins to analyze and fine tune system activity to almost infinite levels of detail

Leverages Comodo’s huge whitelist database to accurately identify the trust status of every running process with minimal false positives

Integration with Comodo cloud scanning technology delivers instant behavioral analysis of unknown processes

Powerful system tools provide control over even the most obscure system settings

Simple interface for admins to manage trusted vendors list

Comprehensive event logs provide detailed overview of system activity on endpoint machines

Quick repair feature allows fast restoration of important Windows settings

Can replace the standard Windows Task Manager if required

Another indispensable addition to admin’s security toolkit to complement software such as Comodo Internet Security

Lightweight – requires no installation and can be run right from a USB stick

System Requirements: Windows 7 – 32 and 64 bit, Windows Vista – 32 and 64 bit, Windows XP – 32 and 64 bit

Download at: Comodo

I’m not suggesting that Comodo Cleaning Essentials is the perfect tool (if you find such a tool, please let me know     ), but, if you’re on the hunt for a lightweight, standalone security application – that doesn’t require installation – Comodo Cleaning Essentials deserves a close look.

A caveat: This application is not designed to be used by anyone other than highly knowledgeable, and well experienced users.

Process Hacker 1.9 – Easier Control Over Windows Processes

If you’re running on Windows 7, no doubt you’ve noticed significant benefits in running this operating system over previous versions of Windows. One of the small improvements, in my view , is an improvement in the Windows Task Manager tool, which finally shows “running processes”.

Still, Windows Task Manager continues to fall far short of providing me with all the information that I really need to control my system more effectively.

Process Hacker 1.9 (release date, December 30, 2009), is  a free (open source), Windows Task Manager replacement which takes up the challenge where Windows Task Manager leaves off.

Installation and setup is simple – just follow the bouncing ball.

A very simple interface makes it easy to use Process Hacker (for both novices and pros alike), to manage computer resources and yet, this application is packed with features.

Fast facts:

Presents information clearly – A simple, customizable tree view with highlighting which shows the processes running on your computer.

Comprehensive information for all processes.

Provides a range of process termination methods – Process Hacker can terminate, suspend, resume, restart and set the priority of processes. Processes are highlighted to provide additional information such as whether they are elevated or in a job. More interesting things you can do with processes include injecting DLLs and even replacing security tokens (XP only).

Detailed performance graphs.

A list of network connections – since I like to check my ports and connections frequently, I found this very helpful.

Finds hidden processes and allows you to terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Modules – It can display the modules loaded by each process and their properties. It can also find the address of any exported function in a module, change page protection of the module’s memory region, and read the module’s memory.

Threads – It can also terminate, suspend, resume and set the priority of threads. Symbolic start addresses are provided, and double-clicking a thread will show its call stack.

Additionally, GUI threads (threads which have made at least one call to a GUI function) are highlighted.

Search – Process Hacker also supports saving memory search results and even intersecting (finding common items between) two sets of search results.

Handles – It can display the handles opened by processes and can close them.

Memory – It can display the memory regions in a process’ virtual memory space, and even read/write data using a built-in hex editor.

Token – It can display each process’ primary token and its user, source, groups and privileges. It even allows you to enable and disable privileges.

Following an earlier review of Process Hacker, a reader familiar with this application commented:

“Very useful tool, Bill. I really like the way in which the information is presented, it’s very easy to understand and has plenty of very useful features. The “search online”  feature is particularly useful to have, better than ProcessQuickLink, for me”.

The following is from a PC World review:

“Process Hacker is an astoundingly useful and full-featured tool for monitoring and, yes, hacking ongoing processes on your PC. There is an astonishing amount of functionality crammed into a clean, well-designed, interface”.

Systems Requirements: Windows XP, Windows Vista, Windows 7 – 32-bit or 64-bit.

Additional Requirements: Microsoft .NET Framework 2.0

Note: Certain functionality including detection of hidden processes, full control over all processes, and the ability to protect/unprotect processes is only available on 32-bit systems.

Recommendation: If you need information on what’s running on your system, system resource usage, or evaluating application performance, then Process Hacker is definitely worth taking a look at.

Overall I think this is a terrific free application and I have added it to my geek toolbox. Since malware can often restrict access to the Windows Task Manager, this application is good insurance to have handy.

Special note: Provides full control over all processes, even processes protected by rootkits or security software. You can find hidden processes and terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Download at: SourceForge

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Look Under the Hood of Your PC with What’s Running

Regular readers are going to start thinking that along with my addiction to wine, women, and song, I must be addicted to writing reviews on Windows Task Manager replacements.

This review is a little different though, since I’ve written it with the casual computer users’ needs in mind, rather than the more experienced user I usually focus on. But, I promise, this will be the last one for some time.

If you are a new or a casual computer user, What’s Running is a free application that can help you easily find what is actually running on your computer. It presents a number of views, in a tabbed format, and each one relates to what’s really running on your machine.

Helpful definitions:

Let’s start with processes; the most basic concept – every program you start, or is started by the operating system, is a process. In the process view you can see all the processes easily.

Services are background tasks – keep in mind that a process can contain many services.

The modules are actual files with code and other data, that a process needs. Each process contains at least one loaded module.

Drivers are small programs loaded by the system, to handle hardware and specific system tasks.

IP connections are connections that your computer needs to make in order to send and receive data from the Internet.

Process View:

Services View:

Modules View:

Internet Connections View:

Startup View:

Fast facts:

Processes – Inspect your processes and find all the relevant details that you need. Get performance and resource usage data such as memory usage, processor usage and handles. As well, you get details about what dll:s are loaded, what services are running within the process, and what IP connections each process has.

IP Connections – Find out information about all active IP connections in the system. Get a list of what remote connections each program has, and find out what applications are listening for connections.

Services – Inspect what services are running or stopped and  find the process for your services and inspect its properties easily.

Modules – Find information about all dll:s and exe:s in use in your system. For each module you can find all processes that have loaded the module. Also you can find the full path and immediately open the folder where the file is located.

Drivers – Find information about all drivers. For running drivers you can inspect the file version to find the supplier of the driver.

Startup – Manage all your startup programs. Disable, edit, delete, etc. Manage startup programs regardless of source (registry or Startup folder).

If you are a new or casual computer user, What’s Running is a terrific application that will help you become familiar with your computer; what drives it, and in an overall sense – how it works.

Once you become familiar with your machine, you can then start taking action, including stopping and starting processes and services, and preventing unwanted programs from running on startup.

Experienced users know, that applications such as What’s Running can be used as an aid in tracking down malware infections. As a new, or casual user, it won’t take long before you have the ability to do the same thing, once you learn to harness the power of What’s Running.

System requirements: Windows 2000, Windows XP, Windows Vista, Windows 7

USB compatible: During the install process, you have the option of a minimum install to a Flash Drive.

Download at: Major Geeks

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Process Hacker 1.5 – A Worthwhile Windows Task Manager Replacement

As I have mentioned here previously, running on Windows 7 has loads of benefits over running on Windows XP Pro, including an improvement in the Windows Task Manager tool, which finally shows “running processes”. Still, Windows Task Manager continues to fall far short of providing you with all the information that you really need.

Process Hacker 1.5 is yet another free (open source), Windows Task Manager replacement which takes up the challenge where Windows Task Manager leaves off.

Installation and setup is simple – just follow the bouncing ball.

A very simple interface makes it easy to use Process Hacker 1.5, for both novices and pros, to manage computer resources, yet this application is packed with features.

Fast facts:

Presents information clearly – A simple, customizable tree view with highlighting which shows the processes running on your computer.

Comprehensive information for all processes.

Provides a range of process termination methods – Process Hacker can terminate, suspend, resume, restart and set the priority of processes. Processes are highlighted to provide additional information such as whether they are elevated or in a job. More interesting things you can do with processes include injecting DLLs and even replacing security tokens (XP only).

Detailed performance graphs.

A list of network connections – since I like to check my ports and connections frequently, I found this very helpful.

Finds hidden processes and allows you to terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

Modules – It can display the modules loaded by each process and their properties. It can also find the address of any exported function in a module, change page protection of the module’s memory region, and read the module’s memory.

Threads – It can also terminate, suspend, resume and set the priority of threads. Symbolic start addresses are provided, and double-clicking a thread will show its call stack.

Additionally, GUI threads (threads which have made at least one call to a GUI function) are highlighted.

Search – Process Hacker also supports saving memory search results and even intersecting (finding common items between) two sets of search results.

Handles – It can display the handles opened by processes and can close them.

Memory – It can display the memory regions in a process’ virtual memory space, and even read/write data using a built-in hex editor.

Token – It can display each process’ primary token and its user, source, groups and privileges. It even allows you to enable and disable privileges.

Systems Requirements: Windows XP, Windows Vista, Windows 7 – 32-bit or 64-bit.

Additional Requirements: Microsoft .NET Framework 2.0

Note: Certain functionality including detection of hidden processes, full control over all processes and the ability to protect/unprotect processes is only available on 32-bit systems.

Recommendation: If you need information on what’s running on your system, system resource usage, or evaluating application performance, then Process Hacker is definitely worth taking a look at.

Overall I think this is a terrific free application and I have added it to my geek toolbox. Since malware can often restrict access to the Windows Task Manager, this application is good insurance to have handy.

Download at: PC World

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Stay in Control With Free Auslogics Task Manager

Running on Windows 7 has loads of benefits over running on Windows XP Pro, including an improvement in the Windows Task Manager tool, which finally shows “running processes”.

But Windows Task Manager still remains a bit of a tease. Sure it provides you with some usable information, but it falls far short of providing you with all the information that you really need. A recent free offering from Auslogics, of Auslogics Disk Defrag fame, takes up the challenge where Windows Task Manager leaves off.

A very simple interface makes it easy to use Auslogics Task Manager, for both novices and pros, to manage computer resources.

Windows task manager (on Win 7)

Versus Auslogics Task Manager (on Win 7)

Fast facts:

View application and process

Shows all open files including the application that has locked it

Provides a security rating

View open files

Shows CPU usage

View memory and disk utilization

Shows Internet traffic and priority

End or freeze a process

Adjust CPU affinity and priority

This is a terrific free application and I have added it to my geek toolbox. Since malware can often restrict access to the Windows Task Manager, this application is good insurance to have handy.

Note: also available in a portable version that is just right for geeks on the go.

Download at: Major Geeks

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.