Wednesday, January 29, 2014

Process Explorer v16.0 is out and now cooking with VirusTotal!

Sysinternals Site Discussion - Updates: Process Explorer v16.0, PsPing v2.01

Process Explorer v16.0: Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.

...

Process Explorer v16.0

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

image

Nice... Of course a good virus will be cloaked via a rootkit, but still, I think this is pretty neat (especially have just finished Mark's Zero Day novel... ;)

 

Related Past Post XRef:
Disk2vhd turns 2, v2.0 that is, and a few more Sysinternals utility updates
New Sysinternals utility released today, Disk2vhd v1.0 – Yes ...

Mark TechEd's you... See all four of Mark Russinovich's recent TechEd North America sessions
The “Windows Sysinternals Primer: Process Explorer, Process Monitor, and More” from TechEd 2010 North America

"Utilizing SysInternals Tools for Windows Client" - The Seven Part Series..
A "Windows Sysinternals Administrator's Reference" book by Mark Russinovich? You had me a $30 pre-order special price (and Sysinternals... and Mark Russinovich... and... )
Sysinternals 101 – “Notes from the field,” a quick intro to a few Sysinternals utilities (Process Explorer, TCPView, Process Monitor, VMMap)
Hands On Learning How to Use the Sysinternals Process Monitor Utility

A Sweet Summer Sysinternals Suite Refresh
It's a sweet suite! Windows Sysinternals Suite gets a summer refresh [August 3, 2012]...
Sysinternals Suite 2010 Refreshed - All the latest versions, one 12.4MB zip…
Sysinternals Suite Refreshed – All the latest Sysinternals Utilities, one tiny zip (well 10MB zip…)
Sysinternals Suite (8MB of Complete Sysinternals Goodness)

Mesh'ing Live.Sysinternals.com, using Vista Scheduling and Robocopy|
A handy PowerShell script to keep your Sysinternals Suite up to date
The latest Sysinternals utilities are just a URL away, Live.Sysinternals.com

Use the Sysinternals Utilities? The EULA bug dialog you? Then try this…

More desktops for Windows 8 with Sysinternals Desktops v2.0
It's a sunny day when we get a new Sysinternals utility...
It’s a new Sysinternals Tool Day! RAMMap v1.0 released

No comments: