Windows Task Manager serves a purpose, but we recommend you replace it with Process Explorer for many reasons. A few of the reasons for using Process Explorer:
- It is Free.
- It easily integrates with VirtusTotal.
- It shows process dependencies / process trees.
Here is the information Windows Task Manager shows you:
Here's the same information shown with Process Explorer:
As you can see in Process Explorer - the process "Cain.exe" was flagged as malicious by 16 out of 54 Anti-malware vendors on VirusTotal.
How do you replace Windows Task Manager with Process Explorer? Here are the steps:
1. Download Process Explorer or the entire Sysinternals Suite from here, the legit Microsoft site:
We recommend the Sysinternals Suite, as it has many other useful tools.
2. After you extract either download in Step 1, run Process Explorer (procexe.exe) by double-clicking on it.
3. After Process Explorer starts and you accept the EULA, go to File and choose Show Details for All Processes
4. Go to Options and choose Replace Task Manager
5. Go to Options and choose VirusTotal.com and select Check VirusTotal.com
- Malware Analysis course for training on Windows Internals, Malware Analysis, Debugger Usage, and more.
- Malware analysis resources
Also, if you're interested, Mark Russinovich, the creator of Sysinternals, has written a few excellent reference books on Windows Internals. Aptly named Windows Internals Part 1 and Part 2. He's also written a few fiction novels about his alter-ego "Jeff Aiken". These are decent.