Google + Microsoft = Process Explorer 16.0

Google + Microsoft = Process Explorer 16.0

Summary: Process Explorer, a free tool from Microsoft, now integrates support for VirusTotal, a free public service from Google.


The latest version of Process Explorer, one of the top tools in Microsoft's popular Windows Sysinternals suite, has incorporated support for the popular VirusTotal service run by Google.

The Sysinternals tools were written by Mark Russinovich and Bryce Cogswell before Microsoft bought their company many years ago. Russinovich continues to develop the tools in his spare time at Microsoft while working on their Azure cloud service.

To quote the "What's New" section on

    Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to report pages and you can even submit files for scanning.

VirusTotal was created and built up by Hispasec Systems, a Spanish security consulting firm. Over the years it became wildly popular to the point where it needed a cloud infrastructure on the scale that a company like Google could provide. Google took the service over in 2012 [Corrected from 2007].

As shown in the nearby image, when the user right-clicks on an entry in the process list there is a new option: "Check VirusTotal". The first time you select this option you will have to agree to terms of service for VirusTotal. On subsequent checks, there is no obvious feedback when the user selects the Check VirusTotal option. Checking VirusTotal on the top-level process in the listing will cause Process Explorer to check all program files used in the process. Alternatively you can select individual DLLs and other files.


To see results, the user must right-click again on the entry and select Properties. On the Image tab of the resulting dialog box there is a new entry, pictured nearby. The VirusTotal field shows two numbers, "1/50" in this case. This means that 1 of the 50 antimalware engines — Anity-AVL — on VirusTotal detected malware — Trojan/Win32.Agent2 — in the submitted file.

As you can see in this example, the sample submitted is SkyDrive.exe, the actual Microsoft SkyDrive executable and probably not actually malware. Click on the "1/50" and the default browser will open witha page on providing details of the scan. Below is an image of that page.

The false positive in this test result is not a reflection on VirusTotal, but rather on Anity-AVL. I have already submitted the scan result to them as a false positive.

These scans are a snapshot in time, and as the antimalware engines and their signatures update the results may change. You can rescan an executable on the VirusTotal service and see the changes. In fact, VirusTotal and a few other services like it are favorite tools of malware writers who use it to see if the current antimalware engines will detect their programs.

Both VirusTotal and the Sysinternals tools are great examples of the wealth of first-rate free tools available to IT and developers. It's especially rewarding to see people from Google and Microsoft working together, even if under the radar a bit, to make both of them better.


Topics: Security, Google, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Kewl!11

    This is cool. How many times have you opened up task manager and wondered what those random, oddly named processes are and if any are malicious? I hadn't heard of this service, but might just have to give it a go (and don't give me this fuddy, duddy about Google getting at my data... I'm sure by now they know my favorite band of condom and have added every pimple on my butt to Google maps street-view.)
    • Street View

      No. They apparently missed some.

      Please go outside from 8 to 10a and moon the street.
  • Not so popular . . .

    "the popular VirusTotal service run by Google."

    Popular? Never heard of it.
    • It's really popular

      • Not impressed.

        Maybe two million?

        Not impressed.

        World of Warcraft is what, 7.6 million? Used to be over 10 million? But tech publications still have the gall to claim gaming is "niche."
      • Sounds useful, but I never heard of it.

        I asked about ten people now, if they have ever used it, and the fact is, not one in ten heard of it.

        It sounds useful, but lets not get carried away by saying popular.
  • TIP: Replace Task Manager

    In Process Explorer, on the Options menu select "Replace Task Manager". Now when you launch Task Manager you will, instead, launch ProcExp.
    • Wow, that's cool.

      Not sure I'd do it on my home Win8.1 box (the Win8 TaskMan is pretty nice), but it might make sense for my work/dev machine here at the office.
  • So, Microsoft is now a devices and services company

    and it uses VirusTotal, a free public service from Google?

    Seems like its time for Microsoft to acquire Jotti's online malware scanning service here:

    Or, perhaps, roll their own.
    Rabid Howler Monkey
  • Aren't they enemies ?

  • to quote Larry S

    "The Sysinternals tools were written by Mark Russinovich and Bryce Cogswell before Microsoft bought their company many years ago."

    MANY years ago? It was less than 8 years back on Jul 18 2006. That hardly qualifies as many. Another fine example of journalistic exaggeration or is it I couldn't be bothered to look it up and many sounded good?
    • In the IT field

      Eight years is a VERY long time. Are you using the same office suite? The same OS? The same hardware? The same printer? Eight years ago, my home rig was completely different.

      Eight years ago here at work I was using an HP single core CPU laptop with 2 GB of RAM and a 160 GB HDD running Windows XP with a dock and a single 19" monitor. Now I'm using a Lenovo i7 quad core laptop with 16 GB of RAM and a 500Gb HDD running Windows 7 with a dock and dual 24" wide screen monitors.

      Yeah, 8 years ago is a lifetime in IT.
    • 8 years is many years in this business

      I think I was the first person in the press Mark Russinovich told about the move to Microsoft. I remember when it was and yes, that's a long time ago by the standards of this business.
  • Supercool!

    Russinovich rules!

    Just noticed the GPU Usage tab for the first time also. No grass is growing despite the MS purchase.
  • abloid journalism

    I find it interesting how you mention Google first like they implemented process explore. Title is very misleading as always on ZDnet. It should have been Microsoft + Google…

    I know its hard.. but at least give credit where credit is due. This is typically ZDNet. Tabloid journalism and click bait.
  • Google + Microsoft = Process Explorer 16.0

    Downloaded and installed, just as great as the previous versions. Process Explorer is by far one of the most useful utilities for Microsoft Windows.
  • Version 16.01 is Out

    Make sure you update to Process Explorer 16.01.

    It fixes a problem with v16.0 that caused it to crash on some Windows 7 x64 systems.