Home > All, Microsoft, Security > Google + Microsoft = Process Explorer 16.0 – #Google, #VirusTotal – via @lseltzer

Google + Microsoft = Process Explorer 16.0 – #Google, #VirusTotal – via @lseltzer

This is kind of cool!

The latest version of Process Explorer, one of the top tools in Microsoft’s popular Windows Sysinternals suite, has incorporated support for the popular VirusTotal service run by Google.

The Sysinternals tools were written by Mark Russinovich and Bryce Cogswell before Microsoft bought their company many years ago. Russinovich continues to develop the tools in his spare time at Microsoft while working on their Azure cloud service.

To quote the “What’s New” section on microsoft.com:

    Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning.

VirusTotal was created and built up by Hispasec Systems, a Spanish security consulting firm. Over the years it became wildly popular to the point where it needed a cloud infrastructure on the scale that a company like Google could provide. Google took the service over in 2012 [Corrected from 2007].

As shown in the nearby image, when the user right-clicks on an entry in the process list there is a new option: “Check VirusTotal”. The first time you select this option you will have to agree to terms of service for VirusTotal. On subsequent checks, there is no obvious feedback when the user selects the Check VirusTotal option. Checking VirusTotal on the top-level process in the listing will cause Process Explorer to check all program files used in the process. Alternatively you can select individual DLLs and other files.


To see results, the user must right-click again on the entry and select Properties. On the Image tab of the resulting dialog box there is a new entry, pictured nearby. The VirusTotal field shows two numbers, “1/50” in this case. This means that 1 of the 50 antimalware engines — Anity-AVL — on VirusTotal detected malware — Trojan/Win32.Agent2 — in the submitted…

Continue reading here!


  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: