handy security tool

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

handy security tool

(1/3) > >>

Target:
saw this on Addictive Tips

if you're like me and you've been wondering just what all those service host processes were doing this may help - Service host Analyzer

Want to check which user application or Windows utility initiated a specific instance of svchost.exe process? The svchost is basically a small executable file that resides in system32 folder. It is a generic Windows host process that plays a vital role in keeping all the system and user initiated services stable. Since Task Manager doesn’t provide a detailed information on running instances of svchost executables, you may need Svchost Process Analyzer to analyze the services and applications that run multiple instances of svchost.exe and to identify all the svchost related malwares. It helps you prevent Windows from those malwares and viruses which create a fake svchost.exe file at different locations to exploit user’s access rights; it lists down all the running instances of svchost processes with detailed information, so that you can easily identify malware infected svchost.exe files.

--- End quote ---

disclaimer - I have nothing to do with the developer whatsoever, nor can I vouch for the efficacy of the app. I posted it here simply because I figured the functionality may be of interest to others (as it was to me)

Stoic Joker:
It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV

Target:
It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV
-Stoic Joker (November 15, 2011, 06:38 PM)
--- End quote ---

I guess I would probably ignore most of the warnings, :-\

The interesting bit for me was being able to see what initiated or was using the service host process...

Stoic Joker:
True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at. :)

I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

...In a pinch, but its lacking the file name/path info does make your GUI there interesting.

Target:
True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at. :)-Stoic Joker (November 15, 2011, 08:54 PM)
--- End quote ---

:Thmbsup:

I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

--- End quote ---

didn't know about that one, thanks!!

Navigation

[0] Message Index

[#] Next page

Go to full version