Welcome Guest.   Make a donation to an author on the site September 15, 2014, 10:00:16 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the Practical Guide to DonationCoder.com Forum Search Features
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: handy security tool  (Read 3101 times)
Target
Honorary Member
**
Posts: 1,402



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: November 15, 2011, 05:59:57 PM »

saw this on Addictive Tips

if you're like me and you've been wondering just what all those service host processes were doing this may help - Service host Analyzer

Quote
Want to check which user application or Windows utility initiated a specific instance of svchost.exe process? The svchost is basically a small executable file that resides in system32 folder. It is a generic Windows host process that plays a vital role in keeping all the system and user initiated services stable. Since Task Manager doesn’t provide a detailed information on running instances of svchost executables, you may need Svchost Process Analyzer to analyze the services and applications that run multiple instances of svchost.exe and to identify all the svchost related malwares. It helps you prevent Windows from those malwares and viruses which create a fake svchost.exe file at different locations to exploit user’s access rights; it lists down all the running instances of svchost processes with detailed information, so that you can easily identify malware infected svchost.exe files.

disclaimer - I have nothing to do with the developer whatsoever, nor can I vouch for the efficacy of the app.  I posted it here simply because I figured the functionality may be of interest to others (as it was to me)
« Last Edit: November 15, 2011, 06:23:53 PM by Target » Logged

"Look wise, say nothing, and grunt. Speech was given to conceal thought" - Sir William Osler
Stoic Joker
Honorary Member
**
Posts: 5,257



View Profile WWW Give some DonationCredits to this forum member
« Reply #1 on: November 15, 2011, 06:38:05 PM »

It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV
Logged
Target
Honorary Member
**
Posts: 1,402



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: November 15, 2011, 06:52:41 PM »

It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV

I guess I would probably ignore most of the warnings, undecided

The interesting bit for me was being able to see what initiated or was using the service host process...
Logged

"Look wise, say nothing, and grunt. Speech was given to conceal thought" - Sir William Osler
Stoic Joker
Honorary Member
**
Posts: 5,257



View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: November 15, 2011, 08:54:38 PM »

True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at. smiley


I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

...In a pinch, but its lacking the file name/path info does make your GUI there interesting.
Logged
Target
Honorary Member
**
Posts: 1,402



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #4 on: November 15, 2011, 09:02:34 PM »

True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at. smiley

 Thmbsup

Quote
I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

didn't know about that one, thanks!!
Logged

"Look wise, say nothing, and grunt. Speech was given to conceal thought" - Sir William Osler
JoTo
Super Honorary
Charter Member
***
Posts: 234



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: December 21, 2011, 04:29:42 AM »

Thanks for pointing that out.

I always searched for such a tool. I'll give it a try and see what it can dig out for me smiley If it at least fiddles out 50% of all these svchost processes for me and tell me whats under the hood, i'd consider it a very useful tool.

Greetings
JoTo
Logged
techidave
Supporting Member
**
Posts: 960


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: December 21, 2011, 05:32:30 AM »

Thank you Target for letting us know about the Svchost Process Analyzer.  I just ran it on my Win 7 machine and out of 14 processes it found 1 in the System32 folder that didn't have any file info with it.

Hmmm, now if I only knew what put it there?  undecided
Logged
Ath
Supporting Member
**
Posts: 2,212



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: December 21, 2011, 06:14:32 AM »

Hm, don't know how useful or effective it is, it's complaining that over half of the running processes, with dll's from the system32 directory, it can't find the file? Weird, as it claims compatibility with x64 Windows. And the advice is to 'Check with Security Task Manager' a product to be bought from that same site; sounds like one of those "helpful free security tools" that are designed to trick you into buying something you don't need undecided
Logged

JoTo
Super Honorary
Charter Member
***
Posts: 234



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #8 on: December 21, 2011, 06:28:13 AM »

For me, on WinXP-32, after a first and quick test, it worked fine. Found all processes and showed me all dlls under the hood. *Shrug* Cannot speak for Win7-x64 right now...that test comes next. smiley

For me, at least, i'll keep this tool in my collection. And i only see the advertisement for Taskmanager when i click on the link in the bottom left corner of the main window. Not very intrusive IMO.

Greetings
JoTo
Logged
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: December 21, 2011, 09:50:18 AM »

And the advice is to 'Check with Security Task Manager' a product to be bought from that same site; sounds like one of those "helpful free security tools" that are designed to trick you into buying something you don't need undecided
I was about to post a similar thought.  I downloaded and ran Svchost Process Analyzer on my Win7 64-bit desktop.  It issued 89 warnings, and found all kinds of supposedly atypical things that should be checked with Security Task Manager.  Yeah, right.  I totally agree with Ath, and I've now deleted Security Task Manager Shill, aka Svchost Process Analyzer.  thumb down
Logged
Target
Honorary Member
**
Posts: 1,402



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: December 21, 2011, 05:31:47 PM »

worth noting that I wasn't promoting this tool as anything other than potentially useful, nor did I vouch for it's effectiveness.

from the feedback it sounds like there might some issue with Win7 64 - a bit of research should confirm or deny that (let us know what you find out) 

the idea of being able to identify what's behind those processes is sound and useful (those processes have bugged me for years), but dumping it on the basis of cross promotion seems a little shortsighted

YMMV
Logged

"Look wise, say nothing, and grunt. Speech was given to conceal thought" - Sir William Osler
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #11 on: December 21, 2011, 05:55:38 PM »

dumping it on the basis of cross promotion seems a little shortsighted

I didn't dump the software simply because of the crass--oops, I mean cross promotion.  I dumped it also because it seemed to me highly unlikely that a relatively new, carefully maintained, well-performing computer that has repeatedly passed all AV and malware scans would have 89 problematic situations with svchost.exe.  The fact that all 89 carried with them the statement that they should be checked with Security Task Manager simply made me all the more distrustful. 
Logged
Curt
Supporting Member
**
Posts: 6,338

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #12 on: December 21, 2011, 06:03:21 PM »

Thanks for telling about Svchost Process Analyzer


if you're like me and you've been wondering just what all those service host processes were doing ...

When I do wonder, I click on my task manager..., AnVir Task Manager Pro, that is:




-forgive me for being too lazy to first change the language settings into English.
« Last Edit: December 21, 2011, 06:11:31 PM by Curt » Logged
Target
Honorary Member
**
Posts: 1,402



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: December 21, 2011, 06:07:43 PM »

hehe, distrust is good Thmbsup
Logged

"Look wise, say nothing, and grunt. Speech was given to conceal thought" - Sir William Osler
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.046s | Server load: 0.07 ]