handy security tool

[Target]

saw this on Addictive Tips

if you're like me and you've been wondering just what all those service host processes were doing this may help - Service host Analyzer

Want to check which user application or Windows utility initiated a specific instance of svchost.exe process? The svchost is basically a small executable file that resides in system32 folder. It is a generic Windows host process that plays a vital role in keeping all the system and user initiated services stable. Since Task Manager doesn’t provide a detailed information on running instances of svchost executables, you may need Svchost Process Analyzer to analyze the services and applications that run multiple instances of svchost.exe and to identify all the svchost related malwares. It helps you prevent Windows from those malwares and viruses which create a fake svchost.exe file at different locations to exploit user’s access rights; it lists down all the running instances of svchost processes with detailed information, so that you can easily identify malware infected svchost.exe files.

disclaimer - I have nothing to do with the developer whatsoever, nor can I vouch for the efficacy of the app.  I posted it here simply because I figured the functionality may be of interest to others (as it was to me)

[Stoic Joker]

It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV

[Target]

It is interesting, but it flagged a bunch of things as can't find/suspect that were standard parts of Windows (Win7 x64 on Domain). *Shrug* YMMV

-Stoic Joker (November 15, 2011, 06:38 PM)

I guess I would probably ignore most of the warnings,

The interesting bit for me was being able to see what initiated or was using the service host process...

[Stoic Joker]

True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at.


I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

...In a pinch, but its lacking the file name/path info does make your GUI there interesting.

[Target]

True, but I find it a bit hard to trust a program that says it can't find a file that I'm looking at.

-Stoic Joker (November 15, 2011, 08:54 PM)

 

I usually just go with:
tasklist /svc /fi "IMAGENAME eq svchost.exe"

didn't know about that one, thanks!!

[JoTo]

Thanks for pointing that out.

I always searched for such a tool. I'll give it a try and see what it can dig out for me If it at least fiddles out 50% of all these svchost processes for me and tell me whats under the hood, i'd consider it a very useful tool.

Greetings
JoTo

[techidave]

Thank you Target for letting us know about the Svchost Process Analyzer.  I just ran it on my Win 7 machine and out of 14 processes it found 1 in the System32 folder that didn't have any file info with it.

Hmmm, now if I only knew what put it there? 

[Ath]

Hm, don't know how useful or effective it is, it's complaining that over half of the running processes, with dll's from the system32 directory, it can't find the file? Weird, as it claims compatibility with x64 Windows. And the advice is to 'Check with Security Task Manager' a product to be bought from that same site; sounds like one of those "helpful free security tools" that are designed to trick you into buying something you don't need

[JoTo]

For me, on WinXP-32, after a first and quick test, it worked fine. Found all processes and showed me all dlls under the hood. *Shrug* Cannot speak for Win7-x64 right now...that test comes next.

For me, at least, i'll keep this tool in my collection. And i only see the advertisement for Taskmanager when i click on the link in the bottom left corner of the main window. Not very intrusive IMO.

Greetings
JoTo

[cyberdiva]

And the advice is to 'Check with Security Task Manager' a product to be bought from that same site; sounds like one of those "helpful free security tools" that are designed to trick you into buying something you don't need

-Ath (December 21, 2011, 06:14 AM)

I was about to post a similar thought.  I downloaded and ran Svchost Process Analyzer on my Win7 64-bit desktop.  It issued 89 warnings, and found all kinds of supposedly atypical things that should be checked with Security Task Manager.  Yeah, right.  I totally agree with Ath, and I've now deleted Security Task Manager Shill, aka Svchost Process Analyzer.  

[Target]

worth noting that I wasn't promoting this tool as anything other than potentially useful, nor did I vouch for it's effectiveness.

from the feedback it sounds like there might some issue with Win7 64 - a bit of research should confirm or deny that (let us know what you find out) 

the idea of being able to identify what's behind those processes is sound and useful (those processes have bugged me for years), but dumping it on the basis of cross promotion seems a little shortsighted

YMMV

[cyberdiva]

dumping it on the basis of cross promotion seems a little shortsighted

-Target (December 21, 2011, 05:31 PM)

I didn't dump the software simply because of the crass--oops, I mean cross promotion.  I dumped it also because it seemed to me highly unlikely that a relatively new, carefully maintained, well-performing computer that has repeatedly passed all AV and malware scans would have 89 problematic situations with svchost.exe.  The fact that all 89 carried with them the statement that they should be checked with Security Task Manager simply made me all the more distrustful. 

[Curt]

Thanks for telling about Svchost Process Analyzer

if you're like me and you've been wondering just what all those service host processes were doing ...

-Target (November 15, 2011, 05:59 PM)

When I do wonder, I click on my task manager..., AnVir Task Manager Pro, that is:




-forgive me for being too lazy to first change the language settings into English.

[Target]

hehe, distrust is good