Process Explorer – A Better Alternative To Task Manager

Windows Task Manager is very limited – a much better alternative is Microsoft’s free Process Explorer. Task manager is an integrated utility in all versions of Windows – it can be used to see which processes (programs) are misbehaving/stuck and then kill (close) them.

However, Task Manager is very limited – a much better alternative is Microsoft’s free Process Explorer which has several advantages over Task Manager:

  • Task Manager only displays the names of files but Process Explorer also displays the full description and company name – making it easy to see what a process is for and which company created it. This is particularly helpful in spotting virus processes which often have strange (random) names and no company or description info.
  • Process Explorer also displays the path of each process – i.e. where the file is stored on your hard drive. This can help identify suspicious programs which are often stored in temporary or hidden folders rather than the more usual ‘Program Files’ and ‘Windows’ folders.
  • Task Manager only supports killing a process whereas Process Explorer also lets you suspend it, temporarily stopping it – you can then restart it or kill it. This is important because active viruses often will not let you kill them but they can be suspended – once suspended they are no longer active and can then be killed off completely.
  • Task Manager is built into Windows so is often disabled by viruses to stop you from running it. However, Process Explorer is a standalone program which can be run even if Task Manager is disabled.
  • Process Explorer separates processes from services in simple color coded order (by default, pink = services and purple = processes), making it easier to see which is which. You can see this in the example screenshot below.
  • It groups related sub-processes under a single entry, making it easy to see which relate to which program e.g. the Firefox.exe process has a sub-process called plugin-container.exe that handles plugins such as Flash/Java etc. Task Manager would show these as separate unrelated processes whereas Process Explorer correctly shows plugin-container.exe as a sub-process of Firefox – you can see this in the example below.

Process Explorer is a tiny standalone (portable) program that does not need to be installed. It is part of the Windows Sysinternals suite of free programs available from Microsoft. Click here to download it directly from Microsoft’s Sysinternals site.

Save the file to your computer as a zip (compressed) file then extract the zip file to create a Process Explorer folder. In this folder, double click on the Process Explorer (procexp.exe) application to run the program:

processe

Process Explorer

You can take the following actions by right clicking on a process and choosing from the following menu options:

  • Kill Process – like the ‘End the process’ option in Task Manager, this attempts to close it. Note: some will not let you kill them e.g. antivirus software or viruses.
  • Kill Process Tree – like the ‘End the process tree’ option in Task Manager, this attempts to close the process itself and any sub-processes belonging to it (e.g. in our earlier example, if you kill the Firefox process tree you will kill both Firefox and its sub-process of plugin-container).
  • Suspend – suspends the process. Stops it running but does not kill it – very useful as the first step in killing viruses (once it is suspended the next step would be to Kill Process) or to test if a process is causing problems.
  • Restart – restarts the suspended process. Obviously you wouldn’t want to do this for a virus but it can be useful if you suspended a process for testing.
  • Search Online – opens up a simple Google search of the process file name. Useful if you want to find out more info about it.

Warning: as with Task Manager, killing a virus process does not permanently remove it from your computer! It simply deactivates it temporarily to give you time to delete it properly or use/install antivirus tools to remove it.