The default Windows Task Manager does a good job of tracking your PC’s performance, troubleshooting unresponsive programs, and managing startup apps. While it shines when it comes to quick checks, it doesn’t help much when you need to go deeper so you can better optimize your system or troubleshoot issues. That’s when I came across an advanced task manager called Process Explorer.
Process Explorer is developed and maintained by Microsoft—originally created by Sysinternals, which was later acquired by Microsoft. If you spend a lot of time with it, you can get forensic insights on what’s running on your computer without downloading a third-party application. Although it’s mostly used by experts, I found some of its advanced capabilities suitable for my daily needs.
What is Process Explorer?
Task Manager on steroids
Process Explorer is an advanced task manager that shows processes and everything contained within them, including threads, DLLs, handles, TCP connections, and environment variables. It also shows you comprehensive information about system usage, including CPUs, memory, I/O, network, and GPU. Process Explorer is a lightweight application that you can download for free from the Microsoft website.
Understanding Process Explorer
Don’t let the first impression turn you off
When you open Process Explorer, it’s easy to be overwhelmed, especially by the expansive tree-like structure. It essentially shows relationships between processes, with the parent at the top level and the children or subprocesses at the lower levels.
Next to each process are columns that provide information about it. For example, the CPU column displays the amount of resources the processor is using to run the process, Private Bytes is the memory allocated to the particular process (this is not shared with other processes), and Working Set includes the memory it’s using and sharing with others. It’s also quite easy to add more columns, like Username and Window Status, in case I need more information.
You will also notice that some processes are color-coded. Here are the most common colors you will come across and what they mean:
|
Color |
Meaning |
|---|---|
|
Green |
New process |
|
Grey |
Suspended process |
|
Cyan |
Universal Windows Platform (UWP or Windows Store) apps |
|
Pink |
Protected process with restricted access |
|
Yellow |
.NET (dotnet) process |
Process Explorer also provides a system overview of your PC. You can switch between tabs, such as CPU, GPU, and Memory, to see how resources are being utilized on your PC. This is similar to how the Task Manager’s Performance tab shows what’s running on your PC.
How I use Process Manager
It’s mostly to do what Task Manager doesn’t
Process Manager is a deep tool, but for someone like me who needs it for daily tasks, it helps me in a couple of major ways. I have even made it my default task manager to make accessing it much easier.
Diving deep into processes
As mentioned earlier, Process Explorer is better at showing relationships between processes, thanks to its hierarchical tree structure. This makes it easy to follow which process spawned another and which one is dependent on another. I can easily see the parent of a process by double-clicking and seeing what it says next to Parent in the Image tab.
Furthermore, the color-coded processes give instant feedback on what kind of process you’re looking at. There are more color-codes that I can enable in the settings, but that could be too much visual overload—I just enabled the ones I was interested in. I can even tweak their colors in case I don’t want new processes to be green or UWP processes to be yellow.
Process Explorer also has a lower pane that allows me to see the handles (e.g., files and registries), threads, and DLLs a process is using. It’s possible to stop threads and handles in this pane, but it’s not recommended if you’re an average user like me.
Investigating suspicious processes
The tree view also makes it easier to find suspicious processes, especially when they disguise themselves as legitimate apps. It has a built-in integration with VirusTotal—a Google-owned online service that scans files for malware using multiple antivirus engines. It’s easy to check a process through VirusTotal when you right-click a process, and this adds a VirusTotal column with a score.
If the process gets a score like 0/77 in this column, it means that VirusTotal checked 77 antivirus engines, and none of them detected anything suspicious. The score is also a link, and if you click it, it will open a browser window with a more comprehensive report of the scan for free.
Delete or close locked files
Sometimes, it’s impossible to close or delete a file because it’s locked, and there’s no clear way to find out which process is locking it. With Process Explorer, it’s easy to find with the search feature.
You just open the search window (Ctrl + Shift + F), type in the name of the file or folder (partial or full), and initiate the search. Once you click the process, it’s highlighted in the tree, and you can kill it from there. I recommend doing this only when you want to unlock a file, and the process you’re killing is not critical.
It’s still okay to rely on Task Manager
For beginners, Task Manager remains the more user-friendly option because of its ability to perform quick system checks. It also allows you to manage startup programs.
If you have completely ditched the Task Manager like I have, you will have to download a utility from Sysinternals called Autoruns. It also offers more advanced management of what runs when your computer is booting up.
