none
Fiinding the path of the parent and children of processes RRS feed

  • Question

  • I'm using Resource Monitor to track suspicious processes. Can resmon do it, or what utility can I use to track both. I'm getting these processes that pop up for a split second to turn a process on and I cant get the process name before it deletes itself. Also, I'm looking for  a website that's better than file.net which will give me a better idea of the % of a process being malicious depending upon its path.

    thanks for any help.

    Friday, August 23, 2019 12:26 AM

All replies

  • Sysmon is a tool created for just this scope.. it continuously monitor the system for a series of event like process creation and deletion.. it works as a system driver and has an own Event Log where you can find everything..

    If you want to monitor "one time" and in real time, you can use Process Monitor.. it records everything  related to process creation and deletion, so you can trap your ghost processes easily..

    So, if you can repro the problem uses Process Monitor.. if you don't know when this happens and want to track everything, use Sysmon.

    HTH
    -mario

    Friday, August 23, 2019 7:21 AM