There may come a time when you might want to find out what a process does on your Windows computer. This post will show you how to proceed. We have already covered several Windows processes like rundll32.exe, winlogon.exe, Service Host SysMain, AppVShNotify.exe, lsass.exe, etc. in separate posts, now this post will show you how you go about doing it.
How to find out what a Windows process does?
The way to identify or learn more about any Windows 11/10 process is as follows:
- Open Task Manager
- Locate the process
- Right-click on it and select Open file location
- Where does it take you?
- The System32 folder – Then its likey an OS process
- If it is not situated in the Windows folder, it is likely a non-OS 3rd-party process.
- Now locate the said file in the folder and right-click on it
- Select and open Properties and then open the Details tab
- Do you see the Product Name or Copyright as Microsoft?
- If yes, it is a legit Microsoft process.
- You don’t? Then it is not a Windows OS file.
Checking the File location and Properties gives the real picture, but remember-
- Just because a file is located in the Windows or System32 folder does not make it a legit Microsoft or Windows OS file!
- Just because a file name is similar to another which belongs to a legit software, does not mean that this file could be associated with that software.
Microsoft and most legit software companies will always digitally sign their file. So checking the Details tab is also important.
A legit Windows OS file will always mention the details as shown above.
You may also Check for Verified Publisher or File Integrity with Hash Value.
Read: How to find out Application Process ID on Windows
If you have located the file in the Task Manager, you can also right-click on it and select Search online.
Your favorite search engine will open and tell you about it.
Don’t just visit any site, but identify a couple of the genuine sites from the results and visit them to get more information about the process.
If you are looking for information about a process, you can also search for it here and see if it is available.
How do you see what a process is doing Windows?
You can use any one of these methods to tell which process is locking or using a file in Windows 11/10:
- Check the process that is locking a file using Resource Monitor.
- Use SysInternals Process Explorer to identify the process that is locking a file.
- Find out through Command Prompt using the Handle tool.
- Use OpenedFilesView freeware to identify the process holding a file.
How do I get a list of processes in Windows?
To find all processes using WMIC in Windows 11/10, follow these steps:
- Press Win+X to open the WinX menu.
- Select the Windows Terminal option.
- Enter this command: wmic process list
- Find the details on the Windows Terminal window.
How to check if a file is malicious or not in Windows?
These are the ways to check if a program file is a virus or not before installing it on your PC:
- Basic steps
- Right-click the file and scan it with your security software
- Get it scanned with an Online Malware Scanner
- Check for Verified Publisher
- Verify File Integrity with Hash Value
- Use the Windows Sandbox feature.
Read: How to find Process Start and End Time in Windows
How to find Process PID in Windows?
You can find the Process ID of an application in four different ways:
- Through Task Manager
- Through Command Prompt
- Through Resource Monitor
- Through PowerShell
I hope you find this small tip useful.
