The newest version of Process Explorer has been released, along with the previously promised inclusion of VirusTotal. The integration, announced last October as a "coming soon" means that with a few clicks of the mouse, questionable processes that appear in the task manager on Windows can be checked for legitimacy.
The feature was announced officially on Wednesday:
"When enabled, Process Explorer sends the hashes of images and files shown in the process and DLL views to VirusTotal and if they have been previously scanned, reports how many antivirus engines identified them as possibly malicious. Hyperlinked results take you to VirusTotal.com report pages and you can even submit files for scanning."
Many moons ago, if a process running in task manager looked questionable, I needed to Google the name and hunt for reports. Something like this would have shaved lots of time off my workload.
I was excited to see this release finally, and tested it as soon as the download completed.
Just right click on the process name, and send its hash to VirusTotal. On the right side of the window, a column for VirusTotal results will appear allowing you to click on the value in order to open a browser tab to the full results. In addition, you can submit files directly if needed.
It should be noted that while this is an awesome addition to the Sysinternals suite, it won't be perfect. AV engines and signatures update constantly, and while a file could come back clean today, it might be labeled a threat tomorrow. This new feature will be rather useful for initial investigative steps, but it can't be the entire investigation.
If you regularly use Process Explorer, the update to version 16 is worth the few seconds you'll need to download it.