Windows

How to spot problems in Windows Task Manager

Windows Task Manager can take you beyond monitoring and into detection of unusual activities. Let's see how it works.
J
  • Jim Richards,
  • 10 months ago
  • Editor Informer Technologies, Inc.

How to spot problems in Windows Task Manager How to spot problems in Windows Task Manager

In the previous piece, we’ve given you the basics of Windows Task Manager and a list of essential processes better left alone. This piece considers the built-in tool from a different perspective: not just a monitor but a diagnostic instrument. Ultimately, most if not all noteworthy processes going on under the hood of your computer are reflected here. If it feels like something about the performance of the machine is off, Windows Task Manager may be your first stop on the path of finding the problem and eliminating the root causes thereof.

Symptoms of abnormalities that can be seen in Task Manager

Windows Task Manager isn’t hard to read even for non-techie users. Here are some telltale signs that something in your system is off.

High usage of CPU, memory, network

When you hear the fans kick in at top speed when they aren’t supposed to, or feel that the computer is dragging through a task that previously took milliseconds, open Task Manager and look for:

  • processes that consume an unusually large amount of CPU or RAM without any apparent reason;
  • processes that stir up too much network activity.

While there may be legit reasons behind any such occurrences, it is a good idea to look up the names of such processes online and learn what they actually do (here is the list of essential Windows processes for your convenience). If it looks fishy, save everything important you have going on, and kill them.

Inexplicable names and multiple instances of processes

Most, if not all, legitimate processes you see in the Task Manager’s window have names that suggest some logic or are easily understandable. Thus, a process titled “qwfax8994.exe” or something similar is suspicious and should be investigated. The same goes for processes the names of which look like “expl0rer.exe,” mimicking a trustworthy entry.

As for multiple instances, it’s perfectly fine to see many svchost.exe processes running at the same time, but several identical lines reflecting the operation of a program that is not instantly recognizable should raise a red flag.

Lack of process window and/or proper publisher

The very name of the operating system implies that programs have their windows, even when they run in full screen mode. So, if you see a process in Task Manager but can’t attribute it to a window, this may signal a malicious intrusion attempt or some undercover activity you definitely don’t need in your computer. Please note that this one goes for processes you see in the Apps section of the Task Manager’s table. For those below it, not having a window is perfectly fine.

The publisher of a process can be seen in the Properties window. While there, check Digital signatures and Details for anything suspicious. This one, as opposed to the first piece of advice in this section, pertains to background apps.

Automatic relaunch of a terminated process and improper location

Some malware or rootkits automatically restart after you forcefully shut them down. This may apply to legitimate processes, but if you do see a program that restarts instantly or shortly after being killed, it is a good idea to look up what it is. Moreover, after terminating a suspicious process, come back to Task Manager after several minutes to check whether it has relaunched or not.

As for location, you can see where the process has been launched from in the Properties menu (this applies to Background processes). Most of the legitimate instances originate in Program Files or the Windows folder. If you see a process you don’t recognize, and its location is unknown to you, consider the red flag raised.

How to check apps and processes that look illegitimate in Task Manager

To recap:

  1. Check the name, publisher, location, and digital signatures of the process that looks out of place.
  2. Google the exact name of the respective process; you may add “virus” or “malware” to the query, but it’s not necessary, if there’s a problem, the search engine will fetch you exactly the info you need to remedy it.
  3. Run a full system scan, even if your suspicions proved to be groundless. Find good antivirus software here:

    Informer catalog – Antivirus software

  4. If you want an even better understanding of what’s going on, consider getting Process Explorer, Process Monitor, Autoruns, and TCPView from the Sysinternals package. Please be warned that this exercise may leave you either confused or hooked on the subject and wanting to go down the rabbit hole learn more about how Windows works under the hood.

Author's other posts

Microsoft adds scareware detector to Edge; what about other browsers?
Article
Microsoft adds scareware detector to Edge; what about other browsers?
Edge's brand new AI-powered scareware detector blocks those scare-inducing pop-ups and keeps you safe. Other browsers offer assistance, too.
Apple plans to sell a cheaper MacBook: what is it going to be?
Article
Apple plans to sell a cheaper MacBook: what is it going to be?
Apple's affordable MacBook with a 6-core A18 Pro chip, 8GB RAM, and ~12.9" LCD display is set to launch in 2026. Targeting students, it may start at $599.
Windows 11 23H2 support ends in November; how to upgrade to 25H2?
Article
Windows 11 23H2 support ends in November; how to upgrade to 25H2?
Windows 11 23H2 will soon join Windows 10 in the list of no-longer-supported versions. Here is what you can do about it.
How to improve RAM performance on a Mac: regular and advanced tricks
Article
How to improve RAM performance on a Mac: regular and advanced tricks
Macs are cool. But they can get slow. Here are some efficient ways to free up RAM, boost the computer's performance, and keep it running well.