Windows

How to use Sysinternals in real life

Sysinternals may sound complicated. This piece gives you four tools and utilities that aren't reserved or admins and geeks.
J
  • Jim Richards,
  • 2 months ago
  • Editor Informer Technologies, Inc.

How to use Sysinternals in real life How to use Sysinternals in real life

In the earlier related pieces, we explored how Windows Task Manager can be used to monitor the performance of your system and spot abnormalities. If you’ve missed those posts, here are the links:

These articles are more or less a launchpad, 101 on the integral peephole into the under-the-hood world of Windows. This post takes you a step further and introduces Sysinternals, a suite of advanced utilities and tools that enable finer troubleshooting and optimizing.

A brief historical memo for Sysinternals

The set was created in 1996 by Mark Russinovich and Bryce Cogswell, who already were accomplished software engineers at that time. Up to 2006, Sysinternals was an independent project, and then it was acquired by Microsoft. Mark Russinovich continued to work with the giant after acquisition, graduating to the position of CTO of Microsoft Azure; Bryce Cogswell stuck around up to 2010, then left, but continues to contribute to the suites of Windows utilities designed for system recovery, diagnostics, and performance enhancement.

From the outset and to this day, Sysinternals remains a go-to free resource for system administrators, security analysts, and advanced users.

Sysinternals for optimization and malware detection: key tools

As of early 2025, the Sysinternals suite includes more than 70 individual tools and utilities. Most of them are very specific in their purpose, being a high-precision remedy for this or that malfunction. Below, you’ll find the description of those that can be useful routinely, in real-life scenarios most users can relate to.

1. Process Explorer

This is actually an advanced replacement for Task Manager. Process Explorer can do the following:

  • display details about running processes, including their parent command lines, loaded DLLs, and open handles;
  • integrate with VirusTotal (a cool antivirus web service; Informer catalog has a standalone VirusTotal uploader) to check processes for known malware;
  • show digital signatures and search for suspicious DLLs or handles;
  • identify resource-heavy or unnecessary processes and terminate or investigate them.

The list above is non-exhaustive, but it gives the idea that Process Explorer can be the go-to tool when something about the system feels weird.

2. Process Monitor

This tool reports system activity related to processes, file system, registry, and network in real time. Here are a couple of useful features of Process Monitor:

  • powerful filtering that enables tracking suspicious actions, such as registry changes or file modifications typical of malware;
  • slowdown diagnosing through finding the processes causing excessive I/O or registry changes.

Thus, when you suspect there’s a worm in your Windows, or the core heats up when it shouldn’t, Process Monitor will help to find out what is really going on.

3. Autoruns

This one is not unlike the built-in Autorun manager in Windows. It allows doing similar things plus:

  • lists some programs that may go under the radar and launch at startup silently;
  • highlights unsigned or suspicious auto-start entries, checks them for telltale signs of malware;
  • lets you disable or remove unwanted or malicious startup items to streamline booting and improve
  • system responsiveness.

This utility can (and should) be used on a regular basis, like once every six months.

4. Sysmon

The acronym hides the words “System Monitor”, the full name of the tool designed to do the following jobs:

  • keeping the detailed log of system activities, including timestamps and sundry data on process creation, network connections, and file changes;
  • enabling post-event investigations by providing forensic-level information that greatly simplifies detection of some advanced threats.

Of course, no one wants to go through a catastrophic event, but if you do, and don’t learn the lesson, the situation will definitely recur. Sysmon gives everything needed to turn that lesson into valuable guidelines.

Installing some of the most popular Sysinternals tools and components is easy with Software Informer, a lightweight and free software explorer and updater:

Download Software Informer

C
CHOL John
CHOL

2 months ago Was it helpful?  yes(1) no(0) | Reply

Author's other posts

Windows system restore points: everything you need to know
Article
Windows system restore points: everything you need to know
As the title suggests, this piece is about everything essential about Windows' built-in system restore points mechanism.
Microsoft plans to support Office on Windows 10 up to late 2029
Article
Microsoft plans to support Office on Windows 10 up to late 2029
Microsoft Office is one of the most popular office suites out there. This is how the company plans to support it on Windows 10 in the upcoming years.
What is “digital pebbling”? You may be practicing it, too
Article
What is “digital pebbling”? You may be practicing it, too
Penguins give each other pebble as tokens of affection. Our "digital pebbling" of cute animal pics online works in the same way, but on a more grand scale.
Your Mac: really useful macOS terminal commands
Article
Your Mac: really useful macOS terminal commands
Always wanted to master the Terminal? This piece is a good start for that journey, covering the basic and truly useful macOS terminal commands.