Windows

How to use Sysinternals in real life

Sysinternals may sound complicated. This piece gives you four tools and utilities that aren't reserved or admins and geeks.
J
  • Jim Richards,
  • 3 months ago
  • Editor Informer Technologies, Inc.

How to use Sysinternals in real life How to use Sysinternals in real life

In the earlier related pieces, we explored how Windows Task Manager can be used to monitor the performance of your system and spot abnormalities. If you’ve missed those posts, here are the links:

These articles are more or less a launchpad, 101 on the integral peephole into the under-the-hood world of Windows. This post takes you a step further and introduces Sysinternals, a suite of advanced utilities and tools that enable finer troubleshooting and optimizing.

A brief historical memo for Sysinternals

The set was created in 1996 by Mark Russinovich and Bryce Cogswell, who already were accomplished software engineers at that time. Up to 2006, Sysinternals was an independent project, and then it was acquired by Microsoft. Mark Russinovich continued to work with the giant after acquisition, graduating to the position of CTO of Microsoft Azure; Bryce Cogswell stuck around up to 2010, then left, but continues to contribute to the suites of Windows utilities designed for system recovery, diagnostics, and performance enhancement.

From the outset and to this day, Sysinternals remains a go-to free resource for system administrators, security analysts, and advanced users.

Sysinternals for optimization and malware detection: key tools

As of early 2025, the Sysinternals suite includes more than 70 individual tools and utilities. Most of them are very specific in their purpose, being a high-precision remedy for this or that malfunction. Below, you’ll find the description of those that can be useful routinely, in real-life scenarios most users can relate to.

1. Process Explorer

This is actually an advanced replacement for Task Manager. Process Explorer can do the following:

  • display details about running processes, including their parent command lines, loaded DLLs, and open handles;
  • integrate with VirusTotal (a cool antivirus web service; Informer catalog has a standalone VirusTotal uploader) to check processes for known malware;
  • show digital signatures and search for suspicious DLLs or handles;
  • identify resource-heavy or unnecessary processes and terminate or investigate them.

The list above is non-exhaustive, but it gives the idea that Process Explorer can be the go-to tool when something about the system feels weird.

2. Process Monitor

This tool reports system activity related to processes, file system, registry, and network in real time. Here are a couple of useful features of Process Monitor:

  • powerful filtering that enables tracking suspicious actions, such as registry changes or file modifications typical of malware;
  • slowdown diagnosing through finding the processes causing excessive I/O or registry changes.

Thus, when you suspect there’s a worm in your Windows, or the core heats up when it shouldn’t, Process Monitor will help to find out what is really going on.

3. Autoruns

This one is not unlike the built-in Autorun manager in Windows. It allows doing similar things plus:

  • lists some programs that may go under the radar and launch at startup silently;
  • highlights unsigned or suspicious auto-start entries, checks them for telltale signs of malware;
  • lets you disable or remove unwanted or malicious startup items to streamline booting and improve
  • system responsiveness.

This utility can (and should) be used on a regular basis, like once every six months.

4. Sysmon

The acronym hides the words “System Monitor”, the full name of the tool designed to do the following jobs:

  • keeping the detailed log of system activities, including timestamps and sundry data on process creation, network connections, and file changes;
  • enabling post-event investigations by providing forensic-level information that greatly simplifies detection of some advanced threats.

Of course, no one wants to go through a catastrophic event, but if you do, and don’t learn the lesson, the situation will definitely recur. Sysmon gives everything needed to turn that lesson into valuable guidelines.

Installing some of the most popular Sysinternals tools and components is easy with Software Informer, a lightweight and free software explorer and updater:

Download Software Informer

Author's other posts

Great AI-driven résumé builders (2025)
Article
Great AI-driven résumé builders (2025)
Most people on this planet have to hunt for a job, many of them — repeatedly. Here are five great AI-powered resume builders that simplify the process and offer other useful tools.
Eight things to do after upgrading from Windows 10 to Windows 11
Article
Eight things to do after upgrading from Windows 10 to Windows 11
Ultimately, you will have to upgrade from Windows 10 to Windows 11. Here are the steps you need to take after the migration.
Apple Glasses, revisited: what’s known in the middle of 2025
Article
Apple Glasses, revisited: what’s known in the middle of 2025
Meta's Zuckerberg and OpenAI's Altman see eyewear as the future AI assistant. Apple Glasses might emerge by 2026 with top-notch AI features.
Personal AI assistants: visions by Meta and OpenAI
Article
Personal AI assistants: visions by Meta and OpenAI
Mark Zuckerberg pitches "Personal Superintelligence" AI glasses, aiming to empower users with style and tech. How do they compare to OpenAI's voice-controlled earbuds?