Process Explorer and VirusTotal

Published: 2015-07-17
Last Updated: 2015-07-17 16:37:40 UTC
by Didier Stevens (Version: 2)
2 comment(s)

About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.

Did you know you can have all EXEs of running processes scanned with VirusTotal?

In Process Explorer, add column VirusTotal:

Enable VirusTotal checks:

And accept the VirusTotal terms:

(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file).

And now you can see the VirusTotal scores:

Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. I'll showcase more tools in upcoming diary entries.



Didier Stevens
Microsoft MVP Consumer Security

2 comment(s)


If you don't have direct access to the internet, you'll need to specify a proxy. Unfortunately, it won't take IE's proxy setting, you'll need to set it via netsh:

backup your settings:
netsh winhttp show proxy

set the proxy
netsh winhttp set proxy <ip addr>:<port>

Don't forget to reset your proxy settings when you are done:
netsh winhttp reset proxy (or the appropriate command from your backup)
Thanks Didier. I have been trying to find a way to make the autorunsc program work through our proxy. However when I set the WinHTTP proxy, the autorunsc program does not seem to use it (still attempts to go direct which fails). Have you or anyone else here found a solution?


Diary Archives