Microsoft Windows has an extensive list of admin tools available for free on the web. But none of those Tools can beat the diversity of Sysinternal Tools. Sysinternal tools are totally free which can perform almost any task including Administrative tasks, keeping track of files and registry keys your applications are using, virus protection, and much more.
These tools are used by almost every daily computer user. The most important tool of Sysinternal is Process Explorer with an array of features at its hand. Before getting started let me tell you what Sysinternal tools have to offer to us.
The Sysinternals tools website has divided the utilities into six major categories:
- File and disk
- Networking
- Process
- Security
- System information and miscellaneous.
What are Sysinternal Tools?
The SysInternals tools cover a collection of Windows apps that can be downloaded for free from the Microsoft TechNet website’s SysInternals section. They’re all portable, so you can use them from any PC without having to install them. Indeed, you can use Sysinternals Live to execute them without installing them (which we’ll show you how to do later in this article).
There are multiple additional administrative tools built into Windows, as well as those available for free on the web or through commercial sources, but none are as indispensable as the SysInternals set of tools. There are free tools for practically any administrative duty, from monitoring and initiating processes to looking under the hood to discover what files and registry keys your apps are really accessing.
How To Get Sysinternal Tools?
It’s as simple as going to the SysInternals website, downloading the zip file including all of the utilities-Sysinternal Suite, or simply downloading the zip file for the specific application you wish to utilize.
In any case, unzip the file and double-click the program you want to use. That is the end of the discussion. There isn’t a set-up program.
What is Sysinternal Live Tool
You may always use Sysinternal Live if you don’t want to bother with downloading, unzipping, and then running the application, and you don’t want to keep a USB drive updated with the newest versions, or you simply don’t have access to your drive while working on someone else’s machine. Essentially, the SysInternals team wondered whether they could discover a new approach to distribute their software a few years ago. AS a result, they set up a Windows file share on their server and made it accessible to anyone on the internet.
How To Run Sysinternal Live
- Open the Run by pressing Windows Logo key + R.
- You may access their file sharing and poke around by typing live.sysinternals.com tools.
Note that the server share format is referred to as a UNC (Universal Naming Convention) path, and it can be used in Windows almost anyplace. It can be used in the explorer address bar, file open and save dialogue boxes, and any other place where a file path would be used. The Tools folder is perhaps the handiest, as it has a list of all of the different utilities that can be accessed with just a mouse click.
Running any Sysinternal utility is simple. Just use the below-mentioned format and instead of “tools”, write the name of the specific tool you want to run.
\\live.sysinternals.com\tools\For instance, procexp.exe is an executable name for Process Explorer. You can open Process Explorer with \\live.sysinternals.com\tools\procexp.exe. Another way is to or run Process Monitor with procmon.exe.
A security warning dialogue will open up. Of course, you can’t let anything run in your Windows. We recommend simply downloading and installing a copy of the tools on each PC you use instead of running Live Sysinternal Live every time.
10 Best Sysinternal Tools You Must Know
Although it is almost impossible to talk about every single Sysinternal tool in just one article, here are some 10 best le description, tools with a little description. Also, there will be some detailed info about Process Explorer as it is the Best Sysinternal tool out of all.
PsList & PsKill
These are basically tools but use them together, that’s why I mention them together. The PsList allows you to see the process causing trouble which then can easily be killed by PsKill.
Process Explorer
It’s basically a task manager Utility and used to check files and resources. We will discuss it later in this article so read to the end.
ZoomIt
ZoomIt is the best tool when giving a presentation or simply you want to zoom a specific part of the screen.
PsLoggedOn
It uses registry scans to look for key HKEY_USERS to check which profiles are loaded in the system. This shows how many and who is logged on any different sessions on your PC.
Autoruns
Autoruns steps in to rescue the day when malware enters. This Sysinternals tool lets you examine almost everything that is loaded automatically on your computer and allows you to disable it with a simple checkbox.
Contig
It is a helpful single file Defragment Utility that helps to troubleshoot the file defragment problem.
Disk2vhd
The main purpose of this Sysinternal tool is to take snapshots of the whole disk for backup purposes. This also allows the users to take snapshots of your PC at Scheduled intervals without interrupting any other process or activity.
MoveFile
At times files are needed to be moved or deleted to help clear something off a PC (like malware/bots/viruses). And users are, sometimes, unable to do this because those files are in use, which stops any actions on the files until they are closed or the computer is reboot. Here, MoveFile comes and offers an API that selects files for move/rename/delete at the next reboot of the Windows system.
PSFile
PSFile tool is the best to check for any open files on file servers of your computer.
Sync
Syn tool is one of the best Sysinternal tools. It does exactly what its name implies. By using sync you can easily flush cached file system data to disk. It helps in situations like Lost System Information when the system crashes. You can even set scheduled syncs to make sure your cached data is being flushed to disk from time to time.
What is Process explorer?
Process Explorer was created by Mark Russinovich under the moniker Sysinternals and was officially purchased and owned by Microsoft. It is not, however, pre-installed on the Windows operating system. Regardless, it’s an effective tool. It may appear challenging to use at first.
Since 2001, Process Explorer has been used as a task manager and system monitor. It used to function on Windows 9x, but the contemporary versions only support Windows XP and higher, and they’re constantly updated with new capabilities for modern Windows versions. It’s the de facto industry standard for troubleshooting.
How to scan for viruses in Windows using Process Explorer?
If you want to figure out if there is any virus in your PC, you can do it by using Process Explorer version 16 or above. Because the manufacturers have added VirusTotal integration directly into the application. Simply right-click on anything in the list to see the option. Just like shown in the picture:
- First of all, Download Process Explorer and extract it. There will be two versions after extraction: one for 32-bit Windows and one for 64-bit Windows. For your PC, you select the appropriate version of Process Explorer.
- The terms of usage will pop up when you click on the program’s installation file. Here, click Agree to continue with the installation.
The primary interface of Process Explorer appears on the PC shortly after that. The statistics program will show you all of the processes currently executing on the computer.
- Select Options> VirusTotal.com> Check Virus Total.com from the software’s main interface.
Virus Total users can see the virus scan results on Process Explorer in the outermost column. The virus scan index is 67, and the number of viral scanners that detect the virus process is 0. A red warning will appear if the program contains malicious code or has a virus infestation.
PROTECT YOUR PC FROM THREATS NOW BY THESE BEST ANTIVIRUS & ANTI-MALWARE
- Simply click on the red parameter to be sent to the Virus Total website, where you can check your red alert programme further. The user will now have access to additional information regarding the malware. If you suspect a process, right-click on it and select Kill Process, or use the Del key to kill it.
- If a process cannot be checked or if you wish to examine it again, click Properties and then Explore to navigate to the presently installed file. To recheck, go to Virus Total and click the Submit button.
What Process explorer tool of Sysinternal has to offer?
Process Explorer offers a feature to examine digital signatures in addition to checking the viruses of processes operating on the computer. Verify Image Signatures from the Options menu. This option checks the active file’s signature to see whether it’s suspicious.
The message No signature was present appears if the Verified column is empty. This indicates that the application hasn’t been verified. An unknown tool is responsible for some situations. So, installed a virus scanner and used Microsoft’s Process Explorer software to look for harmful code on your machine.
So, that’s it for now. You can explore the utility of Sysinternal tools by going to Microsoft’s Official Site. And if you are really thinking to get benefited from Sysinternal tools, Process Explorer must be your first choice. Subscribe to our website for more technical information to help your Windows user experience be more friendly and easier.
Full List Sysinternal Tools – Download URLs
Some of them are outdated/incompatible with Windows 10, but worth trying.
| accesschk.exe | Disk2vhd.chm | pagedfrg.exe | pssuspend.exe | Volumeid.exe |
| accesschk64.exe | disk2vhd.exe | pagedfrg.hlp | pssuspend64.exe | Volumeid64.exe |
| AccessEnum.exe | diskext.exe | pendmoves.exe | Pstools.chm | whois.exe |
| AdExplorer.chm | diskext64.exe | pendmoves64.exe | psversion.txt | whois64.exe |
| ADExplorer.exe | Diskmon.exe | pipelist.exe | RAMMap.exe | Winobj.exe |
| ADExplorer64.exe | DISKMON.HLP | pipelist64.exe | RDCMan.exe | WINOBJ.HLP |
| ADInsight.chm | DiskView.exe | PORTMON.CNT | readme.txt | Winobj64.exe |
| ADInsight.exe | DiskView64.exe | portmon.exe | RegDelNull.exe | ZoomIt.exe |
| ADInsight64.exe | DMON.SYS | PORTMON.HLP | RegDelNull64.exe | ZoomIt64.exe |
| adrestore.exe | du.exe | procdump.exe | Reghide.exe | |
| adrestore64.exe | du64.exe | procdump64.exe | regjump.exe | |
| arm64 | efsdump.exe | procexp.chm | RootkitRevealer.chm | |
| Autologon.exe | Eula.txt | procexp.exe | RootkitRevealer.exe | |
| Autologon64.exe | FindLinks.exe | procexp64.exe | ru.exe | |
| autoruns.chm | FindLinks64.exe | procmon.chm | ru64.exe | |
| Autoruns.exe | handle.exe | Procmon.exe | sdelete.exe | |
| Autoruns64.dll | handle64.exe | Procmon64.exe | sdelete64.exe | |
| Autoruns64.exe | hex2dec.exe | PsExec.exe | ShareEnum.exe | |
| Autoruns64a.dll | hex2dec64.exe | PsExec64.exe | ShellRunas.exe | |
| autorunsc.exe | junction.exe | psfile.exe | sigcheck.exe | |
| autorunsc64.exe | junction64.exe | psfile64.exe | sigcheck64.exe | |
| Bginfo.exe | ldmdump.exe | PsGetsid.exe | streams.exe | |
| Bginfo64.exe | Listdlls.exe | PsGetsid64.exe | streams64.exe | |
| Cacheset.exe | Listdlls64.exe | PsInfo.exe | strings.exe | |
| Clockres.exe | livekd.exe | PsInfo64.exe | strings64.exe | |
| Clockres64.exe | livekd64.exe | pskill.exe | sync.exe | |
| Contig.exe | LoadOrd.exe | pskill64.exe | sync64.exe | |
| Contig64.exe | LoadOrd64.exe | pslist.exe | Sysmon.exe | |
| Coreinfo.exe | LoadOrdC.exe | pslist64.exe | Sysmon64.exe | |
| Coreinfo64.exe | LoadOrdC64.exe | PsLoggedon.exe | tcpvcon.exe | |
| CPUSTRES.EXE | logonsessions.exe | PsLoggedon64.exe | tcpvcon64.exe | |
| CPUSTRES64.EXE | logonsessions64.exe | psloglist.exe | tcpview.chm | |
| ctrl2cap.amd.sys | movefile.exe | psloglist64.exe | tcpview.exe | |
| ctrl2cap.exe | movefile64.exe | pspasswd.exe | TCPVIEW.HLP | |
| ctrl2cap.nt4.sys | notmyfault.exe | pspasswd64.exe | tcpview64.exe | |
| ctrl2cap.nt5.sys | notmyfault64.exe | psping.exe | Testlimit.exe | |
| Dbgview.chm | notmyfaultc.exe | psping64.exe | Testlimit64.exe | |
| Dbgview.exe | notmyfaultc64.exe | PsService.exe | Vmmap.chm | |
| dbgview64.exe | ntfsinfo.exe | PsService64.exe | vmmap.exe | |
| Desktops.exe | ntfsinfo64.exe | psshutdown.exe | vmmap64.exe |
