How to Scan Running Processes in Windows for Virus & Malware

Suspect a running Windows process? Here’s a simple way to scan all running Windows processes for any virus, malware, or trojan threats.

At any given time, there are several processes that are running in parallel in Windows. These processes are required by the running application to get the job done. In fact, if you open the Task Manager and go to the “Processes” tab, you can see a list of hundreds of processes.

It is a known fact that Windows is the primary target for all kinds of viruses, malware and other types of threats. To combat that, Windows has several antivirus and anti-malware software. In fact, Windows even has its own antivirus software called Windows Defender built into it. This antivirus software can not only scan your system automatically or on-demand but even provides real-time protection. Often, antivirus software can easily scan any running process of threats. However, if you want to manually check if a process is safe or not, you have to use specialized process scanning tools in Windows.

So, in this quick article, let me show how you can scan Windows processes for virus or malware threats and determine if they are safe to run or not.

Scan Running Windows Processes

Most antivirus software doesn’t provide any way to scan just the running processes. The good thing is, you don’t have to use full-fledged antivirus software to scan processes.

We are going to use a free Microsoft tool called Process Explorer. The advantage of Process Explorer is that it uses a free service called VirusTotal to scan the running Windows processes. In case you don’t know, VirusTotal is a cloud-based antivirus service that uses more than 60 different antivirus engines to scan any given program, process, or file. Though sounds complicated, it is pretty easy to do with Process Explorer. Let me show you how.

Steps

1. First, go ahead and download Process Explorer from the Microsoft website. Once downloaded, open the ZIP file and extract its contents to a folder on the desktop.

Scan-windows-processes-extract

2. Now, depending on your system architecture right-click on the relevant EXE file and select the “Run as administrator” option. For example, I’m on a 64-bit system so I’m using procexp64.exe file.

Scan-windows-processes-run-as-admin

3. After opening the Process Explorer, you will see a huge list of all running processes. To scan the processes, select the “Options → VirusTotal.com → Check VirusTotal.com” option.

Scan-windows-processes-select-virustotal

4. Now, you will be prompted to agree to the license terms. Click “Yes”.

Scan-windows-processes-agree

5. As soon as you do that, Process Explorer will submit all processes to VirusTotal. Once the scan is done, you can see the score under the “VirusTotal” column.

Scan-windows-processes-scan-results

6. If you want to check an individual process, right-click on the target process and select the “Check VirusTotal” option.

Scan-windows-processes-individual-process

7. If there is any suspicious process, it will be highlighted with the Red color. Click on the VirusTotal score and you will see which antivirus engine flagged the target process.

Scan-windows-processes-flagged

Do keep in mind that there will be false positives. For example, in my case, one of the antivirus engines of VirusTotal flagged “UploaderService.exe” as a potential threat. However, that is not the case and it is a genuine process. So, don’t freak out if you see a bunch of processes being flagged as threats. Just do some googling about the processes to learn more.

That is all. It is that simple to scan running processes in Windows. If you are stuck or need some help, comment below and I will try to help as much as possible.

Leave a Comment

Scroll to Top