3 basic tips to check if a Windows process is legitimate or a potential malware threat to your PC.
If you go into Windows Task Manager, you will have noticed that there are a lot of processes running on your PC. Some of them you probably know, but there are also many processes that are very difficult to identify just by their name.
Open the Task Manager and look for the taskhostw.exe process : do you know what it does? Are you sure it’s not a virus? In this case we are talking about a system executable that is responsible for starting Windows services based on DLLs, but this is just an example: the manager is full of unknown processes. How can we know if they are really a virus ?
How to tell if a Windows process is safe or a potential malware
First, let’s talk about the bad news: Windows doesn’t have a magic button to guess whether one of these multiple processes with unpronounceable names is trustworthy or not. Luckily, there are a couple of “tricks” we can employ to make them easier to identify.
Step 1: Check the file location
- Open Windows Task Manager.
- Right-click on the process you suspect and select “Open file location.”
If the file is located inside the “System32” folder , it is most likely a Windows system process. This is a good sign, but to make sure it is not malware, we will perform an additional check.
Note: If the file is not in the “System32” folder, it probably means that it is a process that is not part of Windows. In other words, it is an executable developed by a third party.
Step 2: Verify that the file is digitally signed
- Open Windows Task Manager.
- Right click on the process and select “ Properties ”.
- Go to the “ Details ” tab and review the “ Copyright ” and “ Product name ” fields.
Is the file copyrighted or a product of a well-known company such as Microsoft, Intel, AMD or similar? If so, this is a safe process. If you have any doubts, you can also check the “ Digital Signatures ” tab to complete the legal information for the file.
Any legitimate company like Microsoft, Intel, etc. always digitally sign their files . So if a process has any of these fields unfilled, it is a clear cause for concern.
Step 3: Do an online search
- Open Task Manager.
- Right click on the process and select “ Search online ”.
This action will open the browser and perform a search on Bing to show you information related to the process we are investigating. Review the results and you will be able to get a more detailed view of the function it performs, or if it is a possible virus or threat to your PC.
Finally, remember that you can also analyze the process by uploading a copy of the file to the VirusTotal website . This online application will analyze the file against the databases of many antivirus programs and will warn you if it poses a problem for the integrity of your system.