• Posted on November 17, 2012

Beginning with Process Monitor

Process Monitor (TechNet ProcMon) is a great tool for figuring out what exactly a program is doing. Either it be seeing what files it’s writing, network activity, registry, or what have you. You can quickly look through the activity and know what’s doing.

Now, using this to determine if software is safe to run on a computer is risky. Process Monitor does not run the programs in a “Sand Box”, so if you do execute the possibly unsafe program, it can cause harm to your computer. But if you are doing research on specific malware or virus’s (risky), you can use Process Monitor to learn more about it, but don’t run it on your computer. At least run it in a virtual machine that you can easily wipe clean.