So, what Exactly are SysInternals Tools?
Sysinternals tools are free, small and portable but are widely used by professionals and geeks as they are much more powerful and useful than the built-in Windows tools. In fact, if you want to know whether someone is good at troubleshooting Windows, just ask them about the Sysinternals tools. If they can tell and discuss with you then they are probably good. If not, just stay away from them. Being the so called “tech guy” for my friends and family, I do carry the entire Sysinternals suite with me all the time to troubleshoot their systems. So, here are some of the best Sysinternals tools that every Windows user should have.
5 Sysinternals Tools For Windows
1. Process Explorer
Process Explorer is one of the best and most used Sysinternals utility. As the name implies, the simple yet advanced tool lets you know everything about every processor and DLL opened and active in your system. You can think of Process Explorer as the Task Manager on steroids. Some of the things Process Explorer could do include but not limited to see all the processes and DLLs, see which process has a lock on which file or folder, kill or suspend processes, set process priority, check processes using Virustotal, accurate graphical statistics about CPU, memory and I/O usage, a tree view to show processes and their dependencies, etc. After using the tool for some time, you can actually replace the Windows Task Manager with Process Explorer (Options > Replace Task Manager) in a click or two if you like. Of course, the more you use the application, the better it gets. How to use: Just download the file, extract and execute the “procexp.exe.” Being a portable application, there is no need for any installation. To kill a process, simply select the process and press the “Delete” key. To scan a process, select the process, navigate to “Options > Virustotal.com” and then select “Check Virustotal.com”.
2. Autoruns
More often than not, every program you install on your system will add itself to the system startup. This helps the application to be ready for use as soon as the system starts. However, the most applications are in the startup queue, the slower system startup will be. Not only programs but there will several things that start with Windows like scheduled tasks, services, drivers, codecs, Explorer shell extensions, browser helper objects, toolbars, etc. To deal with this, you can simply use the Autoruns application. It provides all the necessary options to manage the startup items. Moreover, it also plays well with Process Explorer. The application’s user interface may look pretty dated but it is neatly divided into categories. Being a powerful application, only disable an entry if you are sure. How to run: Just like Process Explorer, Autoruns is also portable. So, download, extract and execute the application “autoruns.exe”. Once opened, you can disable any autorun entry by deselecting the checkbox. The “autorunsc.exe” file you see in the zip file is the command line version.
3. Process Monitor
If Process Explorer is created to manage and kill processes, Process Monitor is designed to monitor and get information of every process on your system to know what it is doing. For instance, you may want to know what reg keys are being used by a program to store the settings, what processes are accessing the internet, what reg keys are being modified when you are making changes, etc. Process Monitor can monitor a wide range of activities like real-time file system changes, registry activities, thread activities, processes activities, etc. Moreover, the application also has a rich filtering system that lets you narrow down and get extensive information about any process and its activities on your system. As you can tell, this is a pretty advanced tool that is very useful in troubleshooting scenarios. How to use: Download file, extract and then execute the file “procmon.exe”. As soon as you launch, the application will scan for any and all processes on your system. The scan may take some time and the application may even become unresponsive while scanning. So, wait until the scan is completed. After the scan, you will see all the active process. To see the process properties, simply right-click on the process and select “Properties.”
4. TCPview
TCPview is a simple application that lists all the processes that are connected to the internet. Every process that is connected to the internet will be labeled as “Established.” If you want to, you can close the connection from the right-click menu. The good thing about TCPview is it show you the live feed of all the processes with a one-second delay. If you want to, you can change the update rate from the View menu. Moreover, the connections are color coded, i.e. new endpoints are shown in green, updates to endpoints are shown in yellow, and the deleted endpoints are shown in red. How to use: Again, download, extract, and execute the file “tcpview.exe”. As soon as you open the application, you will see all the process with active connections. The “tcpvcon.exe” file you see in the archive is a command line tools that acts like the netstat utility in Windows.
5. SDelete
SDelete is one of those tools that you don’t need often but a must have due to its importance. In case you are wondering, SDelete is a command line tool used to delete files and folders permanently. Files deleted with SDelete are not recoverable even with best of the file recovery tools. The workings of SDelete is simple, it will find the sectors where the file is stored and rewrites those sectors with zeros. Thus, the files are irrecoverable. So, if you ever want to securely delete a file or folder, use SDelete. How to use: As a said before, SDelete is command line tool. To start off, download and extract the file. Now, open the command prompt in the same window by clicking “Shift + Right-click” and then selecting “Open command prompt here.” In the command prompt, execute the below command while replacing the dummy file path with the actual file path. There are also other parameters that you can set to clear free space, delete entire drives, the number of passes, etc. You can get those details from the official download page.
There are more tools in the Sysinternals suite like PStools, PortMon, AccessChk, AutoLogon, Diskmon, Coreinfo, Sysmon, etc., that are helpful in a lot of situations. The good thing is, you can get the entire Sysinternals suite in single zip file. So, download and store it in your pen drive. These tools will be useful when the time comes. Hope that helps and do comment below sharing your thoughts and experiences about using the above tools or to share your favorite Sysinternals utilities.