help to configure Process Explorer

Hi
i have used for a lot of time process hacker , and seeing it's outdated
i want to use Process Explorer v17.04 , i have downloaded 64bit and 32bit

I miss some process hacker information ,like Relative Start Time (when a program started for example 45 mintues ago , Elevation high -> administrator
and others columns that i can't find on process Process Explorer

and can i ask you if does it use a driver?
because i can not find it
I remember i own a driver , I run under w7 64bit and w10 64bit , i guess PROCEXP that could not be deleted

thanks

 

Slightly off-topic just to remind you that Process Hacker has only changed its name
https://systeminformer.sourceforge.io/nightly.php

 

Hi @Wallaby
but is still portable?
i have seeing PROCEXP of process explorer could not be deleted , i have tried on w7 with registry finder as administrator

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROCEXP152

about the new version and name of process hacker ,system informer can import the old process hacker settings?
thanks

 

It is still portable (just download the "binaries" here https://systeminformer.sourceforge.io/nightly.php )

About importing process hacker settings... I don't know (I had to take a snapshot of the screen and recreated them from scratch)
Maybe you could ask them here
https://github.com/winsiderss/systeminformer/issues

 

My favorite use with PE is to set it up as in the image below:

 

hi @Sampei Nihira
have you tested under w7 , it does create a driver called LEGACY_PROCEXP152 or PROCEXP152 , i'm talking about is process explorer
what do you mean for "use with PE"?
thanks
Hi @Wallaby
about system informer should i delete SystemInformer.sys ?
about process hacker (no more avaible )to make portable should be deleted the file a sys file
by the way process hacker is flagged by virus total as malware by 27 AV
thanks

 

What differences, pros and cons, you notice between SI and PE?
I'm thinking to use portable SI.
TIA

 

It is only a change of name because Process "HACKER" was too scary
Same developers same... everything
Read here
https://github.com/winsiderss/systeminformer/discussions/1577

PS
The new driver SystemInformer.sys was signed by Microsoft

 

No
Just copy the whole folder "amd64" (I am on a Windows 10 Home 64bit) somewhere and launch SystemInformer.exe

PS
The other folders inside the zip file are for x86 and for Arm64 CPU's

PPS
Here
https://github.com/PrxyHunter/GeoLite2/releases/latest
you can find the file GeoLite2-Country.mmdb
that if you want to display Country flags in the Network "tag" has to be put into the "installation" folder

 

Thanks but I meant:

Process Explorer I meant, not Process Hacker.

 

I have never gone too deep in the knowledge of the two's, but as far as I am concerned both Process Explorer and System Informer do exactly the same things.
I prefer System Informer for its graphic design (= I like the way it looks compared to Process Explorer)

Let other guys more expert than me to tell more precise characteristics.

 

hi @stapp
thanks for

Hi @Wallaby @Mr.X
but are you sure is it portable?
and is in night version too , a beta version
thansk
hi @Sampei Nihira
how can i remove that registry key ?
thanks

 

It is portable, I am using it regularly.
Even if it is a nightly build it is stable, they make lots uf updates.

 

hi
well I will keep SystemInformer.sys , even i don't know why it does need it , it works even if you rename it
is there a way to let have the red color on virus total when is > than 1?
thanks Wallaby

 

I don't know
Maybe it is better if you ask them on github
Have a nice day

PS
Just pay attention, when you are extracting a new version from the "binaries" zip file, that there is also a 0 byte "SystemInformer.exe.settings.xml"
So don't select it and don't overwrite your SystemInformer.exe.settings.xml (or just make a copy of your SystemInformer.exe.settings.xml somewhere just in case...)

 

system informer rox, process explorer is not that good any longer, dropped.

in special for PE there exist no option to disable this stupid VT requesting, system informer has, and much more. and its portable. /me using the latest build, means beta, working without issues.
https://systeminformer.sourceforge.io/nightly.php (same as above)

SI is still using a SYS file driver, but its no longer flagged from windows defender.

 

But it is not available yet, setup neither exe are not signed, I can not run SI as admin without disabling ValidateAdminCodeSignatures.

So is SI as of now, "only" by 15 AVs though.

Code:

https://www.virustotal.com/gui/file/072bb6f412b64bba338a20603fcc65c512ae73c4ee86f9ead3c39155d4d3af53

Is it not SI based on PE's source code?

 

Amusingly, arm64 version gets flagged only by one A/V.

 

either you meant processhacker, or i am clueless because i dont know.
i switched to processhacker since 2.39 final, turned to nightly and then to systeminformer.
the only tool from sysinternales i currently use is "process monitor" for investigations, but not more.

 

hi
but send to virus total doesn't work on process hacker and systeminformer last build
maybe they have not fixed

 

Sending to other scanners work, but if you have VT enabled, you do not really need it?

 

pardon?
but yes, i dont need VT because any software here is trusted and was under review* before.

*sandboxie is part of this procedure.

VT is for scary or paranoid users i think, it does not really have effects for regular and concient users.
results are a list for 60+ scanners and a lot of there are more than futile and neither nor relevant.
i guess this is one reason that VT results are not allowed here - too many fud.

 

I just see VT's Kasperskys and Esets engine results to get more confidence on a file