Using Process Explorer Flashcards

1
Q

Does a Task Manager have any sense of hierarchy?

A

no - it does not show the parent process that started the process or child process started by a certain process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Does a Task Manager have any knowledge of threads?

A
  • no - can only point to a correct direction to find a fault, but cannot explain what’s going on as it does not see what threads are doing
  • at best it knows the number of threads running in a process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does it mean that Task Manager does not have any understanding on what resources are being used?

A
  • doesn’t understand what DLLs/modules/files are loaded
  • no understanding on what register keys a process is using
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What can a Task Manager never provide when using for troubleshooting an issue or malware analysis?

A

the actual reason why bad things happened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to run Process Explorer with elevated privileges to be able to see details for all processes?

A

File > Show Details for All Processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to check what privileges are used by a running process?

A

Properties > Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly