While recent Sysinternals updates haven’t exactly been exciting, Process Explorer 15.2 is one you don’t want to miss: it contains some very useful additions.
The Process Timeline column, for instance, displays a bar which shows how long a particular process has been running in relation to everything else. And so you can tell at a glance what’s been running since Windows launched, and what’s only just started (very useful if, say, you think you’ve just been hit by malware and want to check new processes in particular).
The Process Timeline bars won’t be displayed by default, though, so if you’re interested then you’ll need to turn them on manually: click View > Select Columns, click the Process Performance tab and check Process Timeline.
Now you can see which processes have been around for a very long time, you might wonder which of them are configured to launch at boot time. And a new Autostart Location column can tell you this, too, revealing at a glance the Registry key used to launch them. This may also not be displayed by default, but clicking View > Select Columns > Process Image and checking Autostart Location will turn it on.
Of course seeing that a particular process is referenced at HKLM\System\CurrentControlSet\Services\nsi (or whatever) might leave you wanting to know more, but the program can also help here. Double-click the process and its autostart location will be displayed on the Image tab; if you’re interested, clicking Explore should launch the Registry editor at that particular key (although you’ll need to have run Process Explorer as an administrator for this to work).
And if all that’s not enough, more technical additions this time see .NET stack walking support added to the thread stack dialog, while the new ability to use the Windows 8 private ETW logger should ensure better compatibility with other ETW-based programs.
Put it all together and Process Explorer 15.2 is a very useful update which somehow manages to make an already excellent tool even better: it’s an essential component of every PC owner’s troubleshooting toolkit.