Windows Task Manager separates its display of what’s running on your computer into two tabs. The Applications tab lists each running program by name; the Processes tab is a much longer list that shows every executable file that’s running, including child processes, services, and processes that run in the background.
In Windows XP, you can right-click on any item in the Applications list and choose Go To Process from the shortcut menu. But once you reach the Processes tab, you’re at a dead end. If a process is sucking the life out of your CPU, or if you find a mysterious process that you can’t identify that you think might be associated with malware, you’re on your own. You have to use search tools to find the file responsible for that process and then figure out what it is.
Windows 7 (as well as Windows Vista) simplifies this process. When you right-click any item in the Processes list, you get several new choices on its shortcut menu:
- Click Open File Location to open Windows Explorer and see the file responsible for the running process. Just knowing which folder it appears in can be enough to help ease your mind about a process with a mysterious name.
- The Properties menu choice, also new in Windows Vista and Windows 7, leads directly to the properties dialog box for the associated file, where a greatly expanded Details tab includes copyright information and other relevant text drawn from the file itself. That information can help you decide whether a file is legitimate or needs further investigation.
- Finally, for processes that are running as Windows services, you can click the Go To Service(s) option, which will take you to the Services tab and highlight all of the individual services associated with that process. For an instance of Svchost.exe, for example, the list might number a dozen individual services.