Find if that Windows Process is Legitimate or a Virus?

Start the Windows Task Manager at any point of time and you’ll find that dozens of processes are running in your system. Some of these process names are obvious - if there’s iexplore.exe in the list, you have Internet Explorer open on your desktop - but other processes like csrss.exe or dwm.exe will often make no sense to most of us.

Is that Windows Process a Virus?

The first thing that will help you determine if any particular process is a legitimate Windows process or a virus, is the location of the executable itself. For instance, a process like explorer.exe should be running from your Windows folder and not anywhere else.

To confirm, open task manager, go to View – > Select Columns and select “Image Path Name” to add a location column to your task manager. If you spot any suspicious-looking directory here, it may be a good idea to investigate that process further.

NoVirusThanks, an online virus scanning service, offers a portable desktop uploader that will make it easy for you to check if any of the Windows processes are legitimate or a virus /worm in disguise.

Scan Windows Processes for Virus

When you run this tool, it will automatically generate a list of all your running processes just like Windows Task Manager. You can right-click on any process name and upload* the corresponding file online for virus analysis.

Related: Recommended Anti-Virus Software

Once the file is uploaded , NoVirusThanks will instantly scan it against a dozen or so popular anti-virus programs including AVG, Comodo and Kaspersky so chance are low that a bad file with go undetected.

Other than Windows Processes, you may also send your loaded DLLs, driver files and start-up programs for analysis online with a simple right-click.

Another tool that can sometimes help you detect bad processes is Microsoft’s Process Explorer. Launch the program (it requires no installation) and check “Verify Image Signatures” under Options. Now go to View – > Select Columns add add “Verified Signer” as one one the columns.

Windows Process Explorer

If the “Verified Signer” status of a process is listed as “Unable to Verify,” you may well give that process a second look. Not all the good Window processes will carry a Verified signature tag but none of the bad ones either.

PS:If you have trouble sending your Windows process file for scanning, switch to the settings tab of the uploader and change the server from to (or vice-versa).

Amit Agarwal

Amit Agarwal

Google Developer Expert, Google Cloud Champion

Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India.

Amit has developed several popular Google add-ons including Mail Merge for Gmail and Document Studio. Read more on Lifehacker and YourStory


Awards & Titles

Digital Inspiration has won several awards since it's launch in 2004.

Google Developer Expert

Google Developer Expert

Google awarded us the Google Developer Expert award recogizing our work in Google Workspace.

ProductHunt Golden Kitty

ProductHunt Golden Kitty

Our Gmail tool won the Lifehack of the Year award at ProductHunt Golden Kitty Awards in 2017.

Microsoft MVP Alumni

Microsoft MVP Alumni

Microsoft awarded us the Most Valuable Professional (MVP) title for 5 years in a row.

Google Cloud Champion

Google Cloud Champion

Google awarded us the Champion Innovator title recognizing our technical skill and expertise.

Email Newsletter

Sign up for our email newsletter to stay up to date.

We will never send any spam emails. Promise.