System safety monitor track and block changes in drivers, services, applications and INI files

Home

Contacts

Partners

Add Software

Remove Manuals

System safety monitor: Process monitor lists processes to perform various actions on running programs

Introduction

♦	System Safety Monitor
♦	Hotkeys

Tutorial

♦	Install SSM
♦	Create Rules
♦	Setup Logging
♦	Enable Applications Rules
♦	Create Rules in Learning Mode
♦	Enable Modules
♦	Setup Windows Filters

Preferences

♦	Process Monitor
♦	Rules
♦	Application Rules
♦	Library (DLL) Rules
♦	Driver Rules
♦	Registry Rules
♦	Network Rules

Modules

♦	INI-files Module
♦	Start Menu Module
♦	Services Module
♦	Window Filter Module
♦	Layered Service Provider Module
♦	Hooks Module
♦	NetStat Module
♦	Modules Alerts Dialog

Buy System Safety Monitor Online!

Process Monitor

On the Process Monitor tab there is a list of all processes running now. In this window you can perform various actions on the running programs.

Process Monitor

ntfs data recovery	purchase orders template	send text message
setup	usb controller	usb port protection
xp repair freeware	business automation software	damaged xd card

Tree view and sorting
By default processes are sorted into the system process tree. The process tree reflects the parent-child relationship between processes. Processes that are left-justified are orphans; their parent has exited. To change the sort order simply click on the column by which you wish to sort. To return the sort to the process tree keep on clicking on the column.
Coloring
By default processes in the list without a rule are highlighted in blue, blocked processes are red, allowed ones are black. However, colors can be customized in Highlighting section in "Options" tab.
Header menu
Processes list header has the following commands in its context menu:
- Set view to default" - restores list settings to default;
- "Resize to content" - adjusts columns' width to content;
- "Select columns..." - allows choosing columns to display, see below "Column Selection";
- "Show full path" - turns on/off displaying process' full path.
Column Selection
The information in processes list is fully configurable. Columns are reordered by dragging them to their new position. To select which columns should be visible, select "Select Columns..." in the header's context menu. A column selection dialog includes: Process ID, Private Bytes, Working Set, Virtual Size, Page File Usage, CPU usage, CPU Graph, Command line parameters, Folder, User name, Service, Company, Description, File version, Number of threads, Session ID, Handle count, Start time, Command line.
Finding process in the list
To quickly find the appropriate process press [Ctrl]+[F] or select the "Find..." process' context menu item, then input full or partial name or path of the required process. The first matching process will become highlighted. To go to the next record press [ENTER]. The arrows allow navigating to the next up and down process matching the input text. Button "Select all" allows to highlight all matching processes. To close the "Find" panel click "Close" button, or press [Esc].
Main actions
Process' context menu includes actions to perform with process.

To create/edit a rule for a process:

select the process from the list;
select the "Edit rule" menu item on the right-button (context) menu and select "Create/move rule" menu item. Select the appropriate rule group. See Rules topic for more details about rule groups.

To go to the corresponding rule for the process:

select the process from the list;
select the "Edit rule" menu item on the right-button (context) menu and select the "Go to Rule" menu item in the opening submenu.

Recalculate checksum:

If the process has a checksum different from one in the corresponding rule, such process is highlighted in the processes list with special color (maroon text color by default, can be changed in Highlighting section, Options tab).
If you trust the process, you may recalculate the checksum for this process right here:
- select the process from the list;
  select the "Recalculate checksum" menu item on the right-button (context) menu.

To create enabling rules for all processes running now:

select any process from the list;
click the "Trust all running processes" menu item in the right-button (context) menu.

To terminate a process:

select the process from the list;
press [Delete] key or select the "Terminate" menu item on the right-button (context) menu.

To start a new process:

select any process from the list;
press [Insert] key or select the "Start new..." menu item on the right-button (context) menu. The Windows "Run" dialog will be displayed.

To locate a process file:

select the process from the list;
select the "Locate..." menu item on the right-button (context) menu.

To start debugging a process* (NT systems only):

select the process from the list;
select the "Debug..." menu item on the right-button (context) menu;
* - This menu item is only enabled if a debugger is set up in the system. In case of several debuggers the default one will be started.

To see the process file (PE) properties:

select any process from the list;
select the "File properties..." menu item on the right-button (context) menu.

Process properties

To see the process properties select the process in the list and press [ENTER], or choose a "Process properties..." menu item on the right-button (context) menu.

Image

Image tab includes the following data about process image:

Description;
Company;
File version;
Started time;
Verified status (see below);
Path;
Command line.

Verified status is a result of verification code signature: "Not verified" before verification, "Unable to verify", "Verified" after.

Modules list
Modules list includes the modules used by process. The global hook modules are highlighted.

Process properties, Modules list tab