How to Monitor a Windows Process

  |  May 1, 2023
How to Monitor a Windows Process

Understanding Windows process monitoring can save your application from experiencing performance issues.   Let’s expand your knowledge of Windows task manager and take a look at how you can monitor Windows processes more effectively. 

1. Identify General Process Details

Let’s start with picking the process from the list in the Task Manager and studying its properties. We will use the example of the process called “COM Surrogate” to illustrate our points:

In the picture above, you can see the list of processes and the “End task” button you would use to end frozen processes. However, don’t rush with decisions, as you might compromise the performance of the entire system architecture

Our example, COM surrogate, is the process that hosts DLL files (the library of files that contain code and data used by several programs at the same time). Stopping it could potentially affect other essential Windows processes. 

You can also investigate the process yourself by checking available properties, including:

  • CPU – the total processor utilization across all cores, or how much of the processor’s power the process is using. If the CPU is close to 100%, this means that your computer is doing more work than its capacity to run the process. 
  • Memory – the total individual memory that a process reserves on your computer. If the process is using more memory than it’s supposed to, it might be an indicator of malware. 
  • Disk – how much space the process uses across all hard disks on your computer. If the percentage is too big, this too might be an indicator of malware. 

Checking these basic metrics will help you better understand the nature of the process and its significance for the entire system. 

2. Check the File Location

The next step in monitoring Windows processes through the Task Manager is to check the process’s location. If the process is unknown to you and you currently don’t have access to the Internet to learn what it does, identifying the process’s file location will give you more information about it. 

Let’s take our COM surrogate example.  To check its file location, you need to right-click with your mouse and choose “Open file location”:

The file for this process is located in the System 32 folder, indicating that this is an important process for the system:

Here’s a list of Windows processes that you should never stop as to not compromise the work of the entire system:

  • System. This process isn’t easy to kill because it is protected by Windows. The system ensures software can communicate with hardware. Stopping the system can have very serious consequences, such as locking up your entire computer. If the System process has frozen, try to reboot your computer to fix it, but never kill this process via the Task Manager. 
  • Winlogon.exe. This process loads your user profile and is the process that switches on when you try to access the Task Manager. Ending this process will make your computer unusable and cause it to lose important data. 
  • Wininit.exe. This is a Windows Startup Application that helps Windows run as soon as you log in, until you switch off your computer. It supports all background apps. If you kill this process, your computer will most likely crash. 
  • Csrss.exe. Windows uses this process to shut down your computer. If this process doesn’t work, the system won’t be able to reboot. 
  • Smss.exe. This process launches as soon as you turn on your computer. It detects all your drives and connects to the winlogon.exe process to give you access to the login screen. After you log in, this process keeps controlling the winit.exe and the crss.exe processes. If you end this process, it will freeze your computer. 

Killing one of these processes can also result in the permanent loss of important data. One of the Windows processes you can kill, should you find it necessary, is Explorer.exe. You might be reluctant to end it, but if your Start menu or taskbar isn’t working, rebooting this process may solve the issue and will actually be faster than restarting your entire computer. 

3. Analyze Process’s Wait Chain

If you find that one of the processes is not running smoothly, you can check its Wait Chain to troubleshoot any issues. 

The Wait Chain tree is a tool that helps you identify if a process is frozen. To find it, go to details, select the process, right-click on it, and choose the “Analyze wait chain” option:

If the process is running normally, you will receive the message like this:

However, if the process is hung, it will be highlighted in the Details, and you will see a message saying that it is “Not responding” or “Suspended”:

In case you find stuck processes, you can fix them by assigning a new task or kill the process altogether if it doesn’t have a significant impact on the system. 

If you want to analyze the performance of an app on your computer, it’s best not to do it through the Task Manager. Instead, you can use an APM tool like Retrace, which allows better and more precise error tracking and real-time monitoring than any other native Windows solution.  

4. Check Process Permissions

The last step of windows process monitoring is checking the process permissions. You can access this feature by right-clicking on the process, choose Properties, and then go to Security:

Checking the permission can also help find a solution to debug apps and processes. 

Sometimes, if a process has a hard time running smoothly, it might not have the necessary permissions to do it. Check the process’s Security Properties to see the existing permissions and assign new ones if necessary. 

Wrapping Up Windows Process Monitoring

Using Task Manager for Windows processes is quite straightforward. If you know where to click, the Task Manager will provide you with all the information about the process to effectively check its performance. 

However, it is important to remember which processes you can and cannot kill. We listed some of them in this article to help you navigate them and better understand their role. If you are hesitant, check the file’s location, how much CPU, disk space, and memory it uses to run. 

If the process is stuck, try to check its permissions. Or, if the app doesn’t perform smoothly, check if there are any restrictions that don’t allow it to run properly.

Improve Your Code with Retrace APM

Stackify's APM tools are used by thousands of .NET, Java, PHP, Node.js, Python, & Ruby developers all over the world.
Explore Retrace's product features to learn more.

Learn More

Want to contribute to the Stackify blog?

If you would like to be a guest contributor to the Stackify blog please reach out to [email protected]