If you have VirusTotal enabled as a new process starts its HASH is submitted to VirusTotal. Be aware (I've only just found this out) that any app that is submitted to VirusTotal is then available to researchers who have the specific subscription and vetted with VirusTotal to then download that app for inspection.
Process Explorer doesn't pop anything up telling you something has been "flagged" at VirusTotal, you have to look at ProcessExplorer to see as such in the VirusTotal column.
However, don't rely on VirusTotal to be accurate, its not. Various legit apps are flagged by the engines it used when they are perfectly fine. For example, Sysinternals sysmon is flagged by at least one of the engines VirusTotal uses so you'll see a 1/73 next to sysmon in the Process Explorer trace.