![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 57.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,086 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 40%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
If you have VirusTotal enabled as a new process starts its HASH is submitted to VirusTotal. Be aware (I've only just found this out) that any app that is submitted to VirusTotal is then available to researchers who have the specific subscription and vetted with VirusTotal to then download that app for inspection.
Process Explorer doesn't pop anything up telling you something has been "flagged" at VirusTotal, you have to look at ProcessExplorer to see as such in the VirusTotal column.
However, don't rely on VirusTotal to be accurate, its not. Various legit apps are flagged by the engines it used when they are perfectly fine. For example, Sysinternals sysmon is flagged by at least one of the engines VirusTotal uses so you'll see a 1/73 next to sysmon in the Process Explorer trace.