Find suspect processes, files and settings with ESET SysInspector
ESET SysInspector (32-bit) is a powerful tool for examining the low-level details of a PC, and perhaps spotting malicious files, poorly configured settings and other issues that might be causing you problems.
The program has been around for a long time, but we’ve not looked at it for several years, and as ESET issued a rare update recently we decided to see what it could do on a test Windows 10 laptop.
SysInspector opens with a simple list of running processes: name, process ID, description, company. Sounds ordinary, but the key plus here is they’re all given a "risk level" of 1-9 to indicate how "interesting" they are.
Drag a "filter" indicator to a mid-range 9, for instance, and most of the core Windows and other entirely safe processes disappear, leaving you with low-level and third-party processes, or others with some low-level differences to a regular setup (unusual loaded modules, maybe).
Clicking the arrow to the left on a process displays all the loaded modules which match the current risk level. This is far from infallible, and for example our Outlook.exe had plenty of completely safe modules flagged as "unknown", but it does help to remove a lot of other clutter and noise.
Clicking a process displays more information about it. These are mostly executable properties like product and internal name, but there are also "Cloud" figures which tell you how often and how recently the file has been encountered by ESET. Even better, a "Linked to" list warns you if the process is linked to a key Registry entry, a currently open network connection and more.
A left-hand panel enables selecting other key areas of the system: Network Connections, Important Registry Entries, Services, Critical Files (HOSTS, Win.ini), Schedule Tasks, more.
Clicking these displays more information related to that topic. Network Connections doesn’t just show you open TCP and UDP connections, it also lists DNS servers and warns you of anything possibly dubious. As an indicator of how useful this can be, we had set up Google DNS and it highlighted one of our servers as "unknown". A mistake? Yes, ours: we had our second server set to 184.108.40.206, when it should have been 220.127.116.11.
SysInspector’s "Important Registry Entries" section justifies the download all on its own. You can view startup entries, shell extensions, drivers, TCPIP parameters, IE settings and a whole lot more, again filtered by risk. There’s no instant "Delete" option, which is probably a good thing, but a right-click "Open in REGEDIT" option enables further exploration and tweaking.
SysInspector provides a lot of information, but there are various ways to cut through the clutter. You can choose to view third-party items only, for instance (not Microsoft); reduce the detail level to display the essentials only; filter by keyword to pick up specific items only.
Browsing the menus reveals even more features, some of which take the program to a whole new level. SysInspector doesn’t just display data, and save this as a log, but it can also compare logs and show you the difference. If key files and settings have changed, you’ll see it highlighted here.
ESET SysInspector isn’t perfect, and in particular we found it highlighted many safe and very common items as "unknown". But it’s also free, portable, hugely detailed and configurable, and helpful both in spotting malicious code and diagnosing oddball Windows problems in general. A must for geeks everywhere.