Network Security Task Manager ranks the security-related risk of a process based on objective criteria. These are used to investigate whether the process contains critical function calls or suspicious features. Depending on the potential dangers, these functions and properties are awarded points. The sum of the points then gives the overall ranking (from 0 to a maximum of 100 points).
Network Security Task Manager investigates the processes according to the following functionalities (Sorted by degree of risk):
The process monitors each keystroke. The keystrokes are read by using a Hook. Correctly programmed, professionally written programs do not use this Hook function. |
The process disguises itself by Windows API Hooking. Internal Windows system commands for listing processes are manipulated. Because of this, this process cannot be found in the Windows Task Manager or other process viewers. We recommend that this process be put into quarantine. To do this, click in the Edit menu on Remove. |
The file hides itself from Windows Explorer. The file cannot be seen with a file manager. This camouflaging is not the same as the harmless file attribute "hidden". |
This concerns a keyboard driver that can read each entry. |
The process can link into other programs and then change things. To do this, a hook is used that e.g. can fake a false list of files for all programs (by altering the dir command). The program is then invisible for other programs (AntiVirus). |
Browser Helper Objects (browser plug-ins) link into Internet Explorer. For the most part, this concerns desired download manager or other small tools. However BHO's can also monitor your surfing habits. You can deactivate individual BHOs in the Internet Explorer Tools menu under Manage Add-ons. |
The file was started by the ShellExecute command in the Windows system registry (configuration file) by a Hook. ShellExecute starts a process (usually a DLL) as soon as any Windows program is launched. This process should be carefully investigated. |
The process can obtain information through this opening. Hackers exploit such vulnerabilities to penetrate unknown computers and to gain control over them. With a good firewall such attacks can be prevented. |
The process has a connection to the specified computer or IP address and can send whatever information it chooses. With a good firewall such connections can be blocked. |
A port was opened to get information from outside or to send it to the outside. Please note which program it is. With a good firewall this connection can be blocked. |
The process records which programs are called and terminated, and when this happens. |
The program has no visible window in Windows and is running in the background. In the best case it is e.g. a device driver. |
The program is called at every Windows start-up. To do that, the program has registered itself in a startup key in the Windows system registry. |
Some important standard descriptions in the file are not available. By default, each file contains fields for internal descriptions. |
The file does not belong to the Windows operating system. It was copied into the Windows directory. This may be due to poorly programmed software, or because the file is trying to hide itself in the Windows directory. |
The file does not belong to the Windows operating system. Increased attention is required if the file is in the Windows directory and cannot be matched to any installed software product or hardware driver. |
There are no descriptions available in the file. By default, each file contains internal fields for descriptions. |
The file contains function calls with the specified properties. However, because it cannot be said whether and how these are used, the Network Security Task Manager does not consider this criterion to be strong. |
Dangerous function calls have not been found in the file. They could however be contained hidden within the file. |
The manufacturer cannot be ascertained. By default, each file has internal fields for information on the software manufacturer. |
Trustworthy properties (improve the risk ranking):
This file has been signed by Microsoft. You can trust this file to the same level that you trust Microsoft. |
This file was signed by VeriSign. You can trust this file to the same level that you trust VeriSign. |
This file is classified as trustworthy. It belongs to the named, installed software. If you uninstall the software in the Control Panel, then you will also delete this file. |
This file was signed by a CA. You can trust this file to the same level that you trust the certification authority and the software manufacturer. |
In the reference database you store the processes that are known to you. You can make a comment on each process and classify it as harmless. |
Note
| • | Highly ranked processes are not necessarily dangerous. They may possibly just possess typical Malware functions. Example: System Monitoring by Antivirus-Watchdog/Firewall. |
| • | Click on  Configuration, to hide processes classified as safe. Hiding the Windows system processes makes for a wider overview. |
See also