Why is important to know what processes and Services are running in a system

Posted on by hecsan9634

It is important to know what processes and services are running on a system because they can affect the performance and stability of the system. If a process is using a lot of resources or is malfunctioning, it can cause the system to become slow or unresponsive. In addition, some processes may be malicious software that can compromise the security of the system. By monitoring the processes that are running on the system, you can identify and troubleshoot any issues that may arise, and ensure that the system is running smoothly. Additionally, knowing what processes are running on a system can help you understand what the system is doing, and whether or not it is functioning as expected.

There are several ways to find out what processes are running on a system, who is running them, and where they are coming from:

  1. Task Manager: You can use the Task Manager on Windows to see a list of all the processes that are running on your system, as well as information about each process such as the name, CPU usage, and memory usage. You can also see the user that is running the process, and the location of the executable file. To open the Task Manager, press Ctrl+Alt+Delete and click on Task Manager.
  2. Command Prompt: You can use the command prompt to view a list of all the processes that are running on your system, as well as information about each process such as the process ID, the name of the executable file, and the user that is running the process. To do this, open the command prompt and type the following command:
tasklist
  1. System Monitor: You can use the System Monitor tool on Windows to monitor various system resources, including the processes that are running on your system. You can see a list of all the processes, as well as information about each process such as the name, CPU usage, and memory usage. To open the System Monitor, press the Windows key + R, type “perfmon” and press Enter.
  2. PowerShell: You can use the Get-Process cmdlet in PowerShell to view a list of all the processes that are running on your system, as well as information about each process such as the process ID, the name of the executable file, and the user that is running the process. To do this, open PowerShell and type the following command:
Get-Process
  1. Third-party tools: There are also many third-party tools that you can use to view a list of all the processes that are running on your system, as well as detailed information about each process. Some examples of these tools include Process Explorer, Process Hacker, and Sysinternals Process Monitor

To stop a process with PowerShell, you can use the Stop-Process cmdlet. Here’s an example of how to use it:

  1. First, find the process ID of the process that you want to stop. You can do this by using the Get-Process cmdlet, which will list all the processes that are running on your system, along with their process IDs. For example:
Get-Process
  1. Once you have the process ID of the process that you want to stop, use the Stop-Process cmdlet to stop the process. You can specify the process ID of the process that you want to stop as an argument to the cmdlet. For example:
Stop-Process -Id 1234

Replace “1234” with the actual process ID of the process that you want to stop.

You can also specify the name of the process that you want to stop instead of the process ID. For example:

Stop-Process -Name "notepad"

This will stop the process with the name “notepad”.

Note: You may need to run PowerShell as an administrator in order to use the Stop-Process cmdlet.

As a Defender you will also need to know how to stop a service in a system. The differences for the most part is that In general, processes are the actual programs that are running on the system, while services are programs that run in the background to perform specific tasks.

There are several ways to find all the services on a system:

  1. Services app: You can use the Services app on Windows to view a list of all the services that are installed on your system. To open the Services app, press the Windows key + R, type “services.msc” and press Enter. This will open the Services app, which will show you a list of all the services on your system, along with their status and startup type.
  2. Command Prompt: You can use the command prompt to view a list of all the services on your system. To do this, open the command prompt and type the following command:
net start

This will show you a list of all the services that are currently running on your system.

  1. PowerShell: You can use the Get-Service cmdlet in PowerShell to view a list of all the services on your system. To do this, open PowerShell and type the following command:
Get-Service

This will show you a list of all the services on your system, along with their status and startup type.

  1. Third-party tools: There are also many third-party tools that you can use to view a list of all the services on your system. Some examples of these tools include Service Manager, Services Manager, and Sysinternals Process Explorer.

To stop a service on a Windows system, you can use the Services app, the command prompt, or PowerShell.

Here’s how to stop a service using PowerShell:

  1. Open PowerShell.
  2. Type the following command to stop the service, replacing “SERVICE_NAME” with the actual name of the service:
Stop-Service -Name SERVICE_NAME

For example, to stop the “Print Spooler” service, you would type:

Stop-Service -Name spooler

Here are some sources to learn more about services and processes:

https://textbooks.cs.ksu.edu/cis527/1-secure-workstations/09-windows-processes-services/

https://learn.microsoft.com/en-us/powershell/scripting/samples/managing-services?view=powershell-7.3

This is all for now!

PEACE!!

Published by hecsan9634