In this article, We want to explain how Smart Net App Manager can help us to supervise the activities of our operating system’s applications.
Sometimes we do not trust a process on our pc, or we suspect it. It is because we are not aware of its job. So, we might like to know more details about its network and storage activities. We may even want to have more information about the accessed files of that process.
A process usually needs to read the files on our system to spy. Consequently, it will most likely need to write on files to damage them. The bad part of the story is that security software products like antiviruses and internet securities can not detect them. And that’s why we enter them into our system unwittingly!
Let us forget how a malware product can enter our system for now. We will explain it later and in a different article. By now, we want to clarify how we can get more information about these process’ activities. Eventually, we will find out if there is a malicious process on our system.
And now, it is time to introduce a helpful software called Smart Net Manager that helps us analyze our system’s activities. Let us know how it works?
The App Manager Checks the Application’s Internet Usage
As we see in figure 1, this app manager gets perfect information about the pc. However, we only want to find the potential malware at this time. So, follow the steps given below:
- Click the Process History button on the Process menu
- On the opened window (Figure 2), click the Duration box (It is at the bottom of the process list) and select the [30 Days] item
- Then, click on the Internet column to sort the processes by their internet usage
The app manager shows the applications and their internet usage within the last 30 days in this window. For example, in figure 2, the IDMan.exe application has used 17.53 Gigabytes of network usage. And all this bandwidth is only for the Internet!
Let’s look at the Disk column of the IDMan.exe process. What a heavy size! Yes, it is 58.87 Gigabytes! Do you think it is normal? Why should an application have about 18 GB of internet usage and 59 GB of Disk usage in only 30 days? Let’s do some investigation about this process. This file’s name tells us it is a famous internet download manager. So, we can be relieved a little! However, let’s make sure that there is no problem at all.
Checking the Digital Signature of a Process
If we click the blue address on the Process History window (Figure 2), a window will open. It contains the IDMan.exe file (In this example). Then, if we right-click the IDman.exe file and select the Properties item on the opened window, another window will open again. (Like in figure 3)
We can find the signer’s name (Tonec Inc.) on the signature list, In this example. It is a trusted signer if you google it. So, we can trust the producer of this process. But, let’s make sure there is no problem with the activities of the IDMan.exe process too.
To have more information about Digital Signatures, you can visit this page.
Did it finish?
Of course, NOT!
Now, let’s suppose we could not find any signature info on the Properties window of the IDMan.exe file. Or, there was a signer name, but we could not find any valid information by searching that name on the Internet.
What are we going to do now?
The App Manager Monitors the Activity History of a Process
Let’s select the IDMan.exe item on the Process History window to get more information (Figure 2). Click the History button on this window. Using the Activity tab of the opened history window (Figure 4), we find out this process has had 11.66 GB of inbound data usage and only 343.30 KB of outbound data usage. On the other hand, this process has written 26.56 GB on the storage media. It also has read 12.23 GB from it. (In the last 30 days!)
Monitoring the Connection History of a Process
Let’s do further investigation. To do so, select the Network tab, like in Figure 5. We can find the details of all IDMan‘s connections. For example, this process has connected with IP 126.96.36.199 on port 443 (The first Item in the list). And, It has received 7.79 MB and has sent 23.10 KB on 10/24/2021 at 7:12:43 PM. This IP is for the United States / Chicago. We can also see Its location on the map by clicking the Location cell (Figure 6). It is good. Is not it?
Even More? Of course.
Monitoring the Storage History of a process
Now, let’s check the storage usage of the IDMan.exe process. This information is available on the Storage tab, as in figure 7. As we all know, file access information is too important. So, let’s review the horizontal red rectangle in figure 7. The IDMan.exe has accessed the folder (c:\Windows\SysWOW64) of the operating system. That’s a critical folder. Anyone has no permission to change it. This process also has only read that folder’s files (the vertical red rectangle in figure 7). So, everything is ok. We can breathe. 🙂
Processes are not permitted to write data to the critical folders of the operating systems. Such as c:\windows or c:\windows\system or c:\windows\SysWOW64 etc.
Checking the Executing History of a Process
Before continuing, let’s ask you a question!
Has your system (OS) have other users too?
If yes, you still have to check some things more! As we all agree, a process may damage our system or spy on it. At that time, we might need to know who has run that process and when?
So, select the Executors tab as in Figure 8 to find it out.
In figure 8, the Administrator is the only user who has executed the IDMan.exe process.
Final Note About the Smart Net App Manager
Smart Net Manager is an app manager that helps us to supervise the activities of our system’s applications and software products.
It’s better to remove a risky application from the PC as soon as we detect it.