How to get a list of processes with disk activity

Nowadays, it’s important to secure your computer. That also involves monitoring unusual behavior, for example a lot of disk activity while you are idle. Thanks to Windows, we have all the tools we need for that already.

1. First of all, close all of your programs to simplify this process.
2. Next open the Windows 7 task manager via CTRL + ALT + DEL (click at the bottom on start task manager)
3. Go to the tab Performance when after opening the Windows task manager
4. At the bottom there’s a button called Resource Monitor… with an admin icon, click on it.
5. Now get familiar with the UI of the resource monitor if you don’t use this tool a lot
6. When you’re done go to the tab Disk
7. Uncollapse the field Processes with Disk Activity
8. There are different columns, PID, Read (B/sec), Write /B/sec) and Total (B/sec) that are important
9. Click on the column name Write (B/sec) to sort all process with disk activity that are currently writing to your disk
10. Now analyse the processes that are very active (although all programs are closed)
11. For further analysis right-click on a suspicious process and click on Search Online

12. It should open a Google search for the process name
13. Append a “what is” at the beginning for even more explanations
14. Create a list of whitelist and blacklist processes. Put all supicious processes on a list and do some research on

I hope this will help some of you to find all suspicious processes with disk activity. Obviously, many viruses also use names of common applications and Windows files.

Warning: Do you have processes that have a name very similar to Windows processes. Let’s say svhost.exe instead of svchost.exe?
Viruses often use very similar names to confuse you. Make sure to properly read the names and identify them.