While any item category (dylib, file, or network connection) can be filtered by simply typing in the field, the certain 'hash-tag' search filters (e.g #nonapple) only apply to executable binaries, and thus are only relevant when the bottom pane is displaying dylibs. Similarly, the items can be filtered by the filter/search box found directory above the lower pane. For example, executable binaries will display a VirusTotal detection ratio, and each item (regardless of category), has an 'info' button that can be clicked to display more information about the selected item (dylib, file, or network connection). The layout of the items in the bottom pane is fairly similar to the top (tasks') pane. Simply toggle the segment control to change what is shown. The bottom pane can display the selected task's dylibs, open files, or network connections. The 'info' button will display detailed information about the task, including its commandline arguments, hashes, and signed status:Ĭlicking on the final button ('show') in the task's row, will show the task's binary in a Finder window. If known malware is detected, the item's name and VirusTotal button will be highlighted in red.
TASKEXPLORER FULL
Known files contain a link to the full analysis report and a 'rescan?' button that will rescan the file. If the file is unknown, clicking the 'submit?' button will submit the file for analysis. With the query complete, the button can be clicked to reveal a popup containing VirusTotal-specific information about the file. Once the query is complete, the title of the button is automatically updated with either the detection ratio, or a '?' if the binary is not known to VirusTotal. While VirusTotal is being queried, this button displays '■ ■ ■'. Task explorer automatically queries VirusTotal with a hash of the binary in order to retrieve any information. These buttons provide information about item's VirusTotal (anti-virus) scan results, general information about the task, and the ability to view the item in Finder. On the right-hand side of each task's row are various informational and actionable buttons. A lock icon next to the task's name, indicates whether the task belongs to Apple,, or a 3rd-party (but still signed), or is unsigned. TaskExplorer also contains special 'hash-tag' filters that can filter tasks based on concepts such as 'all non-Apple (3rd-party) tasks' or 'all unsigned tasks' (see the 'Search and Filtering' section below for details).Įach row the top task pane, contains the icon, name, process id (pid), and path of the task. For example, typing 'Chrome' will show only tasks that contain 'Chrome' in their name or path. Simply begin typing to filter all tasks based on their names, paths or pids. Tasks can be filtered using the 'Filter Tasks' search box, found at the top right corner of the app. Use the drop-down selected in the top right corner of the app to toggle between the two views: These tasks can be either be viewed in the default 'Flat View' mode (sorted by name), or in a hierarchical 'Tree View' mode.
The top pane of the application of the displays all running tasks. Once authorized, TaskExplorer will begin enumerating all running tasks. These privileges are required so that TaskExplorer can enumerate information about remote processes (such as loaded dylibs). To run the application and begin exploring tasks, simply double click on 'TaskExplorer.app' The first time TaskExplorer is run, it will display an authorization prompt in order to gain necessary privileges. Depending on your browser, you may need to manually unzip the application by double-clicking on the zipped archive:
TASKEXPLORER ARCHIVE
To use TaskExplorer, first download the zip archive containing the application. Quickly search to find specific items, or unsigned binaries, established network connections, and more! See the network connection (and its details) created by a task View all files that a particular task has opened Quickly view, (or filter) tasks that are signed by Apple, 3rd-parties, or are unsignedĭetection ratios can reveal known malware, while unknown files can be submitted for analysis Notable features of TaskExplorer include: TaskExplorer allows one to visually explore all running processes.
0 kommentar(er)
