A lightweight, web-based tool designed to analyze running Windows processes, assess their threat levels, and provide a clear, spreadsheet-like interface for security monitoring. It classifies processes into categories (Native Windows, Microsoft, Third-party, Unknown) and assesses them as Safe, Suspicious, or Malicious.
- Dashboard UI: A sleek, modern dashboard to view and filter all running processes.
- Process Tree View: Visualize parent-child process relationships.
- Detailed Threat Analysis: Click on any process to view its memory usage, command-line arguments, file path, digital signature publisher, and the exact reasons for its threat score.
- Whitelist / Blacklist: Maintain a custom list of trusted or blocked processes.
- Filtered CSV Export: Export the currently filtered view of processes to a CSV file for reporting.
- Standalone Executable: The entire application can be compiled into a single
.exefor easy portability.
You can run the application either directly from the source code or by executing the compiled standalone executable.
If you download or compile the standalone executable:
- Double-click the
ProcessAnalyzer.exefile. - A console window will open, indicating the server has started.
- Open your web browser and navigate to:
http://localhost:3000 - The system will automatically perform a scan and display the processes.
- Your whitelists and blacklists will be saved automatically in a
datafolder next to the.exe.
You can generate a customized CSV report of the processes you are currently viewing:
- Use the Threat or Category filter chips to narrow down the process list.
- Alternatively, use the Search box to look for specific process names (e.g., "brave").
- Once the table reflects only the data you want, click the Export CSV button in the top right.
- The browser will instantly download a
.csvfile containing only those filtered records.
- Windows OS (Required for PowerShell process queries)
- Node.js (v16 or higher)
- Clone the repository:
git clone https://github.com/yourusername/process-hardening-analyzer.git cd process-hardening-analyzer - Install dependencies:
npm install
- Start the development server:
npm run dev
- Access the dashboard at
http://localhost:3000
We use pkg to bundle the Node runtime, backend server, and frontend assets into a single executable.
- Make sure dependencies are installed (
npm install). - Run the build script:
npm run build
- A
ProcessAnalyzer.exefile will be generated in your project root.
This tool utilizes several techniques to gather data and determine the threat score of processes without requiring complex driver installations:
The backend leverages native Windows APIs via PowerShell to enumerate processes:
Get-CimInstance Win32_Process: Fetches the process list, including PID, Path, Parent PID, Working Set Size (RAM), and Command Line execution strings.Get-AuthenticodeSignature: Verifies the digital signature of the executable file on disk. This helps determine if the software comes from a known, trusted publisher (e.g., Microsoft, Google, Adobe).
The classification engine acts as the core of the analyzer, running algorithms against the raw data:
- Known-Good Databases: Checks against built-in sets of known safe Native OS processes, Microsoft application processes, and standard third-party services.
- Path Anomalies: Flags processes executing from historically suspicious locations (e.g.,
AppData\Local\Temp,Users\Public). - Location Enforcement: Ensures that critical Windows system processes (like
svchost.exeorlsass.exe) are actually running fromC:\Windows\System32. - Masquerading Detection: Detects process names trying to mimic legitimate system names (e.g.,
svch0st.exeinstead ofsvchost.exe). - Publisher Verification: Flags unsigned binaries or processes lacking a verified publisher certificate (unless they are known safe local services).
- Resource Anomalies: Flags background processes with unusually high memory consumption.
- Backend: Node.js, Express.js
- Frontend: Vanilla HTML5, CSS3, JavaScript (No heavy frameworks for maximum performance)
- Packaging:
pkg
MIT License