Cyber Tool of the Week: Task Manager

Task Manager is a classic Windows tool most users are familiar with, but in cybersecurity, it becomes more than just a way to close unresponsive programs. It provides valuable visibility into what’s happening on a system and can help identify issues, unusual activity, and potential indicators of compromise (IoCs).

Below are the tabs you’ll see in Task Manager and what they do:

Processes

Shows which apps and background processes are running. It provides a real-time snapshot of how much CPU, memory, disk, and network resources each process is using.

Performance

Displays how the system’s hardware—CPU, memory, disk, network (Ethernet or Wi-Fi), and GPU is performing. This helps spot resource spikes or bottlenecks.

App History

Shows historical resource usage for apps, including CPU time and network usage. This can help identify apps consuming unusual amounts of resources over time.

Startup Apps

Lists all programs configured to launch automatically when the computer starts. This is useful for identifying unnecessary or suspicious startup items.

Users

Shows which users are currently logged into the system and provides resource usage per user session.

Details

Provides deeper information about executable processes, including the process ID (PID), status, resource usage, and whether the process is 32-bit or 64-bit. Analysts often use this tab when investigating specific processes.

Services

Lists system services, along with their names, descriptions, and statuses (running or stopped). This can help identify disabled or newly created services that shouldn't be present.

How Task Manager Helps in Cybersecurity

Task Manager can be a quick way to identify unusual activity or early warning signs of compromise. Here are a few examples:

• Unknown or suspicious processes running (especially those using high CPU or memory)
  
• Programs running from unusual file paths, such as temporary folders
  
• Services you don’t recognize, which may indicate persistence mechanisms
  
• High resource usage from a process that typically uses very little, which can be a sign of malware or cryptomining
  
• Unexpected startup programs, which may indicate malicious software trying to run automatically
  
  

While Task Manager isn’t a complete security tool, it’s an excellent first step for quickly spotting things that don’t look right and a skill every cybersecurity beginner should get comfortable with.

Final Thoughts

Task Manager is one of the most straightforward yet most powerful built-in Windows tools for spotting performance issues and potential security concerns. By learning how to interpret what you see, you can quickly identify unusual activity and take the next steps toward a more thorough investigation.