Expanded Tooltips, Enhancement Suggestion, Question

Started by Neo, January 27, 2010, 11:40:49 AM

Previous topic - Next topic

Neo

Jeremy, just a quick note to say that I really like the systray expanded tooltip and the tooltips available upon hovering over the process name in the main window.  Very cool features. 8)  The expanded systray tooltip saves me from opening the main window if I want to see why my machine is sometimes such a dog, which is happening more and more often on my wheezing machine.  It's still chugging along, though. :)  Is there a way to make the tooltips stay visible the entire time I'm hovering over them?  They seem to close after about five seconds and sometimes I'd like more time to review the information displayed.

Potential Enhancement  / Utility Suggestion
I think it would be helpful if there were some way to associate the data shown on the graph to the data displayed in each of the tabs, depending upon which tab is active.  It would provide an easy, visual way to determine potential issues with a particular process or among processes, modules, threads, etc.

Something just came to mind from my days of network analysis and design...  I used to use Sniffers to capture packet data and then "replay" the captured data so I could understand what was happening with loads on different network segments.  I think a great addition to Process Lasso would be the ability to capture the all the data it captures into a file and then be able to "play" it in some type of a player that also provided tools to analyze the data.  Just a thought.

Question
I know Process Lasso is not a malware or virus detector but would it show running processes that attempt to hide from detection, like viruses and malware?

Jeremy Collake

Quote from: Neo on January 27, 2010, 11:40:49 AM
Is there a way to make the tooltips stay visible the entire time I'm hovering over them?  They seem to close after about five seconds and sometimes I'd like more time to review the information displayed.

Glad you like the new features. I noticed the disappearing tooltip too, and am working to resolve it in one of the next few minor updates. I believe its disappearing because once its been changed, Windows only lets the old tooltip remain visible for X seconds. I therefore have to suspend changes while you're hovering over the icon.

Quote
Potential Enhancement  / Utility Suggestion
I think it would be helpful if there were some way to associate the data shown on the graph to the data displayed in each of the tabs, depending upon which tab is active.  It would provide an easy, visual way to determine potential issues with a particular process or among processes, modules, threads, etc.

This is something I plan to work towards in version 4. Making all the information easier to analyze and visualize is the over-all goal. If the system isn't responsive, I want the user to be able to quickly see why. This includes periods in the past. Tooltips as you hover over the graph, showing info about what happened during that time period, has been planned for a while - and I'll eventually get to it for sure. Other changes along the lines of what you suggest are also planned.

Quote
Something just came to mind from my days of network analysis and design...  I used to use Sniffers to capture packet data and then "replay" the captured data so I could understand what was happening with loads on different network segments.  I think a great addition to Process Lasso would be the ability to capture the all the data it captures into a file and then be able to "play" it in some type of a player that also provided tools to analyze the data.  Just a thought.

Such a record and playback utility would indeed be very useful. It wouldn't be terribly difficult to implement, though is something that would take some time. I'll see what I can do.

Quote
Question
I know Process Lasso is not a malware or virus detector but would it show running processes that attempt to hide from detection, like viruses and malware?

I'll give that some thought, but it isn't something that is easily done. When a process is truly hiding, and not visible even to Process Lasso when using the lowest level API available (the NT Native API), then it requires some real work to find. This is the area of 'rootkit detectors' and would be too much of a branch out from Process Lasso's main mission. If it was something I could easily do, I would.. but it's not. If the malware hides itself well enough, it can be near impossible to detect while the system is booted.

That said, I may incorporate some basic anti-malware features in future versions. For instance, if I know process X and Y are known malware, or exhibit characteristics of known malware, maybe I'll indicate such. Of course, this really moves Process Lasso in a new direction, and so its not a top priority at this time. I don't want to get too far from the core mission.

Thanks a lot for the feedback. I hope future versions move towards what you'd like to see ;)
Software Engineer. Bitsum LLC.

Neo

Thanks, as always, for your as-usual quick response. :)  My question about hidden processes was one more of curiosity, not because I wanted to see anti-malware capabilities implemented within Process Lasso.  I know that's not its purpose.  I have and use several specialized utilities to deal w/ rootkits and the like.