Windows comes with a variety of built-in troubleshooting tools. Task Manager can help fix common issues, while command-line tools like Command Prompt and PowerShell are useful for resolving network problems. However, these tools may not be sufficient when dealing with more advanced issues on your Windows PC. In such cases, you need the Sysinternals suite, a collection of 70 freeware utilities offered by Microsoft to assist IT administrators and developers in troubleshooting Windows systems and applications. We discuss why Sysinternals tools are essential for addressing complex Windows issues.
Here are a few ways to troubleshoot Code 43 error and fix device problems on Windows
Squash the pesky Device Manager error to keep your hardware devices working.
5 Perform detailed system checks
See everything that's happening on your PC
Sysinternals tools are indispensable for diagnosing advanced Windows issues because they provide capabilities that go beyond what standard system utilities offer. For example, Task Manager offers a way to view all the processes running on your PC, but it doesn’t offer much detail about these processes.
Sysinternals tools like Process Explorer (Procexp.exe, Procexp64.exe), on the other hand, give you an in-depth view of what is currently happening on your PC through color-coded backgrounds. Processes that have just been started are highlighted in green, while those that are being terminated appear in red. The tool even reveals details such as process dependencies, loaded modules, and running threads.
This is especially helpful for identifying resource-hogging processes, unusual behavior, or misbehaving applications.
4 Detect and examine malware
You can also see which files malware can access
Windows Security and third-party antivirus software do a good job of spotting malicious software on your system. But you can also use Sysinternals Process Explorer to check for malware. If you notice any suspicious processes, just right-click and choose 'Search Online' from the context menu. This will start a web search for the process name, giving you more info.
You can also see which files, registry entries, or network resources a program is accessing, which helps you spot any unwanted behavior. To do this, you can use Process Monitor (Procmon.exe, Procmon64.exe). It’s not the easiest task, though, since most programs are constantly accessing the hard drive or network, so it can be tough to pick out the important stuff from all the data.
3 Speed up a slow PC
Stop apps from auto-starting
As a Windows PC gets older, more programs tend to set themselves to start automatically during installation. This is one of the main reasons why a freshly installed Windows PC boots up quickly and runs smoothly, while an older one starts to slow down.
Auto-start programs aren’t really needed — they mainly just check for updates or wait for events in the background, which isn’t crucial but can be helpful. However, they can delay the Windows startup and make the system sluggish. You can use Sysinternals Autoruns to disable these auto-start programs.
Simply run Autoruns, and it will display the currently configured auto-start applications along with a comprehensive list of Registry and file system locations used for auto-start configurations. These locations include logon entries, browser add-ons, image hijacks, Winlogon notification DLLs, Windows services, and more. You can switch between tabs to view auto-starts from different categories.
To stop a program from starting automatically, just uncheck the box next to it. This won’t delete anything, and if you decide later that you want the program to auto-start again, you can simply check the box again.
2 Analyze security incidents
Keep track of system activity
If you’re looking into a security incident on Windows, Sysinternals is a must-have tool. One of the best options for this is System Monitor (Sysmon). Once you install it, Sysmon stays active even after system reboots, keeping track of system activity and logging it in the Windows event log.
Sysmon gives you detailed insights into things like process creations, network connections, and changes to file creation times. By collecting these logs with Windows Event Collection or SIEM tools, you can spot suspicious activity and get a clear picture of how attackers or malware are operating on your network. Sysmon runs as a protected process, which blocks most user-mode interference.
1 Troubleshoot network issues
Netstat is not enough
PowerShell and Command Prompt have plenty of tools to troubleshoot network issues, but Sysinternals takes it to the next level. With TCPView, you can get a detailed view of all the TCP and UDP endpoints on your system, including local and remote addresses and the state of each TCP connection. It even shows the name of the process that owns each endpoint.
TCPView is like a more user-friendly and informative version of the Netstat program that comes with Windows. Plus, there’s Tcpvcon, a command-line version with the same features, if you prefer working from the terminal.
Sysinternals offers so much more
Whether you want a full snapshot of everything happening on your PC with Process Explorer, the nitty-gritty details from Process Monitor, or total control over what programs start up with Autoruns, Sysinternals has you covered. We’ve only scratched the surface of what the Sysinternals suite can do.
If you're looking for other ways to troubleshoot Windows, check out these PowerShell commands or these Command Prompt commands. You can also try these tips to fix common Windows issues.
Having trouble with external Windows Hello hardware? Here's what you need to do
New Windows 11 PCs may block external Windows Hello devices by default. Here's how to get them working again.