Task manager 'User name' column empty


Recommended Posts

I've noticed in my task manger a few processes: "crss.exe, HControl.exe, ATI...exe, winlogon.exe" have blank values in the 'user name' column whereas everything else has my name.

If I click 'show processes from all users' the blanks are replaced with 'SYSTEM.'

Could someone explain why this is so?

Thanks :)

26763336.jpg

Link to comment
https://www.neowin.net/forum/topic/881954-task-manager-user-name-column-empty/
Share on other sites

  On 09/03/2010 at 09:38, Singh400 said:

It is because when you click "Show processes from all users", you re-launch taskmgr.exe with administrator privileges. Thus it has access to all parts of the system (ie crictial services) that allow you to see the username column fully.

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

  On 09/03/2010 at 09:46, hdood said:

On an unrelated rant, this is pretty important to understand. Task Manager is a regular program with no special privileges. When you run it, it runs as your user just as any other random program. If you click "show processes from all users", it runs just like any other program you've run as administrator.

This also means that any other programs running (malware included) is free to manipulate it in any way they want. The result of this is that you cannot trust Task Manager when it comes to things like finding malware. Anything that is running could simple remove itself from the list.

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

  On 09/03/2010 at 10:45, MoodIndigo said:

Can malware also manipulate antivirus programs like NOD32 or are there preventative safeguards in place?

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

  On 09/03/2010 at 10:45, MoodIndigo said:

If I cannot trust task manager (which I have done) then what can I trust? NOD32 scans; Hjackthis, other antivirus scans?

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

  On 09/03/2010 at 10:59, hdood said:

Yes, and this is commonly done by malware. Like you say, antivirus software is designed specifically with this in mind and do what they can to prevent it, meaning it becomes a sort of cat and mouse game. Task Manager on the other hand makes no effort.

Well, generally speaking you cannot trust anything on the system at all. If the malware has administrative rights, then it can do absolutely anything it wants to any part of the system, including patching the kernel itself. From a security aspect, there is no way to restore a compromised system to a trusted state without reinstalling.

Realistically though, you usually can trust a command line tool like "tasklist/v" because most people don't even know it exists, and most malware isn't that sophisticated.

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

  On 11/03/2010 at 05:40, soldier1st said:

actually you can trust the system that was compromised just you would need to be aware of what is going on so you can try to spot something wrong and go through everything to make sure all is right.

This isn't practically possible.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • They should have locked it on device not cloud. Kids can just sign out the browser and sign in to anther acc or use guest acc. You can block it sort of with group policy locking it so only 1 acc can login. But you cant stop them logging out. My son just ended up resetting the PC and making a random account.
    • You just have to imagine it in the voice of Jony Ive...and taking over 5 minutes to explain. It’s not just a movable volume indicator. It’s fundamentally more considered—every molecule of its form refined, every component reimagined. This is not iteration; it is reinvention. True simplicity is derived from so much more than the absence of clutter or ornamentation. It’s about bringing order to complexity, clarity to chaos—it’s design that feels inevitable. What we’ve created isn’t just new—it’s a new way of thinking. A product that doesn’t compete with the past, but eclipses it entirely. When something is truly intuitive, you don’t notice the design at all. It’s as if the product dissolves, leaving only the experience—the connection—between you and what you’re doing.
    • Kind of an unrelated rant, but... As someone with kids, who as of a few years ago were young enough that I wanted some of these family safety features. I have to say, any good intention MS had was completely RUINED by how absolutely awful the parental interface is. There was the family portal with limited settings, but more detailed settings were scattered is completely unintuitive ways. There was a child details page where you could configure the 100+ features, but, the features in the "gaming" section only applied the extremely limited list of Windows Store games that were not XBox branded. For anything with XBox branded, you had to find the XBox parental consent portal, which had another 100+ features to dig through and try to figure out what was blocking your two kids from playing Minecraft together. To make the experience even more infuriating, MS implemented their same signature documentation we find for 365 and Azure, that it is very easy to find documents talking about how easy it is to use any given dashboard or portal, but without including a link to said resource...you might have to 20-30 results deep on Google before you find that answer, it was nearly impossible to simply find a portal by searching for it.
    • ^ Found the PR spokesperson for Apple!
    • Like many, I'm not buying and expensive items until the tariff nonsense is resolved. I wonder if that has something to do with (along with the notes others are making)?
  • Recent Achievements

    • Week One Done
      Helen Shafer earned a badge
      Week One Done
    • First Post
      emptyother earned a badge
      First Post
    • Week One Done
      Crunchy6 earned a badge
      Week One Done
    • One Month Later
      KynanSEIT earned a badge
      One Month Later
    • One Month Later
      gowtham07 earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      662
    2. 2
      ATLien_0
      269
    3. 3
      Michael Scrip
      218
    4. 4
      Steven P.
      166
    5. 5
      +FloatingFatMan
      159
  • Tell a friend

    Love Neowin? Tell a friend!