Monday, December 30, 2013


This article will tell you what is VSMON.EXE. process/service

Have you ever come across a vsmon.exe process in your system? you can see this in your task manager or even you can see the Frames in your network Monitor [ if you have one]. For now, just look at the image below, there we go! we have vsmon.exe process running. But what is it?


I am sure you all know that any runnng process/service is associated to some application and they are very specific in what they do and hence the name service. So, going back to our VSMON.EXE, it is one of the service run by Zone Alarm Firewall and it continuously monitors network Traffic on the machine it is installed for the network adapters assigned accordingly. This will also helps in alerting you on screen according to the rules set by you or for the default rules it has been assigned.
Now, the good part is to know whether it is safe to have this service. Alright, now it is your call to make! but let me tell you what? if you have zone Alarm installed on your machine and you know why is Zone Alarm installed and you know what you have done then it is really safe to have the service. But did we miss something here? Yes! Malwares!:) .

As some of you might be knowing this already, Malwares can be with any of the names you can also see malware process with the name vsmon.exe. How do you differentiate?

i have two ways to find it.

1. if you have Zone Alarm installed and if you see this service or process running and the binpath of the service is corresponding to the Zone Alarm installation path then, i believe it is safe to ignore this. But how to find what binpath the process vsmon.exe is having? Easy! use SC Command as shown below, which will tell you almost everything about the process

As you can see the Binary path is one of the those system32 paths with a service switch and Display name is TrueVector Internet Monitor which is Zone Alarms service and you can view this in services.msc . You see what is below when you click on that service which will give the same information in the command prompt by SC Command

2. The other way of finding is, try searching add/remove for Zone Alarm. If you run SC command on vsmon.exe and you see nothing or if you see something else other than the Zone Alarm paths then, it is a good idea to clean the machine :) I strongly recommend to evaluate Malwarebytes  .

I hope this article helps you understand the VSMON.EXE process in brief .

No comments:

Post a Comment