Use Process Explorer to Determine if Symantec Endpoint Protection is Monitoring a Process
search cancel

Use Process Explorer to Determine if Symantec Endpoint Protection is Monitoring a Process


Article ID: 233927


Updated On:


Endpoint Protection


Users suspect Endpoint Protection (SEP) of blocking or interfering with an application, process, or service.

NOTE: This test is often run with component isolation. Please discuss the process for component isolation with Support.


Endpoint Protection with Windows.


Users observe anomalous behavior such as uncommon convergence events in the System Event logs, trouble with Webex, or steep latency when transferring data. 


Understanding the different versions of Process Explorer in the download:




procexp.exe is the 32-bit binary, which also works on current 64-bit versions of Windows.

procexp64.exe is the 64-bit binary, for 64-bit Windows systems.

procexp64a.exe, is the binary for Windows systems running on ARM-based hardware.


Using Process Explorer:

1. Start or prepare to test the service in question.


2. Open Process Explorer.


3. Select View > Show Lower Pane.

4. Use the hotkey combination CTL + D, or select View > Lower Pane View > DLLs to view DLLs.

5. Replicate the issue or problem.

6. Scroll down to find the process in question.

7. Save as <process>.txt.



1. Open Excel.


2. Use the text import wizard or open the file with Excel. You may need to select All Files to view the text file in File Explorer.


3. Select delimited, tab delimeter, and general column data format.

4. Locate Name-Description-Company Name-Version (contains DLLs).

5. Select Name above the list of DLLs.

6. Activate the filter feature (sort and filter in ribbon above/blade/panel).

7. Select the drop-down menu here and configure the parameters as Name – Contains - .dll.


8. Clear the check boxes as appropriate for the DLLs specified by Support or provide the results for Support as requested.