Download Process Hacker – Free for Windows

Yes, Process Hacker is safe. It is a legitimate, open-source tool published under the GNU GPL v3 license, with its full source code available on GitHub for anyone to inspect. The project has been publicly maintained since 2008 and is used by security professionals, system administrators, and malware analysts worldwide.

Several antivirus programs flag Process Hacker as “RiskTool” or “HackTool” because it accesses low-level system functions that malware also uses – things like reading process memory, terminating protected processes, and injecting DLLs. Kaspersky, for example, labels it “Not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen” – the “Not-a-virus” prefix is the important part. These are false positives, and the detections reflect what the tool can do, not any malicious intent. Microsoft’s own Process Explorer uses similar techniques.

• Download only from official sources: the SourceForge project page or the GitHub releases page
• Verify the SHA-256 checksum listed on the download page against your downloaded file
• If your antivirus blocks it, add an exclusion for the Process Hacker installation folder
• The installer (v2.39.124) is digitally signed by the developer

Pro tip: If you want extra assurance, download the source code from GitHub and compile it yourself. The build instructions are straightforward if you have Visual Studio installed.

For download links and checksums, visit our download section.

No, Process Hacker is not a virus or malware. It is a well-known open-source system monitoring tool that has been publicly developed since 2008. The confusion comes from antivirus vendors categorizing it as a “potentially unwanted program” or “risk tool” because of its powerful system-level capabilities.

Here is why antivirus software flags it: Process Hacker can terminate almost any process (including protected ones), read and write process memory, inject DLLs into running processes, and load kernel drivers. These are the same techniques that actual malware uses, so heuristic scanning engines flag anything with those capabilities. On VirusTotal, you will typically see 20-35 detections out of 70+ engines, but look closely at the detection names. Most say “RiskTool”, “HackTool”, or “Not-a-virus” – none call it an actual trojan or worm. Reddit threads on r/antivirus and r/windows consistently confirm it is safe when downloaded from official sources.

1. Check the detection name – “RiskTool” and “Not-a-virus” are not malware classifications
2. Verify your download source is official (SourceForge or GitHub, not random download sites)
3. Compare the file hash against the official SHA-256 published on the project page
4. If you are still unsure, run it in a virtual machine first to see its behavior

Pro tip: Some anti-cheat systems in games (like Fortnite’s EasyAntiCheat and Escape from Tarkov’s BattlEye) will detect Process Hacker and either block the game from launching or issue a ban. Close Process Hacker completely before playing any game with anti-cheat protection.

Learn more about what Process Hacker actually does in our features section.

The official Process Hacker download is hosted on SourceForge at processhacker.sourceforge.io. The source code and nightly builds are also available on the GitHub repository under the processhacker organization. These are the only two official distribution channels maintained by the development team.

The stable release is version 2.39.124. The installer is about 5.2 MB and the portable ZIP is roughly 3.5 MB. Both the 32-bit and 64-bit versions are included in a single download package. Be cautious with third-party download sites – some repackage the installer with bundled adware or modify the executable. A common mistake is downloading from sites that add toolbar installers or redirect you through ad-heavy download wrappers.

• Official SourceForge page: processhacker.sourceforge.io
• Official GitHub releases: github.com/processhacker/processhacker
• Avoid sites like Softonic, FileHippo, or CNET that may bundle additional software
• Always check that the file hash matches the SHA-256 listed on the official page

Pro tip: If the SourceForge page redirects you to System Informer (the successor project), that is expected. You can still find Process Hacker 2.39 in the SourceForge file archive under the “processhacker2” project files.

Get the direct download link from our download section on this page.

Yes, Process Hacker 2.39 runs on Windows 11 without major issues. It supports Windows 7, 8, 8.1, 10, and 11 in both 32-bit and 64-bit editions. Most core features – process monitoring, service management, network connections, memory inspection – work correctly on Windows 11 builds up to 24H2.

That said, Process Hacker 2.39 was last updated before Windows 11 existed, so some newer system calls and security features may not be fully supported. The kernel driver (KProcessHacker) can occasionally have compatibility issues with newer Windows 11 builds, particularly around features like Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI). If you run into driver loading failures, try the portable version without the driver – you will lose some advanced termination methods but the rest works fine.

• Run as administrator for full functionality on Windows 11
• If Windows SmartScreen blocks it, click “More info” then “Run anyway”
• The kernel driver may not load on systems with Secure Boot and HVCI enabled
• For full Windows 11 support with the latest patches, consider System Informer (the actively maintained successor)

Pro tip: If you need the kernel driver on Windows 11 with Secure Boot, System Informer (version 3.2) has an updated driver that passes modern signing requirements. Process Hacker 2.39’s driver predates these requirements.

Check the full compatibility details in our system requirements section.

Process Hacker has very modest system requirements. It runs on any Windows PC from Windows 7 onward with a 1 GHz processor, 512 MB of RAM, and about 50 MB of free disk space. There is no GPU requirement since it is purely a system monitoring tool without 3D rendering.

In practice, Process Hacker is extremely lightweight. It uses between 15-40 MB of RAM during normal operation, depending on how many processes your system is running. CPU usage sits at under 1% on most systems, spiking only when refreshing process lists or running memory scans. The installer is 5.2 MB and the portable ZIP is 3.5 MB, so even on older machines with limited storage, it fits easily. For a smoother experience, 2 GB of RAM and 100 MB of disk space are recommended – mainly because Windows itself and the processes you are monitoring consume the bulk of system resources.

• OS: Windows 7 SP1 or later (32-bit or 64-bit)
• CPU: 1 GHz or faster (any x86 or x64 processor)
• RAM: 512 MB minimum, 2 GB recommended
• Disk: 50 MB minimum, 100 MB recommended
• Permissions: Administrator privileges required for full functionality

Pro tip: The portable version has no installer overhead and can run directly from a USB flash drive, which makes it ideal for troubleshooting machines where you cannot install software.

See the full specifications table in our system requirements section.

Yes, Process Hacker fully supports 32-bit Windows. The download package includes both the 32-bit (x86) and 64-bit (x64) executables, and the installer automatically selects the correct version for your system.

On 32-bit systems, Process Hacker actually has a few extra capabilities. The kernel driver (KProcessHacker) on 32-bit Windows can use additional termination methods that are not available on 64-bit systems due to Kernel Patch Protection (PatchGuard). This means you can terminate even more stubborn processes on a 32-bit machine. The tool works identically on both architectures for all other features – process inspection, network monitoring, service management, and memory editing all function the same way.

• 32-bit executable: ProcessHacker.exe (located in the x86 folder)
• 64-bit executable: ProcessHacker.exe (located in the x64 folder, or the root if using the installer)
• The installer auto-detects your architecture and places the right version
• Portable users should pick the correct folder (x86 or x64) for their system

Pro tip: If you are using the portable version on a 64-bit system but accidentally run the 32-bit executable, Process Hacker will still work but you will not be able to inspect 64-bit processes properly. Always match the executable to your OS architecture.

Download the version that matches your system from our download section.

Yes, Process Hacker is 100% free. It is released under the GNU General Public License version 3 (GPLv3), which means you can download, use, modify, and redistribute it at no cost. There is no paid version, no premium tier, no trial period, and no feature gating behind a paywall.

Unlike many “free” tools that monetize through bundled adware, usage tracking, or upselling to a pro version, Process Hacker has none of that. The project has been community-funded and volunteer-maintained since its creation by developer wj32 around 2008. Every feature – process termination, memory editing, DLL injection, network monitoring, service management – is available to every user from day one. The source code is on GitHub, so anyone can verify there is no hidden monetization.

• No ads, no bundled software, no telemetry
• No registration or account required
• No feature limits or usage caps
• Commercial use is permitted under the GPLv3 license
• The successor (System Informer) is also free and open-source under the same license model

Pro tip: If a website asks you to pay for Process Hacker or requires you to complete a survey before downloading, you are on a scam site. The real download is always free from SourceForge or GitHub.

Get the free download from our download section.

Yes, Process Hacker is completely legal to download and use. It is a legitimate system administration tool, no different legally from Windows Task Manager or Microsoft’s own Process Explorer. Possessing or using process monitoring software is not illegal in any jurisdiction.

The “Hacker” in the name causes confusion, but it refers to the programming sense of the word – someone who explores and understands systems deeply – not criminal hacking. The tool itself is a system monitor and debugger. Security researchers at companies like Varonis, SANS, and various incident response firms openly recommend and use Process Hacker in their professional workflows. It is taught in cybersecurity courses and used in malware analysis labs at universities.

Where legality gets nuanced is how you use it. Using Process Hacker on your own computer is always legal. Using it on someone else’s computer without authorization could violate computer fraud laws (like the CFAA in the US or the CMA in the UK), but that applies to any system tool, including the built-in Windows command prompt.

• Legal for personal use on your own systems
• Legal for professional IT administration and security work
• Legal for educational and research purposes
• Requires authorization if used on machines you do not own

Pro tip: Some corporate environments and anti-cheat systems block Process Hacker by policy, not by law. Getting flagged by your company’s endpoint detection does not mean you broke any law – it means the tool triggered a security policy. Check with your IT department before running it on a work machine.

Learn more about what Process Hacker does in our overview section.

Installing Process Hacker takes about two minutes. Download the installer (5.2 MB) from the official SourceForge page, run the setup wizard, and you are done. Here is the full walkthrough.

The installer is a standard Windows setup executable. It does not bundle any third-party software or browser toolbars, and there are no hidden checkboxes to watch for. If Windows SmartScreen shows a blue warning that says “Windows protected your PC”, click “More info” and then “Run anyway” – this happens because Process Hacker is not published through the Microsoft Store.

1. Download ProcessHacker-2.39-setup.exe from our download section or from SourceForge
2. Right-click the downloaded file and select “Run as administrator”
3. If SmartScreen appears, click “More info” then “Run anyway”
4. Accept the license agreement (GPLv3) and click Next
5. Choose the installation directory (default is C:\Program Files\Process Hacker 2)
6. Select components – keep all checked unless you do not want the desktop shortcut
7. Click Install and wait a few seconds for the files to copy
8. Check “Launch Process Hacker” and click Finish

Pro tip: During installation, there is an option to install the kernel driver (KProcessHacker). Keep this enabled – it gives you access to advanced process termination methods and deeper system inspection. Without it, some processes cannot be killed.

For the complete setup guide including first-run configuration, see our Getting Started section.

The portable version (3.5 MB ZIP) and the installer version (5.2 MB EXE) contain the same program with the same features. The choice depends on how you plan to use it: the installer is better for daily use on your own PC, and the portable version is better for USB drives and troubleshooting other machines.

The installer registers Process Hacker in the Windows Programs list, adds a Start Menu shortcut, optionally creates a desktop icon, and can install the KProcessHacker kernel driver as a system service. This driver loads automatically at boot, which means advanced termination methods are available immediately. The installer also lets you set Process Hacker as the default Task Manager replacement through its Options menu, so pressing Ctrl+Shift+Esc opens Process Hacker instead.

The portable version runs from any folder with no installation. Extract the ZIP, open the x86 or x64 folder (match your system architecture), and run ProcessHacker.exe. No registry entries, no services, no traces left behind. The downside is the kernel driver does not auto-load, so you must manually start it through Options > Advanced each session if you need it.

• Choose installer if: you use Process Hacker daily, want it as Task Manager replacement, need auto-starting kernel driver
• Choose portable if: you troubleshoot multiple machines, want no system modifications, run from USB
• Both versions include 32-bit and 64-bit executables
• Both support plugins placed in the Plugins subfolder

Pro tip: Many IT professionals carry the portable version on a USB drive alongside other Sysinternals tools for quick diagnostics. Create a folder called “Toolkit” on your USB, extract Process Hacker portable there, and you have an instant troubleshooting kit.

Download either version from our download section.

Most Process Hacker installation failures fall into three categories: antivirus interference, insufficient permissions, or corrupted downloads. Each has a straightforward fix.

The most common cause is your antivirus quarantining the installer before it can run. Windows Defender, Malwarebytes, Kaspersky, and Norton all may flag the setup file. The second issue is not running the installer as administrator – Process Hacker needs elevated privileges to install its kernel driver and write to Program Files. A corrupted download is less common but happens if your connection dropped mid-transfer, resulting in a partial file that will not execute properly.

1. Antivirus blocking: Temporarily disable real-time protection, or add the installer file to your antivirus exclusion list before running it
2. Permission denied: Right-click the installer and select “Run as administrator” – do not just double-click it
3. SmartScreen block: Click “More info” then “Run anyway” on the blue Windows SmartScreen prompt
4. Corrupted download: Delete the file, clear your browser cache, and re-download. Compare the SHA-256 hash with the one published on SourceForge
5. Existing installation conflict: Uninstall any previous version of Process Hacker from Control Panel before installing a new copy

If the installer itself works but Process Hacker crashes on first launch, the kernel driver may be incompatible with your Windows version. Go to Options > Advanced and uncheck “Enable KProcessHacker” to run without the driver.

Pro tip: If nothing works with the installer, skip it entirely. Download the portable ZIP version, extract it, and run ProcessHacker.exe directly. Same features, zero installation headaches.

See the full installation walkthrough in our Getting Started guide.

If Process Hacker fails to open or crashes immediately after launch, the issue is almost always one of three things: antivirus interference, a corrupted settings file, or a kernel driver conflict with your Windows build.

Antivirus software is the number one culprit. Programs like Malwarebytes and Windows Defender can quarantine ProcessHacker.exe or its kernel driver between sessions, so the application worked yesterday but is gone today. Check your antivirus quarantine log first. On Windows 11 with recent updates (particularly builds 22621 and later), the KProcessHacker driver sometimes fails to load due to stricter driver signing enforcement, which can cause Process Hacker to hang at startup if it is waiting for the driver.

1. Check your antivirus quarantine and restore ProcessHacker.exe if it was flagged
2. Add the entire Process Hacker folder to your antivirus exclusion list
3. Delete the settings file at %APPDATA%\Process Hacker 2\settings.xml and relaunch – a corrupted settings file causes crashes
4. Run ProcessHacker.exe as administrator explicitly (right-click > Run as administrator)
5. If it hangs at startup, try the portable version without the kernel driver
6. Check Windows Event Viewer (eventvwr.msc) under Application logs for specific error codes

Pro tip: If Process Hacker worked before a Windows update but stopped, the update likely broke driver compatibility. Switch to System Informer (version 3.2+), which has a driver updated for current Windows 11 builds.

For more troubleshooting steps, check our Getting Started guide.

Your antivirus deletes Process Hacker because the program uses techniques that overlap with what malware does. This is a false positive, not an actual threat detection. The tool reads process memory, terminates protected processes, and can inject DLLs – all legitimate system administration functions that heuristic scanners also associate with malicious software.

On VirusTotal, Process Hacker 2.39 typically triggers 20-35 out of 70+ antivirus engines. Kaspersky labels it “Not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen” – note the explicit “Not-a-virus” prefix. Malwarebytes categorizes it as “RiskWare.ProcessHacker.” Neither is a malware detection; they are advisory classifications saying “this tool has powerful capabilities.” The same pattern applies to other legitimate security tools like Mimikatz, Nirsoft utilities, and even some Sysinternals tools.

1. Open your antivirus settings and find the Exclusions or Allowed Items section
2. Add the Process Hacker installation folder (default: C:\Program Files\Process Hacker 2\) as a folder exclusion
3. Also exclude the specific file path of ProcessHacker.exe
4. If using Windows Defender: Settings > Virus & threat protection > Manage settings > Exclusions > Add folder
5. If using Malwarebytes: Settings > Allow List > Add > select the Process Hacker folder

Pro tip: Set up the exclusion before installing Process Hacker. If you install first, the antivirus may quarantine files during installation, leaving a broken install that produces confusing errors later.

Learn about Process Hacker’s actual capabilities in our features section.

Windows updates occasionally break Process Hacker, usually by tightening driver signature requirements or changing kernel APIs that the KProcessHacker driver depends on. This is more common on Windows 11 where Microsoft frequently updates security policies.

When this happens, Process Hacker itself may still launch, but features that rely on the kernel driver stop working – you will see “Unable to load KProcessHacker” errors or lose the ability to terminate protected processes. In worse cases, the application crashes on startup because it tries to load an incompatible driver. Windows 11 builds 22621+ and the 24H2 update have been particularly problematic for older kernel drivers. The underlying issue is that Process Hacker 2.39 was last updated before these Windows builds existed.

1. First, try restarting your PC – sometimes the driver just needs a clean reload after an update
2. Open Process Hacker, go to Options > Advanced, and uncheck “Enable KProcessHacker” to run without the kernel driver
3. Run system file integrity checks: open Command Prompt as admin and run DISM /Online /Cleanup-Image /RestoreHealth followed by sfc /scannow
4. Check if Windows Defender re-flagged Process Hacker after the update (updates can reset exclusions)
5. If the issue persists, download System Informer (v3.2+) which has an updated driver compatible with current Windows builds

Pro tip: After any major Windows update (like going from 23H2 to 24H2), check your antivirus exclusions. Windows Update has a habit of resetting Defender exclusions, which means previously allowed tools get quarantined again.

For version details and alternative downloads, see our download section.

Process Hacker does not have a built-in auto-update feature. To update, you download the latest version manually and install it over your existing copy. The current stable release is version 2.39.124.

Since Process Hacker 2.39 has been the stable release for several years (the development team shifted focus to System Informer), “updating” typically means either reinstalling the same version after a corruption issue, or migrating to System Informer for the most recent improvements. System Informer is the direct continuation of Process Hacker with the same codebase, same developer (wj32 and team under Winsider Seminars & Solutions), and the same GPL license. The latest System Informer release is version 3.2.25011 (May 2025) with full Windows 11 24H2 support.

1. Check your current version: open Process Hacker > Help > About
2. Download the latest installer from our download section or SourceForge
3. Close Process Hacker completely (check system tray for the icon)
4. Run the new installer – it will overwrite the previous version
5. Your settings in %APPDATA%\Process Hacker 2\settings.xml are preserved

Pro tip: If you want the latest features and security patches, install System Informer alongside Process Hacker instead of replacing it. Both can coexist on the same machine, letting you transition gradually.

Download the latest version from our download section.

Process Hacker was rebranded to System Informer by the same development team. System Informer is the direct successor – same codebase, same developers, same open-source license. The rename happened to better reflect what the tool actually does (system monitoring) and to reduce the false positive rate caused by the word “Hacker” in the name.

The original developer wj32 and the team at Winsider Seminars & Solutions continue the project under the new name on GitHub (github.com/winsiderss/systeminformer). Process Hacker 2.39 remains available as the last release under the old name, while System Informer has moved to version 3.x with significant improvements: ARM64 processor support, a native dark theme, exploit mitigation displays (showing CFG, CET, and XFG status per process), improved GPU monitoring graphs, high-DPI scaling fixes, and compatibility with the latest Windows 11 builds.

• Process Hacker 2.39 = last stable release under old name (still works, still downloadable)
• System Informer 3.x = actively developed continuation with new features
• The SourceForge URL (processhacker.sourceforge.io) now redirects to systeminformer.sourceforge.io
• Your Process Hacker settings and plugins may need reconfiguration when switching

Pro tip: If you are currently running Process Hacker 2.39 and everything works for your needs, there is no rush to switch. System Informer is the better choice only if you need Windows 11 24H2 driver support, ARM64 compatibility, or the latest security features.

Read about all of Process Hacker’s capabilities in our features section.

Process Hacker offers more raw power and flexibility, while Process Explorer is simpler to use and backed by Microsoft. For most users doing basic system troubleshooting, Process Explorer is enough. For security professionals, malware analysts, and power users who need deep system access, Process Hacker is the stronger choice.

Process Explorer (v17.09, December 2025) comes from Microsoft’s Sysinternals suite. It is a single portable EXE with no installation, supports dark mode, shows .NET assembly information, and has strong symbol resolution for debugging. Its interface is cleaner and less overwhelming for beginners. However, it lacks several features Process Hacker provides: there is no network connections tab (you need TCPView separately), no service management, no memory editor, no DLL injection capability, and no plugin system.

Process Hacker 2.39 has a built-in Network tab showing all TCP/UDP connections mapped to processes, a full Services tab for starting, stopping, and modifying services, a memory editor for reading and writing process memory, over a dozen process termination methods (versus Process Explorer’s single kill button), and an extensible plugin architecture. It is also open-source, meaning you can audit exactly what it does.

• Process Explorer wins at: ease of use, Microsoft integration, .NET debugging, single-file portability, no false positives from antivirus
• Process Hacker wins at: network monitoring, service management, process termination methods, memory editing, DLL inspection, plugin support, open-source transparency
• Many professionals keep both installed and use whichever fits the task

Pro tip: You do not have to pick one. Install both. Use Process Explorer for quick process checks and .NET debugging. Switch to Process Hacker when you need to investigate network connections, kill a stubborn process, or analyze suspicious DLLs.

See everything Process Hacker can do in our features section.

Process Hacker shows far more detail than Windows Task Manager and gives you control that Task Manager simply does not offer. Task Manager is designed for casual users; Process Hacker is built for professionals who need to understand exactly what is happening on a system.

Windows Task Manager (even the improved Windows 11 version) shows basic information: process name, CPU percentage, memory usage, disk and network totals. You can end tasks, check startup programs, and view performance graphs. That covers about 5% of what Process Hacker exposes. Process Hacker adds: a hierarchical process tree showing parent-child relationships, per-thread CPU and I/O statistics, loaded DLLs and their paths, open handles (files, registry keys, mutexes), network connections per process with remote IPs and ports, security tokens and privileges, environment variables, memory maps, GDI handle counts, and real-time per-core CPU graphs.

• Process termination: Task Manager has one “End Task” button. Process Hacker has 12+ methods including tree kill, suspend, and forced termination that bypasses protection
• Network: Task Manager shows total bandwidth. Process Hacker shows each connection with remote IP, port, protocol, and the owning process
• Services: Task Manager has a basic services tab. Process Hacker lets you create, delete, modify, start, stop, and change service types
• Search: Process Hacker can search across all processes for a specific DLL, handle, or string – Task Manager cannot do this at all

Pro tip: You can set Process Hacker as your default Task Manager replacement. Go to Options > Advanced > check “Replace Task Manager.” After that, pressing Ctrl+Shift+Esc or right-clicking the taskbar and selecting “Task Manager” will open Process Hacker instead.

Explore the full feature list in our features section.

Process Hacker is one of the best free tools for spotting malware that traditional antivirus misses. It lets you inspect every running process at a level of detail that reveals suspicious behavior – unsigned executables, hidden DLLs, unusual network connections, and processes running from temporary folders.

Start by looking at the process tree view (the default tab). Process Hacker color-codes processes: system processes in one color, services in another, your own user processes in a third. Anything that does not fit the expected hierarchy is worth investigating. Malware often runs as a child of explorer.exe or svchost.exe in unusual ways. Right-click any suspicious process and select Properties to see its full image path, command line arguments, digital signature status, and loaded modules.

1. Check image paths: legitimate Windows processes run from C:\Windows\System32. If svchost.exe is running from C:\Users\[name]\AppData, that is malware
2. Verify signatures: in the process Properties > Image tab, check “Verified Signer.” Unsigned processes or processes signed by unknown publishers are suspicious
3. Inspect network connections: switch to the Network tab and look for processes making outbound connections to unfamiliar IP addresses, especially on unusual ports
4. Search for packed executables: in the Modules tab of process properties, look for suspiciously small or unnamed DLLs loaded from temp folders
5. Check for injection: if a trusted process like explorer.exe has unusual DLLs loaded or threads running from memory regions outside its main executable, it may have been injected with malware code

Pro tip: Sort the process list by I/O Total Bytes to find processes transferring unusual amounts of data. Cryptominers and data exfiltration tools show up immediately because they generate far more I/O than normal background processes.

See the full list of inspection capabilities in our features section.

Yes, Process Hacker can fully replace Windows Task Manager. Once enabled, every shortcut and system action that normally opens Task Manager will open Process Hacker instead – including Ctrl+Shift+Esc, right-clicking the taskbar, and the Ctrl+Alt+Delete screen.

The replacement works by modifying a registry key that tells Windows which executable to launch when Task Manager is requested. Process Hacker handles this automatically through its settings menu. On Windows 10 and 11, this works reliably with one caveat: some Windows 11 builds have an “End Task” button in the taskbar right-click menu that bypasses the replacement and calls the built-in Task Manager directly. The full Ctrl+Shift+Esc shortcut respects the replacement setting.

1. Open Process Hacker as administrator
2. Go to Options (Hacker menu > Options, or click the gear icon)
3. Navigate to the Advanced tab
4. Check the box labeled “Replace Task Manager”
5. Click OK – no restart needed, the change takes effect immediately
6. Test it by pressing Ctrl+Shift+Esc – Process Hacker should open

To undo the replacement, uncheck the same box. If Process Hacker is uninstalled without unchecking this option, you can fix it by deleting the registry key at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe.

Pro tip: Also enable “Start when I log on” and “Start hidden” in Options so Process Hacker runs silently in the system tray from boot, ready when you need it – just like Task Manager would be.

Find the complete setup walkthrough in our Getting Started guide.