Windows Task Manager

Microsoft

Built-in Windows tool for live process, performance and service inspection.

Endpoint Analysis Built-in OS GUI Practiced in lab Windows

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

The Windows Task Manager (taskmgr.exe) is the first-line live inspection tool that ships with every Windows install. While Process Explorer is more powerful, Task Manager is always available — including in restricted user sessions where Sysinternals tools are not.

Key tabs:

Processes — CPU/memory/disk/network per process.
Performance — overall resource graphs.
App history — per-user metered usage (UWP apps).
Startup — quick equivalent to Autoruns' "Logon" tab.
Services — start/stop and link to the Services console.

Use cases

First-look triage when remoting onto a user host
Killing a stuck malicious process during containment