Helping people with computers... one answer at a time.

There are several tools that can help you analyze the data coming into your computer and control the activity.

Sometimes when I'm connected to the web, some process starts downloading megabytes of data and I can never find out who is the culprit. I have Mike Linn's 'StartUpMonitor' installed so that when programs try to barge their way in and load at start up, StartUp Monitor informs me and 99.9% of the time I can put a stop to that nonsense.

So my question is: Is there some software or hardware that I can install that will inform me in real-time when a connection to the web is being requested and also when something starts downloading by its own volition? And preferably that has a kill button that I can use to prevent these actions? I've looked in Task Manager to try and spot what's connecting to the web unasked and also to see what's downloading Megs unasked, and I've been none the wiser. I've tried netstat , ipconfig , process monitor ,TDIMon and various others but unfortunately, some of them are beyond my capabilities. I realize that this is a serious limitation that may be a terminal drawback. I have Windows XP, Home Edition.

In this excerpt from Answercast #41, I look at ways to analyze what programs are downloading data to your computer so you can gain control of the process.

Monitoring downloads

The tools that you listed: a lot of them aren't going to be useful for what you're trying to do here.

The tool that I want you to use (even though it's one you've listed as being beyond your capabilities) is called Process Monitor. In order to make it a little bit simpler, I want to point you at an article on my site:

Basically, that will walk you through setting up Process Monitor, turning it on and then running a fairly simplified analysis program that it includes:

  • On the Tools menu, there's a very nice Summary option that will show you who's been downloading lots and lots of data.

It doesn't have the features that you're looking for in terms of real time. In other words, you have to notice that something is happening and then fire up Process Monitor to see who's doing it. It's not the kind of a thing that will alert you in real time that something is going on.

  • You're still going to have to pay attention to that yourself.

Stopping downloads

It also will allow you to kill, I believe, the process that's causing the problem. But even if it doesn't, you can certainly then use Task Manager or Process Explorer (a different program) to actually kill the program.

Process Monitor will do a good job of identifying the program that is making heavy use of the internet and then:

  • Given the name;

  • Or the executable of that program;

  • Even the process ID number of that program;

  • You can then go over to Task Manager or Process Explorer and kill it.

So, that's the approach that I strongly recommend. It's unfortunate that you're not using Windows 7. There's actually a performance monitor tool built into Windows 7 that would also be useful in a case like this.

But for now, Process Monitor I strongly believe, is the way to go.

Next from Answercast 41 – How do I make my C: drive 'not dirty'?

Article C5661 - August 5, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

August 6, 2012 7:58 AM

I remeber hearing about Microsoft channeling it's updates for certain things "under the radar" so to speak, to prevent malicious programs from using interfaces that looked 'legitimate' in order to trick users into accepting them. (that's the official line, my thoughts are elswhere and off-topic).
These un-accounted for and otherwise 'invisible' downloads could be just that - Microsoft initiated updates that simply don't inform the user.
I sympathize with the OP, because i too monitor my download activity with almost paranoid precision because my usage is limited and exceeding the limit is costly.

James G
August 7, 2012 9:21 AM

This one is really not that hard to solve. Get a 3rd party firewall, set it up to interactively monitor incoming and outgoing connections, and everytime a program attempts to "phone home," you will be notified and you can either allow it or deny it. I personally use Eset Smart Security and it does a great job of alerting me before any program attempts to 'connect' to the internet. This is the major reason why I do not recommend to a proactive concerned computer user to use only Windows Firewall, as Windows Firewall only protects against incoming connections. I am aware that Leo recommends Windows Firewall, and it is enough for someone who does not care much about programs phoning home, but for someone like the person who asks this question, I always recommend to download a third party firewall and configure it for interactive use.

August 8, 2012 8:45 AM

James G has a point.
I have found ZoneAlarm's firewall to be VERY good at 'getting in the way' of a lot of things, so this should flag who or what is doing it fairly quickly.
(on another note, ZoneAlarm is SO good at getting in the way, I cannot now uninstall it. I just have to kill it every time :/ )

August 9, 2012 10:00 AM

Another thing that will download updates regularly is antivirus software.

Depending on your system, you may be able to remove the program in 'safe mode'. If not, you can download a Linux live disk, and remove it that way.

Again, (sometimes Leo mentions this) backup first.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.