This "System" is one of the critical processes to be aware of on Windows systems. Many times, malicious processes will have the same or similar names as legitimate processes, so it's important that we are able to differentiate between what's legit and what's not legit.
- Uses PID 4
- Similarly to "System Idle Process" this is not actually a true process as it is not tied to any user mode application, i.e. there is no "System.exe"
- Runs only in Kernel mode
does this matter? Still Easy! If you see any process on your system running
as "System" which is pointed to a specific executable, that
should be a clear sign that your system is more than likely infected
with malware or is being used for some other malicious activity.