Processes Monitor 1 1

  1. Pc Processes Monitor
  2. Processes Monitor 1 1/4 Engine

Prepare “Process Monitor” for logging
1. Login using an account with administrative privilege (for example “Administrator”)

2. Create a folder in system drive (default C: ) named “monitor”

3. Download the software using the following link: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

4. Extract the archive to the folder C:monitor created in step 2.


5. Double Click on the file “Procmon.exe”

You can sort processes by clicking any of the column headings under Processes. Resource Monitor will also show which processes are associated with disk activity and allow you to terminate them. When you run the Process Monitor in Microsoft Dynamics GP 10.0, you cannot stop the current process. Note To start the Process Monitor, click Process Monitor on the Microsoft Dynamics GP menu. This problem occurs when a process is stuck in the SY01300 (Process Monitor Information) table.

6. Click on the “Capture” icon to stop the capture process.

7. The Capture icon will now have a red X over it, meaning that the program is no longer capturing events.

8. Now go into the “File” menu ( first from left in the program window)

9. Select “Backing Files” (Shortcut CTRL-B) scrolling down on the menu and click with the left mouse button, or if you use a keyboard scroll down with arrows and press enter

10. This will open the “Process Monitor Backing Files” window.

11. Now click on the radial button near “Use file named:” to enable the named field

12. Insert in the name field the desired destination folder (here we will use the folder 'C:monitor' that we initially extracted the ProcessMonitor.zip to) and target file name e.g. “C:monitortempfile.pml”


13. Now click on the OK button to confirm



14. This will bring up the confirmation dialog box shown below:


15. Select the “OK” button to continue.



16. As soon as “OK” is selected you will be returned to the main window.

17. Close the program.

18. Double Click on the file “Procmon.exe”.

19. Click on the “Capture” icon to stop the capture process.

20. The Capture icon will now have a red X over it, meaning that the program is no longer capturing events.

21. Now go into the “File” menu ( first from left in the program window)

22. Select “Backing Files” (Shortcut CTRL-B) scrolling down on the menu and click with left mouse button, or if you use a keyboard scroll down with arrows and press enter


23. Now appears a new windows with title “Process Monitor Backing Files”

Pc Processes Monitor

24. Verify that ProcMon is using the previously configured named file.

25. Select the “Cancel” button to close the window.

Processes Monitor 1 1/4 Engine


26. Now the program is ready for analysis.


Use “Process Monitor” for “Boot Logging”

1. Login using an account with administrative privilege (Administrator is recommended)

2. Navigate to the folder that ProcessMonitor.zip was extracted to (e.g. C:monitor)

3. Double Click on the file “Procmon.exe”


4. Click on the “Capture” icon to stop the capture process.

5. The Capture icon will now have a red X over it, meaning that the program is no longer capturing events.

6. Now go into the “Options” menu and select “Enable Boot Logging”


7. The following dialog box will open.


8. “Process monitor” is configured to log activity during the next boot. Select the “OK” button to close the program.

9. Reboot the system

10. Login with the previously chosen account (e.g. Administrator)

11. Allow the system to fully load windows and any associated startup programs. ( Generally, this will take from 5-15 minutes)

Processes

12. Navigate to the folder that contains Procmon.exe (e.g. C:monitor)

13. Double Click on the file “Procmon.exe”


14. This will open the following dialog box.


15. Click “Yes” to save the collected data.

16. This will open the Save As dialog box.


17. Insert in the “File name” field the desired name for the output (e.g. bootlog001.pml) and select the 'Save' button.

18. As soon as you select the 'Save' button a progress bar appears reporting boot-time event conversion.


19. Following the boot-time event data conversion, the process will apply the Event Filter.

20. Following the Event Filter application, ProcMon will return to the default console. Note that the capture icon shows as disabled.


21. The previously defined folder will now contain the following file “C:monitorbootlog001.pml”

Technical Information
By default, Procmon will not collect certain Auto-Protect events. For instructions on how to do so, please see Document ID TECH98079, 'How to Configure Sysinternals' Process Monitor to Record Symantec's Auto-Protect Events' (link - )

-->

By Mark Russinovich

Published: January 11, 2021

Processes

Download Process Monitor(2 MB)
Run now from Sysinternals Live.

Introduction

Process Monitor is an advanced monitoring tool for Windows that showsreal-time file system, Registry and process/thread activity. It combinesthe features of two legacy Sysinternals utilities, Filemon andRegmon, and adds an extensive list of enhancements including rich andnon-destructive filtering, comprehensive event properties such as sessionIDs and user names, reliable process information, full thread stackswith integrated symbol support for each operation, simultaneous loggingto a file, and much more. Its uniquely powerful features will makeProcess Monitor a core utility in your system troubleshooting andmalware hunting toolkit.

Overview of Process Monitor Capabilities

Process Monitor includes powerful monitoring and filtering capabilities,including:

  • More data captured for operation input and output parameters
  • Non-destructive filters allow you to set filters without losing data
  • Capture of thread stacks for each operation make it possible in manycases to identify the root cause of an operation
  • Reliable capture of process details, including image path, commandline, user and session ID
  • Configurable and moveable columns for any event property
  • Filters can be set for any data field, including fields notconfigured as columns
  • Advanced logging architecture scales to tens of millions of capturedevents and gigabytes of log data
  • Process tree tool shows relationship of all processes referenced ina trace
  • Native log format preserves all data for loading in a differentProcess Monitor instance
  • Process tooltip for easy viewing of process image information
  • Detail tooltip allows convenient access to formatted data thatdoesn't fit in the column
  • Cancellable search
  • Boot time logging of all operations

The best way to become familiar with Process Monitor's features is toread through the help file and then visit each of its menu items andoptions on a live system.

Screenshots

Related Links

  • Windows Internals Book
    Theofficial updates and errata page for the definitive book on Windowsinternals, by Mark Russinovich and David Solomon.
  • Windows Sysinternals Administrator's Reference
    Theofficial guide to the Sysinternals utilities by Mark Russinovich andAaron Margosis, including descriptions of all the tools, theirfeatures, how to use them for troubleshooting, and examplereal-world cases of their use.

Download

Download Process Monitor(2 MB)

Run now from Sysinternals Live.

Runs on:

  • Client: Windows Vista and higher.
  • Server: Windows Server 2008 and higher.