Process Monitor : The ultimate Windows log file

Process Monitor is a Windows Sysinternals tool that monitors and displays in real-time all file system activity.

process monitor windows sysinternals

The Process Monitor monitors and records all actions attempted against the Microsoft Windows registry. It can be used to detect failed attempts to read and write registry keys.

It also allows filtering on specific ones , processes, process IDs, and values. In addition, it shows how applications use files and DLLs, detects some critical errors in system files, and more.

Process Monitor combines two older tools, FileMon and RegMon and in systems administration, computer forensics and application debugging.

It allows you to log every single incident that happens on your Windows PC. With Process Monitor, you can see which registry keys are being updated by any application. Even if a service or application spawns a new process, changes the file system in some way, or connects to a network.

When you first open Process Monitor, it will greet you with a huge amount of rows and data. In the background, Process Monitor will continue to record any registry, file system, network, process and profile event that may occur. This means that the list of data will grow quickly even if your machine is idle as the services interact with your system.

The key to using Process Monitor effectively is to filter and focus only on the events that interest you.

For example: to quickly filter Microsoft processes, you can go to Options > Select Columns (Options > Select Columns) and include the Company Name. Then, by simply right-clicking on the column, you can use the function Include / Exclude (Include / Exclude) in the context menu to quickly filter these events.

By double- or right-clicking an event and selecting Properties (Properties) will open an additional dialog with lots of information. From this dialog, you will be able to specify the class of the event (eg Filesystem or RegistryQueryKey), the path to the physical operation, and the result.

From here you can dig even deeper by going to the tab Stack (Stack) where you can see the individual DLLs associated with the event.

By default, Process Monitor uses the your computer's memory to store events that are temporary. If you go to File > Backing Files (File > Files s), you can specify a file to which the data will be written and saved.

It is of course free, portable and you can download from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.083 registrants.

monitorto processsysinternalstoolwindows

process, monitor, Sysinternals, Windows, tool

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).