This update to Process Monitor colorizes the activity operation icons - Registry, File System, Network, Process and Thread, and Profiling Events.
Published Jun 20, 2024
Version 1.0
Alex_Mihaiuc
Microsoft
MicrosoftBlog Post
Please add a option to ProcessMonitor to not add captured events to the GUI while capturing (i.e. don't update GUI while capturing).
I am investigating a situation where I must capture file activity events for about 1 hour. That process involves tracking file operations on several million files. Although I configure ProcMon to capture to a file, it still consumes 10's of GB of Working Set populating the GUI with several millions events. Thus, causing other problems on the computer. I have already established maximal capture filters and dropping filtered events.Please an an option to not populate the GUI while capturing events. Just record events to the backing file. Then I can bring the PML file to another computer for analysis.
Thanks
MikeStratoti: Procmon supports command-line options to support scripted operations without the GUI. Have a look at those and see whether they address your needs.
I have a problem with 4.01 that even if I select "drop filtered events" procmon64 still eats 30 mb/s memory even if my filter does not catch anything at all and computer will reboot due to memory starvation.
Memory increase is the same as without "drop filtered events" so my conclusion is that this option simply does not work correctly and all events is still captures but simply not shown.
And it does not matter if I capture to a backing file instead of memory, the memory increase is the same even then (capture restarted of course).
Might be related to windows server 2019 since I can't reproduce it on windows 11.
Found a older 3.96 laying on my computer and that seems to work fine on windows server 2019.
Might not be related to the OS at all but something else unique on that computer, it was just a guess.
I was wrong on 3.96, memory increase was just slightly delayed. I left it running for 20min and when I looked it was using 7gig and rapidly increasing so it is not a new bug/leak. As soon as capture is stopped it dropps to like 50-100MB. My windows 11 has been capturing for hours now and is using 57MB using 4.01. My bet is still on that this is related to the OS windows server 2019.
