Blog Post

Sysinternals Blog
1 MIN READ

Process Monitor v4.01

Alex_Mihaiuc's avatar
Alex_Mihaiuc
Icon for Microsoft rankMicrosoft
Jun 20, 2024
Process Monitor v4.01 This update to Process Monitor colorizes the activity operation icons - Registry, File System, Network, Process and Thread, and Profiling Events.  
Published Jun 20, 2024
Version 1.0
MikeStratoti's avatar
MikeStratoti
Copper Contributor
Nov 12, 2024

Please add a option to ProcessMonitor to not add captured events to the GUI while capturing (i.e. don't update GUI while capturing).
I am investigating a situation where I must capture file activity events for about 1 hour.  That process involves tracking file operations on several million files.  Although I configure ProcMon to capture to a file, it still consumes 10's of GB of Working Set populating the GUI with several millions events.  Thus, causing other problems on the computer. I have already established maximal capture filters and dropping filtered events.

Please an an option to not populate the GUI while capturing events.    Just record events to the backing file.  Then I can bring the PML file to another computer for analysis.

Thanks

AaronMargosis_Tanium's avatar
AaronMargosis_Tanium
Iron Contributor
Nov 12, 2024

MikeStratoti: Procmon supports command-line options to support scripted operations without the GUI. Have a look at those and see whether they address your needs.