Home
%3CLINGO-SUB%20id%3D%22lingo-sub-348401%22%20slang%3D%22en-US%22%3EBasic%20Steps%20for%20Making%20a%20Process%20Monitor%20(ProcMon)%20Capture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-348401%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EProcMon%20is%20an%20indispensable%20tool%20that%20zillions%20of%20people%20have%20used.%20Here%20are%20some%20easy%20steps%20for%20starting%2C%20stopping%2C%20and%20saving%20a%20Procmon%20capture.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EDownload%20ProcMon%20from%20%3CA%20style%3D%22background-color%3A%20transparent%3B%20box-sizing%3A%20border-box%3B%20color%3A%20%23337ab7%3B%20text-decoration%3A%20none%3B%22%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fsysinternals%2Fbb896645.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fsysinternals%2Fbb896645.aspx%3C%2FA%3E.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EUnzip%20ProcessMonitor.zip%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3ECopy%20ProcMon.exe%20to%20the%20server%20or%20workstation%20that%20you're%20performing%20troubleshooting%20on%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3ELaunch%20Procmon%20by%20double-clicking%20Procmon.exe%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EWhen%20you%20see%20the%20option%20to%20set%20filters%2C%20generally%20you%20don't%20need%20to.%20You%20can%20always%20filter%20the%20results%20after%20the%20capture%20is%20complete.%20Just%20click%20OK%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F8168.060614_1550_BasicStepsf1.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EStop%20the%20capture%20by%20clicking%20the%20icon%20of%20the%20magnifying%20glass%2C%20as%20seen%20below.%20(By%20default%20the%20capture%20begins%20immediately%20when%20Procmon.exe%20is%20launched.)%20Alternatively%2C%20you%20can%20use%20the%20keyboard%20and%20press%20CTRL%2BE.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F4861.060614_1550_BasicStepsf2.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%2036pt%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EWhen%20the%20capture%20is%20stopped%2C%20a%20red%20slash%20mark%20should%20appear%20across%20the%20icon%20of%20the%20magnifying%20glass.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F8664.060614_1550_BasicStepsf3.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EIf%20you%20really%20want%20to%20set%20some%20filters%20such%20that%20less%20data%20is%20captured%2C%20now%20is%20arguably%20the%20best%20time%20in%20my%20opinion.%20When%20in%20doubt%2C%20don't%20add%20any%20filters.%20But%20if%20there%20are%20some%20processes%20that%20you%20are%20certain%20that%20you%20can%20exclude%20from%20the%20capture%2C%20it's%20easy%20to%20do.%20For%20example%2C%20if%20you%20wanted%20to%20exclude%20Skype.exe%20because%20you%20see%20it%20in%20the%20capture%20and%20know%20it's%20irrelevant%2C%20just%20right-click%20Skype.exe%20and%20select%20%22Exclude%20Skype.exe%22%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F5047.060614_1550_BasicStepsf4.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EClear%20the%20events%20from%20the%20capture%20by%20clicking%20the%20icon%20that%20resembles%20an%20eraser%20on%20paper.%20(Or%20by%20clicking%20Ctrl%2BX.)%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F2816.060614_1550_BasicStepsf5.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3Eb%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EBegin%20to%20take%20the%20steps%20necessary%20to%20reproduce%20the%20problem.%20But%20when%20you%20have%20one%20step%20that%20remains%E2%80%94when%20you%20are%20one%20mouse-click%20away%20from%20reproducing%20the%20problem%E2%80%94hesitate%20long%20enough%20to.%20.%20.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20margin-bottom%3A%2010px%3B%20margin-top%3A%200px%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EStart%20the%20process%20monitor%20capture%20by%20clicking%20the%20icon%20of%20the%20magnifying%20glass.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EPerform%20your%20one%20last%20mouse%20click%20to%20reproduce%20the%20problem%2C%20wait%20for%20the%20problem%20to%20be%20fully%20reproduced%2C%20and%20then%20quickly.%20.%20.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EClick%20the%20icon%20of%20the%20magnifying%20glass%20again%20to%20stop%20the%20Procmon%20capture.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CDIV%20style%3D%22box-sizing%3A%20border-box%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EFrom%20the%20file%20menu%2C%20save%20the%20capture%20with%20a%20unique%20name%20and%20with%20the%20.pml%20format.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EOne%20of%20the%20most%20basic%2C%20common%2C%20and%20first%20things%20I%20usually%20do%20is%20to%20set%20a%20filter%20%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%22%3Eon%20the%20procmon%20results%3C%2FEM%3E%20that%20searches%20the%20results%20column%20for%20%22Access%20Denied.%22%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EStart%20by%20clicking%20the%20icon%20(or%20CTRL%2BL)%20that%20looks%20a%20bit%20like%20a%20coffee%20filter%20or%20snow%20cone%20as%20seen%20below.%20.%20.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F4382.060614_1550_BasicStepsf6.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3EToggle%20the%20first%20two%20options%20to%20RESULT%20%2B%20CONTAINS.%20Type%20in%20the%20word%20DENIED%20into%20the%20blank%20field.%20Click%20ADD%20and%20click%20APPLY.%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20center%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CIMG%20style%3D%22border-image-outset%3A%200%3B%20border-image-repeat%3A%20stretch%3B%20border-image-slice%3A%20100%25%3B%20border-image-source%3A%20none%3B%20border-image-width%3A%201%3B%20box-sizing%3A%20border-box%3B%20height%3A%20auto%3B%20max-width%3A%20100%25%3B%20vertical-align%3A%20middle%3B%20border%3A%200px%20none%20currentColor%3B%22%20alt%3D%22%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Blogs.Components.WeblogFiles%2F00%2F00%2F00%2F94%2F81%2Fmetablogapi%2F1665.060614_1550_BasicStepsf7.png%22%20border%3D%220%22%20%2F%3E%3CSPAN%20style%3D%22box-sizing%3A%20border-box%3B%20font-size%3A%2012pt%3B%22%3E%3CBR%20style%3D%22box-sizing%3A%20border-box%3B%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoe%20ui%26amp%3Bquot%3B%2Ctahoma%2Carial%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Csans-serif%3B%20font-size%3A%2014px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20400%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%20margin%3A%200px%200px%2010px%200px%3B%22%3E%3CSTRONG%3EAuthor%3A%20Christopher%20T.%20Haun%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-380475%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Steps%20for%20Making%20a%20Process%20Monitor%20(ProcMon)%20Capture%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-380475%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F201697%22%20target%3D%22_blank%22%3E%40Jawahar%20Ganesh%20S%3C%2FA%3Ethank%20you%20for%20sharing.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E

ProcMon is an indispensable tool that zillions of people have used. Here are some easy steps for starting, stopping, and saving a Procmon capture.

 

  1.  

  2. Unzip ProcessMonitor.zip

     

     

  3. Copy ProcMon.exe to the server or workstation that you're performing troubleshooting on

     

  4. Launch Procmon by double-clicking Procmon.exe

     

     

  5. When you see the option to set filters, generally you don't need to. You can always filter the results after the capture is complete. Just click OK

 


 

  1. Stop the capture by clicking the icon of the magnifying glass, as seen below. (By default the capture begins immediately when Procmon.exe is launched.) Alternatively, you can use the keyboard and press CTRL+E.

     


When the capture is stopped, a red slash mark should appear across the icon of the magnifying glass.


 

 

  1. If you really want to set some filters such that less data is captured, now is arguably the best time in my opinion. When in doubt, don't add any filters. But if there are some processes that you are certain that you can exclude from the capture, it's easy to do. For example, if you wanted to exclude Skype.exe because you see it in the capture and know it's irrelevant, just right-click Skype.exe and select "Exclude Skype.exe"

 


 

  1. Clear the events from the capture by clicking the icon that resembles an eraser on paper. (Or by clicking Ctrl+X.)

b

 

  1. Begin to take the steps necessary to reproduce the problem. But when you have one step that remains—when you are one mouse-click away from reproducing the problem—hesitate long enough to. . .

 

  1. Start the process monitor capture by clicking the icon of the magnifying glass.

     

  2. Perform your one last mouse click to reproduce the problem, wait for the problem to be fully reproduced, and then quickly. . .

     

  3. Click the icon of the magnifying glass again to stop the Procmon capture.

     

  4. From the file menu, save the capture with a unique name and with the .pml format.

     

One of the most basic, common, and first things I usually do is to set a filter on the procmon results that searches the results column for "Access Denied."

Start by clicking the icon (or CTRL+L) that looks a bit like a coffee filter or snow cone as seen below. . .

 


 

Toggle the first two options to RESULT + CONTAINS. Type in the word DENIED into the blank field. Click ADD and click APPLY.

 


Author: Christopher T. Haun

1 Comment
Regular Visitor

@Jawahar Ganesh Sthank you for sharing.