How to collect logs of Process Monitor (Kaspersky)

0
(0)
To start working with Process Monitordownload and unpack an archive with the application. Make sure that the current user account has administrator privileges.

 

Collecting a system events log

  1. Close all unused applications.
  2. Run Procmon.exe. Logging will start automatically.
  3. Minimize Process Monitor and reproduce the issue.
  4. Maximize Process Monitor and uncheck the option File -> Capture Events. Event logging will stop.

  1. Select the menu item File -> Save.

  1. Select All Events in the Events to save section. Specify the path for the logs to be saved, then click OK.

 

Writing a system events log into a file

  1. Run Procmon.exe and select File -> Capture Events. Logging will stop.

procmon_10935_07

  1. Select File -> Backing Files.
procmon_10935_08
  1. Select Use file named and specify the path to the folder where the logs will be stored with the file name (for example, C:\logs\temp). Click OK.
procmon_10935_09
  1. Click OK.
procmon_10935_10
  1. Restart Process Monitor. Logs will start being written into the file.
  2. To stop logging, select File -> Capture Events.
  3. Close Process Monitor.
 

Collecting a boot log

  1. Run Procmon.exe.
  2. Select Options -> Enable Boot Logging.

  1. Click OK.

  1. Restart the operating system.
  2. Wait until the system starts (it may take up to 15 minutes) and run Procmon.exe again.
  3. Click Yes and save the log file.

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 44 times, 1 visits today)
Tagged: