0
(0)

What Is Process Monitor?

Process Monitor is a free tool from Windows Sysinternals, which is part of the Microsoft TechNet website. The tool monitors and displays in real-time all file system activity on a Microsoft Windows operating system. Process Monitor is useful for troubleshooting issues when we need to identify the files or registry keys an application is accessing.

How to use Process Monitor

Gathering a normal Process Monitor log

  1. Log into Windows using an account with administrative privileges
  2. Download Process Monitor from Microsoft TechNet:

3. Extract the contents of the ProcessMonitor.zip archive to your desktop.

4. Run Procmon.exe

5. Process Monitor will begin logging from the moment it starts running. To stop this, click the Capture icon.

6. Clear all the events that Process Monitor recorded by clicking the Clear icon.

7. When you are ready to recreate the issue or scenario as detailed by Sophos Technical Support, click the Capture icon to begin logging.

8. Click Filter and ensure that Enable Advanced Output is selected.

9. Once you have recreated the issue or scenario, click the Capture icon to stop logging.

10. Click the Save icon. The following dialogue will be displayed. Ensure that you have selected All events and that you save the file in the native .PML file format.

11. Close Process Monitor.

12. Compress and archive (zip) the PML file.

13. Send the .zip archive to Sophos Technical Support.

  • If the file is smaller than your 20MB’s, attach the file to your latest email from Sophos Home support and email us the file
  • If the file is bigger than 20MBs, please create a new ticket via your Sophos Home Dashboard to send them to us, update the subject to include “Logs for {{Your ticket Number}}”].

Gathering a boot Process Monitor log

We may need to troubleshoot an issue that is related to your boot process. If this is required, a Sophos Technical Support agent will explicitly specify that we require boot logging. To enable boot logging, follow the following steps.

1. Download Process Monitor from Microsoft TechNet:

2. Extract the contents of the ProcessMonitor.zip archive to your desktop.

3. Run Procmon.exe

4. Process Monitor will begin logging from the moment it starts running. To stop this, click the Capture icon.

5. Click Options > Enable Boot Logging

6. You will be presented with the following dialogue. Ensure that profiling events are generated every second.

7. Reboot the machine and recreate the issue you are facing or the scenario as detailed by Sophos Technical Support.

8. Once back at the Windows desktop, run Procmon.exe.

9. Upon opening Procmon.exe, you will be presented with the following dialogue.

10. Click Yes and save the log file.

11. Close Process Monitor.

12. Compress and archive (zip) the PML file.

13. Send the .zip archive to Sophos Technical Support.

  • If the file is smaller than your 20MB’s, attach the file to your latest email from Sophos Home support and email us the file
  • If the file is bigger than 20MBs, please create a new ticket via your Sophos Home Dashboard to send them to us, update the subject to include “Logs for {{Your ticket Number}}”].

Source : Official Sophos Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 12 times, 1 visits today)