Process Monitor
Process Monitor v3.01
Process Monitor Publisher’s Description
Process Monitor is a professional monitoring application for Windows that displays real-time file system, Windows registry and process/thread activity. Process Monitor combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
The same as Process Explorer, Free Process Monitor gives a tree-structured display screen that charts the relationships between processes and the processes that launched them. Where Process Explorer mainly displays processes actively working in memory, the tree in Process Monitor shows all operations that were active when you were logging activities. You can view when every process initiated and stopped or click a button to choose the log event representing the process’s launch.
A process task summary window displays various metrics for each process that was active during the logging period. Some, like file events, Registry events, and CPU usage appear in the form of a usage graph. Others display numeric values for each process, like the number of network events or largest memory usage. Double-clicking a process brings up a window with a bigger version of all the graphed metrics.
Other windows summarize file, Registry and network activities during the logging period. If you’re looking for anomalies in Registry access, for example, it’s a lot easier to scan the summary than to scroll through the entire log. When you find an anomaly or other item of interest, clicking a button filters the log to focus on that item.
Overview of Process Monitor Capabilities
Process Monitor includes powerful monitoring and filtering capabilities, including:
- More data captured for operation input and output parameters
- Non-destructive filters enable you to set filters with no losing data
- Capture of thread stacks for each operation make it possible in lots of cases to identify the root cause of an operation
- Reliable capture of process details, including image path, command line, user and session ID
- Configurable and moveable Process Monitor columns for any event property
- Filters can be set for any data field, including fields not configured as columns
- Process Monitor advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
- Process tree tool shows relationship of all processes referenced in a trace
- Native log format preserves all data for loading in a different Process Monitor instance
- Process tooltip for easy viewing of process image information
- Process Monitor detail tooltip allows convenient access to formatted data that doesn’t fit in the column
- Process Monitor cancellable search
- Boot time logging of all operations
The best way to become familiar with Process Monitor’s features is to read through the help file and then visit each of its menu items and options on a live system.
What´s New in Process Monitor version 3.01:
This update to Process Monitor, a real-time file, registry, process and network monitor, adds decoding of several new Windows 8 file system control codes, including offload read and write, and now Process Monitor obtains image version information for 32-bit DLLs when run on 64-bit Windows.
Process Monitor Runs on:
Client: Windows XP SP2 and higher.
Server: Windows Server 2003 SP1 and higher.
Downloads : Process Monitor v3.01
