Process Monitor (ProcMon)is a Windows tool that shows real-time file system, registry, and process/thread activity. It is available from Microsoft and can be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/procmon.
This tool is very useful for debugging unexpected behavior and we at OSR often ask our customers to provide us with ProcMon logs to aid in analysis of reported issues. However, ProcMon generates an enormous amount of activity if not filtered. In addition, the altitude sometimes needs to be changed to gather information at the appropriate level. Hence, this document.
In this document, we briefly describe the fundamentals of using ProcMon, filtering the activity captured, collecting logs, and changing the altitude at which ProcMon operates. A more in-depth description of how to use ProcMon can be found from the link above and from the ProcMon Help menu.
We also provide details of the setup we typically want from our customers. If you are an experienced ProcMon user, please jump to the section Collecting ProcMon Logs for OSR Analysys to start collecting useful ProcMon logs.