Process Monitor is a utility from Sysintermals designed for real-time monitoring of the computer file system, registry and operating system processes. It works on 32- and 64-bit Windows operating systems.
The program does not require installation on the hard disk, but must be run from an account with administrator privileges. To work correctly it installs its own driver that intercepts the tracked data. It monitors file and registry queries, process activity, and network connections.
Process Monitor features
The utility allows you to do the following:
- Monitor the start and end of a process or thread.
- Detect image loading (DLL or driver).
- Set filters to prevent data loss.
- Collect a stack of threads to determine the reason for an operation.
- Collect valid process information consisting of user and session ID, image path and command line.
- Configure columns for each event property.
Benefits of Process Monitor
With Process Monitor you can:
- Track the correlation between all events in the system thanks to the process tree.
- Set filters on any type of data.
- Save the data for viewing it on another instance of the program.
- Create an event log on OS startup.
The utility has a simple interface. For ease of use, the developers have implemented tooltips that allow the user to view full information about the process or event. Its enhanced architecture allows the tracking of several million registered events in the system, recording data into a log of several gigabytes in size.
Process Monitor is indispensable when your computer gets infected with particularly malicious software that conventional anti-virus solutions fail to cope with, and the source of the threat requires scrupulous analysis of program and service activity.
