Process Explorer (16.32) terminates on Windows 10

bvuHH 41 Reputation points
2020-12-31T14:05:52.973+00:00

On my Windows 10 64bit system (10.0.19041) I'm encountering difficulties runing Sysinsternals ProcessExplorer (16.32). No matter if I run procexp.exe or procexp64.exe both applications are terminating after a few seconds. I can see only the UI shortly which then quits. I'm logged in with a non-administrator account but even if I run procexp64.exe with elevated privileges the symptoms remains. From the sysinternalssuite folder, I've tried so far Autoruns64.exe with runs fine. Appreciate any advice on how to troubleshoot. Thanks Bodo

Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,093 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. mariora 376 Reputation points
    2021-01-02T09:19:54.177+00:00

    Try looking at the WER folder to see if there are reports of crash of the two applications:
    C:\ProgramData\Microsoft\Windows\WER
    or under
    C:\Users\username\AppData\Local\Microsoft\Windows\WER

    Try a clean boot of the OS : https://www.windowscentral.com/how-clean-boot-windows-10

    If it is not an OS policy then the other possible reason os the antivirus or some sort of malaware that it's defending itself from a known threat.

    HTH
    -mario

    1 person found this answer helpful.
    0 comments
  2. mariora 376 Reputation points
    2021-01-01T08:45:55.423+00:00

    Are you running Windows 10 Enterprise and your is a machine domain joined?

    In that case there may be a policy in place like AppLocker that is not permitting the app to start. Or the same may be caused by an Antivirus blocking the app the same way.

    You need to run PE as Administrator because it must load a device driver which will be loaded in memory until the next reboot of the machine. So another possibilities is that you executed an older version of PE and the old driver is still in memory causing a conflict. In this case Reboot the machine to start with a clean situation.

    If ProcMon runs, start ProcMon and take a trace while loading PE. Remember that you need to change the filtering as PE is atomatically filtered out by ProcMon

    52720-capture.jpg

    You have to deselect Procexp64.exe and deselect also System as an antivirus or another service running as system could be the culprit here.

    HTH
    -mario

    0 comments
  3. bvuHH 41 Reputation points
    2021-01-01T17:55:50.48+00:00

    Hi mario,
    Thanks for your reply.

    My Windows system is a Windows 10 Professional 64bit and it's not domain joined.

    I've also tried to run procexp64.exe as administrator but the app always terminates.

    A reboot also did not help.

    The same happens to Procmon.exe it shortly appears after launching it but it seams to be minimized. In Windows taskmanager there are no entries of procmon and procexp.

    Thanks
    Bodo

    0 comments