question

empleat-6716 avatar image
0 Votes"
empleat-6716 asked empleat-6716 answered

Process Monitor - how to capture process creation/termination?

81210-procmon.png
I have enabled show "process and thread activity" pressed "Ctrl+L" and added "Operation" "contains" "Process" "Include". In File -> Capture Events is enabled. Yet no process creation, or termination is logged!!! Why it doesn't work? I was able to google only 1 article, in which it said: the way to do it is this and yet it doesn't work... Tried launch as admin, doesn't work also!


windows-sysinternals-procmon
procmon.png (10.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Castorix31 avatar image
0 Votes"
Castorix31 answered

This test with Notepad works for me (version 3.60) =>

81227-procmon-notepad.jpg




procmon-notepad.jpg (361.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

empleat-6716 avatar image
0 Votes"
empleat-6716 answered Castorix31 commented

Yeah but I didn't say notepad, I want to monitor every process creation. I just downloaded it from MS, it says version 3.61. Also tried 32 bit version - didn't work.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Notepad was just a test to avoid all processes.
With Operation is :
Process Create
Process Start
Process Exit

,I get all processes =>

81623-procmon36-all.jpg



0 Votes 0 ·
procmon36-all.jpg (300.4 KiB)
empleat-6716 avatar image
0 Votes"
empleat-6716 answered empleat-6716 edited

LOL I still get nothing! Everything is bugged for me. Doing that literally same as you and nothing! LOL wat, you 2nd answer just disappeared! 81939-procmon-bug.png



**EDIT:**Today tried again and now it works, maybe I needed to enter all 3 entries, but it does not make sense that all 3 would be needed. It happens to me in other programs too. First 2 times I launch them it doesn't work and trird times something works. Everything is so bugged... Dude so bugged. Your answer from -3 days showed when I opened browser and after I edited my post I wanted to select your answer as solution, now it is missing again... And it is not addons! I disable them and still... On other MS forums when I click to write text - nothing happens and text already written flashes LOL... SO BUGGED SO STUPID...

THANKS FOR HELP BTW!


procmon-bug.png (21.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

empleat-6716 avatar image
0 Votes"
empleat-6716 answered empleat-6716 edited

Again it doesn't work, this time I Am trying to monitor changes done by programs in a folder. Using Path contains {path} and again nothing is showing... It is pretty simple, I don't know why it doesn't work. And no idea why it started to work all of the sudden previously. Show filesystem activity is enabled, as well capture. I tried to restart program 2 times, or launch as admin, didn't help!

EDIT: I did it same as in some video and it worked for him. It doesn't work for me - similarly like before! No idea why!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StevenWhiting-6958 avatar image
0 Votes"
StevenWhiting-6958 answered StevenWhiting-6958 edited

Have you clicked reset on your filter then tried again? I've had it at times where I've forgotten to reset the filter and its trying to look for an app that is no longer running.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

empleat-6716 avatar image
0 Votes"
empleat-6716 answered

LOL this actually helped, I tried to look for generally process creation, or activity in a folder. I wish this program had at least short tutorial, you have to buy book... It has some but there is not everything. Google found barely 1 site about what I was trying to do, yet it didn't work... LOL and now when I write text freezes and there is delay to appear. I have problem on all microsoft forums, but nowhere else. LOL so bugged. I Am not trying to complain, but this is ridiculous like 50 different things just happened, each time different bug LOL!

Thanks for help this works.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.