The capture and un-capture icon are very similar, so it's not easy for us to understand the ProcMon capture status.
I prefer the old version idea that adding a "x" in the icon to compare with capturing status.
I think current capture icon is good, so if we can adding a red "x" in the capture icon as non-capture icon, then it's easy for us to understand capture status.
Thanks.