![]() This is a summary of all the network-related events that have been captured. Fortunately, the dialog is resizable, so click and hold on the right border and drag it to the right to make the dialog wider to expose the “Path” column: Unfortunately, the default width of this dialog actually hides some interesting columns. On the Tools menu, click on Network Summary… Instead, Procmon also includes some summary analysis tools that make what we’ll do next fairly easy. This interface really is quite complex, because it assumes you know a little bit about how Windows works internally. Analyze Process Monitor resultsĪs I mentioned, Procmon includes a fairly powerful filtering interface which is on the Filter menu. Procmon discards its data when you exit, so there’s no problem at all running it multiple times experimenting with the timing or duration. ![]() In general, I start it when I know or suspect that a problem is happening, (like your unknown internet usage), and let Procmon collect until the problem has indeed happened and occurred long enough to have generated meaningful data.ĭepending on the problem you’re experiencing, this might take some experimentation. The simple rule of thumb is to collect data while the problem you’re experiencing is happening. That’s difficult to say just how much data should be collected by Process Monitor in order to be useful, because it really depends on the specific situation that you’re attempting to diagnose. When you’ve collected enough, type CTRL+E or click on the magnifying glass in the Procmon toolbar to stop data collection. Process Monitor actually includes some pre-set filters that prevent displaying events that aren’t typically helpful, such as all the events generated by procmon.exe itself. Note that it’s only showing a subset of the collected events. The numbers in the status bar at the bottom will continue to increase as Procmon counts the number of events being collected. In order for Procmon to monitor the things that it needs to, it must have full administrative access.Īs soon as Procmon begins to run, it starts collecting events: This should only happen once.Įach time you run Process Monitor, you’ll most likely get the User Account Control dialog: The first time you run it, you’ll need to agree to some license terms. Run Process Monitor by double-clicking on procmon.exe in whatever folder you placed it. Fortunately, it also has very powerful tools to make sense of it all.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |