• Comments (0)
• Report
• Tell a Friend
• Print
• Screenshots

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

Microsoft Process Monitor combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.

Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Features of Microsoft Process Monitor 2.8 :

· Monitoring of process and thread startup and exit, including exit status codes
· Monitoring of image (DLL and kernel-mode device driver) loads
· More data captured for operation input and output parameters
· Non-destructive filters allow you to set filters without losing data
· Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
· Reliable capture of process details, including image path, command line, user and session ID
· Configurable and moveable columns for any event property
· Filters can be set for any data field, including fields not configured as columns
· Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
· Process tree tool shows relationship of all processes referenced in a trace
· Native log format preserves all data for loading in a different Process Monitor instance
· Process tooltip for easy viewing of process image information
· Detail tooltip allows convenient access to formatted data that doesn't fit in the columna
· Cancellable search
· Boot time logging of all operations

What's New in Microsoft Process Monitor 2 :

· Displays new Windows 7 CreateFile options, includes file-delete operations in the Category filter’s Write subcategory, and displays names for more IOCTLs and result codes.
· Adds the ability to import and export configuration settings, shows an icon in the operations column depicting the event class of the operation, and fixes a symbol configuration bug on Windows XP.