Process Monitor is a utility from the developer Sysintermals, designed to monitor in real time the file system of the computer, registry and operating system processes. Works on 32 and 64-bit Windows operating systems.
The program does not require installation on the hard disk, but must be run with an account that has administrator rights. For correct operation, it installs its own driver, with which it intercepts the monitored data. Inquiries are made to the file system and registry, the activity of processes and the operation of network connections.
Process Monitor features
The utility allows you to implement the following:
- Track the start and end of a process or thread.
- Detect image loading (DLL or driver).
- Install filters to prevent data loss.
- Build a stack of threads to determine the reason for the operation.
- Collect accurate information about the process, consisting of a user ID and session, the path to the image and the command line.
- Set up columns for each event property.
Benefits of Process Monitor
C Process Monitor can:
- Track the relationship between all events in the system thanks to the process tree.
- Set filters on any data type.
- Save data for viewing on another copy of the program.
- Write the event log when booting the OS.
The utility has a simple interface. To simplify use, developers have implemented hints, thanks to which the user will be able to view full information about the process or event. The advanced architecture allows you to track several million recorded events in the system by recording data in a few gigabyte log.
Process Monitor is indispensable for infecting a computer with particularly malicious software that a regular antivirus cannot cope with, and a scrupulous analysis of the activity of programs and services is needed to detect the source of the threat.
