Tag : Procmon

Run the Sysinternals Process Monitor (procmon) utility for a specified amount of time for a selected process and see which files are most frequently accessed. If a path to an existing procmon executable is not given, it will be downloaded securely from the live.sysinternals.com site.
Arguments:
Monitor Period - the time in seconds to run the monitoring for. Monitoring for more than 60 seconds is not recommended as this can potentially impact system performance and disk space.
Backing file - if not specified this will be in the windowstemp folder on the system drive which on Citrix PVS booted systems can cause performance issues so specifying a file on a persistent local drive can help alleviate this potential issue.
Procmon Location - the location of an existing copy of procmon.exe. If not specified and internet connectivity is available, it will be downloaded.

Starts procmon with retention of all events. Use with caution!

Traces the activity of the selected process ID

Starts process monitor filtering on all activity in the users session