Shows real-time file system, registry and thread activity for Windows PC

Process Monitor

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe
Download Process Monitor 3.96

Process Monitor

  -  3.3 MB  -  Freeware
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.

Its uniquely powerful features will make Microsoft Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

The best way to become familiar with the app's features is to read through the help file and then visit each of its menu items and options on a live system.

Process Monitor includes powerful monitoring and filtering capabilities, including:
  • More data captured for operation input and output parameters
  • Non-destructive filters allow you to set filters without losing data
  • The capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
  • Reliable capture of process details, including image path, command line, user and session ID
  • Configurable and moveable columns for any event property
  • Filters can be set for any data field, including fields not configured as columns
  • Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
  • Process tree tool shows the relationship of all processes referenced in a trace
  • Native log format preserves all data for loading in a different ProcessMonitor instance
  • Process tooltip for easy viewing of process image information
  • Detail tooltip allows convenient access to formatted data that doesn't fit in the column
  • Cancellable search
  • Boot time logging of all operations
FAQ

Q: What is Microsoft Process Monitor?
A: The program is a system monitoring tool that captures detailed information about processes, file system activity, and registry changes in real-time.

Q: Is Process Monitor FREE?
A: Yes, Process Monitor is a FREE tool provided by Microsoft as part of the Sysinternals suite.

Q: Can MS Process Monitor run on all Windows versions?
A: Yes, thee app is compatible with Windows 8.1 and later versions, including Windows 11. Also, Windows Server 2012 and higher.

Q: How can I download and install Process Monitor?
A: You can download the app from the official Microsoft website, the Sysinternals website or FileHorse. It comes as a standalone executable that requires no installation.

Q: What kind of information does Process Monitor capture?
A: It captures information such as process names, file and registry access, thread activity, network activity, and more.

Q: Can I filter the captured events in Process Monitor?
A: Yes, it offers advanced filtering options to help you narrow down the captured events based on specific criteria like process name, event type, time, etc.

Q: How can I save and analyze captured data in Process Monitor?
A: It allows you to save captured data to a log file, which you can later open and analyze within the tool or export to other formats like CSV for further analysis.

Q: Does MS Process Monitor impact system performance?
A: It can consume system resources, especially when capturing a large volume of events. However, you can adjust the capture settings to minimize its impact on performance.

Q: Can Process Monitor monitor remote systems?
A: It primarily focuses on local system monitoring. It does not have built-in remote monitoring capabilities.

PROS

Comprehensive Monitoring: It captures a wide range of system events, including file system activity, registry access, network connections, process and thread activity, and more. This comprehensive monitoring capability allows you to get deep insights into the behavior of processes and troubleshoot various system issues.

Real-time Monitoring: It operates in real-time, providing live monitoring of system activity. It allows you to see events as they happen, which can be incredibly useful for diagnosing and troubleshooting issues that occur during specific operations or at specific times.

Filtering and Searching: The tool offers powerful filtering and searching capabilities, enabling you to focus on specific processes, events, or criteria of interest. You can apply various filters based on process names, event types, process paths, and other attributes to narrow down the monitored data, making it easier to analyze and identify relevant information.

Detailed Information: It provides detailed information about each captured event, including the process name, operation type, result, duration, and more. This level of detail helps in understanding the sequence of events, identifying potential bottlenecks, and pinpointing problematic processes or operations.

Log File Capabilities: The app allows you to save captured events to a log file, which can be valuable for offline analysis or sharing with others. You can also load previously saved log files for review, making it easier to compare different system states or track changes over time.

CONS

Overwhelming Data: The detailed nature of Process Monitor's output can sometimes lead to information overload. The tool captures a vast amount of system events, and analyzing the data can be time-consuming, especially when dealing with complex issues or large log files.

Steep Learning Curve: It offers numerous features and options, which can make it challenging for newcomers to grasp all its capabilities. Understanding the tool's filtering syntax, configuring advanced settings, and effectively interpreting the captured events may require some time and experience.

Resource Consumption: It continuously monitors system activity, and while it generally has a minimal impact on system performance, it still consumes system resources. Running the app for extended periods or capturing events in highly active environments may slightly affect system responsiveness.

  • Process Monitor 3.96 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

What's new in this version:

Process Monitor 3.96
- This update to Process Monitor speeds up the clear events operation, adds a security fix, and several bug fixes


Process Monitor 3.95
- This update to Process Monitor fixes a crash on loading certain PML files and improves boot logging


Process Monitor 3.94
- This update to Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, improves handling of incomplete Procmon Log files (.pml), and restores "Copy All" functionality in the Event Properties window.


Process Monitor 3.93
- Process Monitor, a utility for observing real-time file system, Registry, and process or thread activity, receives fixes for several user interface and log file bugs


Process Monitor 3.92
- This update to Process Monitor, a utility for observing in real time file system, Registry, and process or thread activity, adds a command-line option for setting the filter driver’s altitude


Process Monitor 3.91
- Change log not available for this version


Process Monitor 3.90
- This Process Monitor update improves event list filtering performance


Process Monitor 3.89
- This Process Monitor update fixes a crash related to context menus


Process Monitor 3.88
- This Process Monitor update mitigates a rare program crash condition


Process Monitor 3.87
- This Process Monitor update fixes a series of bugs with filter file loading, ring buffer handling and improves filter dialog navigation, some UI interactions with column headers and the About dialog


Process Monitor 3.86
- WinObj v3.13, Tcpview v4.16 and Process Monitor v3.86 get high DPI application icons


Process Monitor 3.85
- Change log not available for this version


Process Monitor 3.84
- Process Monitor, a utility for observing in real time file system, Registry and process or thread activity, receives a series of UI improvements related to the dark theme and general Windows 10 tweaks.


Process Monitor 3.83
- Fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog


Process Monitor 3.82
- This update to Process Monitor fixes "go to event" from context menu and introduces some UI improvements for the dark theme


Process Monitor 3.81
- Change log not available for this version


Process Monitor 3.80
- Process Monitor is the latest tool to integrate with the new Sysinternals theme engine, giving it dark mode support


Process Monitor 3.70
- This update to Process Monitor allows constraining the number of events based on a requested number minutes and/or size of the events data, so that older events are dropped if necessary. It also fixes a bug where the Drop Filtered Events option wasn’t always respected and contains other minor bug fixes and improvements.


Process Monitor 3.61
- Change log not available for this version


Process Monitor 3.60
- Change log not available for this version


Process Monitor 3.53
- Change log not available for this version


Process Monitor 3.52
- Change log not available for this version


Process Monitor 3.50
- Change log not available for this version


Process Monitor 3.40
- Process Monitor, a file system registry, process and network real-time monitor, now includes a /runtime switch for terminating monitoring after a specified amount of time, when in hexadecimal mode shows process tree process IDs in hexadecimal, and fixes a bug in automated boot log conversion


Process Monitor 3.33
- Procmon v3.33 includes bug fixes for destructive event filtering and is signed with certificate installed in the Win7 trusted roots store


Process Monitor 3.32
- Change log not available for this version

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more.

Subscribe