4sysops - FREE: Process Monitor - view file system, registry, and network activity

This well-known Microsoft tool was already in the 4sysops free admin tool list, but I decided to add a new entry because a new version is now available. The old post was also about Process Explorer, which I reviewed two years ago. I transferred your votes to these articles.

I guess that Process Monitor is in the tool box of many admins, because it is one of the most important troubleshooting tools. The old version, 1.37, allowed you to monitor file system and registry activity. The most important new feature of version 2.0 is that you can now also monitor the network activity of processes.

When you launch Process Monitor the first time, you will be overwhelmed by all the system activity. If you wonder, sometimes, why your computer is slow, you will get a better understanding after you see how many tasks a modern operating system has to perform, simultaneously.

To track down the cause of a malfunctioning program, it is essential that you utilize the powerful filter. If you already know the program that is causing the problem, you can restrict Process Monitor’s output to this program name. If the problem is a bit more complex, I usually enable the autoscroll feature and watch all system activity until something suspicious attracts my attention. Then, I limit the output with the filter by looking for common characteristics of the processes that interest me.

Another way to reduce the output is to let Process Monitor only display registry, file system, network, process and thread, or profiling events. You can use the icons on the right side of the toolbar for this purpose.

If you limit the output to network activity, you can try one of the new features of version 2.0. Process Monitor certainly can’t replace a network sniffing tool, but its filter can also be very useful for network-related troubleshooting. Enabling the Process and Thread option will track the creation and exit of processes and threats. Profiling scans all active threads and generates statistical data, such as the user time and the kernel time of the process.