Microsoft released Process Monitor v1.2, a free tool to monitor real-time file system, registry and process/thread activity. There is an "interesting" SearchWinIT article about its new features. I guess the author never saw Process Monitor in his life.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
He stated that Microsoft added "destructive filtering". Well, I hope they didn't because that certainly wouldn't be a constructive contribution to the stability of my computer. However, when I first run it on my desktop I thought for a moment MS really did. Process Monitor hanged and I wasn't able to close the program. Even killing its process didn't help. I, then, tried to reboot my Vista machine. I waited for about 20 minutes, but Vista hanged, too. I had no other choice but to pull the power plug. After I rebooted, Process Monitor still showed the same behavior.
I tried the tool on two other Vista machines, and it worked there without problems. So, it seems like my desktop is just screwed up and MS didn't add "destructive" filtering. The real name of the feature is non-destructive filtering and it's not new because the predecessors of version 1.2 already supported it. It just means that Process Monitor's filters only affect the display of events, but not the event data itself. So it is not really revolutionary.
Process Monitor 1.2 has some new features, though. You can now open log files on a 64 bit machine that were generated on a 32 bit system. Process Monitor has the new switch "/run32" for this purpose which does nothing else than run the 32 bit version of the tool. Well, that's not really exciting either, is it?
There is another new feature that sounds interesting in the SearchWinIT article:
Also included in the latest version is a feature that lets users better see how each process is running during an activity trace by showing a graph for each one.
Unfortunately, Procmon 1.2 doesn't really allow you to "see how each process is running" (whatever that is supposed to mean). It only displays the activity span for each process (see screenshot) in the Process Activity Summary window (formerly called Process Summary). So this feature only gives you some limited information about the process' activity during a certain time span. I suppose, I won't need this feature either. Would you?
I found a third new feature which the SearchWinIT article doesn't mention. In the tools menu, there is new the new point "Activity Summary". I must admit, I don't really understand the purpose of this feature. It is a graphical representation of the overall process activity based on the number of events or the elapsed time. I wasn't able to find something about this in the help file.
Subscribe to 4sysops newsletter!
I will just continue using Process Monitor 1.12. If the author of the article, whose name is SearchWinIT.com staff, didn't just try to repeat what a marketing guy from Microsoft told him/her/it, but wrote a real review about Procmon's new features, I probably wouldn't have downloaded the new version.
Thanks for the heads-up on the new version!
Though it should be old news to everyone, here’s the reminder that regmon and filemon have been integrated within Process Monitor… That was its best move forward IMO. Love the tool.
Leonardo, you’re right it was good move to put Filemon and Regmon together. I also think that Process Monitor is a great tool. Maybe that didn’t come across in my somewhat negative review of the new features.
I have the same problem (Vista hangs) with the version 1.22 of process monitor and I can’t use “filemon” because when I try to start it advise to use “processmon”!
Some ideas?
Luke