How to Enable Process Monitor at Boot

Summary:

The article provides a step-by-step guide on how to set up and use Microsoft Sysinternals Process Monitor (Procmon) to log system processes at boot time in Windows. Here are the main steps: 1. Log into the computer using an account with administrative privileges. 2. Locate the folder where Procmon was extracted. 3. Open Procmon.exe from the extracted files. 4. Go to the "Options" menu and select "Enable Boot Logging." 5. In the dialog box, click on "Generate thread Profiling events" and choose "Every 100 milliseconds." Confirm with "OK." 6. Reboot the computer. 7. Log in again using the same account. 8. Wait for Windows to fully load. 9. Navigate back to the folder where Procmon was extracted. 10. Double-click on Procmon.exe to open it. 11. A dialog box will appear; click "Yes" to proceed. 12. This will show a Save As dialog box, where you can name your log file (e.g., bootlog.pml). Click the "Save" button. 13. A progress bar indicates the conversion of boot-time events into a usable format as soon as you click "Save." 14. After the data conversion is complete and Event Filtering is applied, ProcMon will return to its default console view with the capture icon still disabled. 15. Check the folder for the newly created file named "C:\monitor\bootlog.pml," which contains all the log information from the boot process.

Details:

The article is a guide to setting up and using Microsoft Sysinternals Process Monitor (Procmon) to log system processes at boot time in Windows. Here's the step-by-step process for enabling this feature: 1. Use an account with administrative privileges to log into the computer. 2. Locate the folder where ProcessMonitor was extracted. 3. Open Procmon.exe from the extracted files. 4. Go to the "Options" menu and select "Enable Boot Logging." 5. In the dialog box, click on "Generate thread Profiling events" and choose "Every 100 milliseconds." Confirm with "OK." 6. Reboot the computer. 7. Log in again using the same account. 8. Wait for Windows to fully load. 9. Navigate back to the folder where ProcessMonitor was extracted. 10. Double-click on Procmon.exe to open it. 11. A dialog box will appear; click "Yes" to proceed. 12. This will show a Save As dialog box, where you can name your log file (e.g., bootlog.pml). Click the "Save" button. 13. A progress bar indicates the conversion of boot-time events into a usable format as soon as you click "Save." 14. After the data conversion is complete and Event Filtering is applied, ProcMon will return to its default console view with the capture icon still disabled. 15. Check the folder for the newly created file named "C:\monitor\bootlog.pml," which contains all the log information from the boot process.