Use Process Monitor to create real-time event logs

Document created by jross Employee on May 23, 2017Last modified by bgoddard on Sep 13, 2019
Version 6Show Document
  • View in full screen mode

Process Monitor, or ProcMon, is a Windows tool designed to help log application issues on your computer.  With Process Monitor you can observe, view, and capture Windows file and system activity in real-time. Malwarebytes Support uses Process Monitor to help determine what applications are diminishing your experience with Malwarebytes software.

 

Create a ProcMon log

To log issues between Malwarebytes software and another application, download and run Process Monitor to create a ProcMon log.

 

  1. Download Process Monitor, then extract the file ProcessMonitor.zip to your Desktop.

  2. Open the applications you are troubleshooting, including Malwarebytes software. Close all other programs open on the computer.

  3. To start logging, double-click Procmon.exe to run the tool.


  4. Once Process Monitor is open, reproduce the error. Be sure to note the time when the issue occurs while capturing the event.

  5. To stop logging, open Process Monitor, then click File > uncheck Capture Events.


  6. In Process Monitor, click File > Save.


  7. In the Save To File window, click All events. To save the logs to the default location, click OK.


  8. Upload the Logfile.pml file using the file upload link provided by your Support agent.

 

Create a boot log

For issues with Malwarebytes software during startup, use Process Monitor to create a boot log.

 

  1. Download Process Monitor, then extract the file ProcessMonitor.zip to your Desktop.

  2. To start logging, double-click Procmon.exe to run the tool.

  3. Select OptionsEnable Boot Logging.


  4. Click OK.


  5. Restart the computer. Wait approximately 5–15 minutes or until Windows and any startup programs have loaded.

  6. Once Windows has finished loading, double-click Procmon.exe.

  7. To save the log file, click Yes.


  8. In the Save As window, click Save.


  9. After Process Monitor has converted boot-time event data, upload all Bootlog.pml logs that Process Monitor generates using the file upload link provided by your Support agent. 

  10. Once the logs are uploaded to Malwarebytes, you may delete both Process Monitor and the logs from your computer.

 

Additional information

1 person found this helpful

Attachments

    Outcomes