Let’s learn how to use process monitoring in windows 11. Process monitor is a program that expands the options available in the previous Windows version. This program is a complete tool that helps you to monitor the system’s active processes.
Process monitoring helps establish all kinds of filters to make your system easier to make any changes or searches to carry out. Process monitoring also shows you the percentage of ongoing processes on a real-time basis.
Process monitoring systems enable us to end any processes that are impossible to end using windows administrator. Like end processes, you can also be eligible for launching an application recognized by windows through the program’s interface.
In this post, I will show how to use a process monitor in Windows 11, and the below steps show how to download and install it with users in Windows 11.
- Enable Dark Mode for Web Content in Microsoft Edge | Windows 11
- Use CHKDSK Tool to Fix Windows Issues
What is Process Monitoring?
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon.
It adds an extensive list of enhancements, including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.
Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware-hunting toolkit.
Installation and Uses of Process Monitoring in Windows 11
You can download the process monitor from the Microsoft website. You can download the process monitor from the link given below. The steps to download and install the process monitor in windows 11 are below.
Click here to download the Process Monitor in Windows 11 -> Download Process Monitor.
Step 1 is to first click on the link provided above, and the process monitor starts downloading instantly and stores it in the download folder as a zip file. Now go to your system’s download folder, right-click on the zip folder, and select extract all.
Step 2 is after clicking on extract all; it asks to select a destination folder where you want to extract the folder. All downloads are saved in the download folder by default.
Step 3 from the extracted folder, choose Procmon, right-click on it and select Run as administrator. Then the User Account Control approval window opens; press Yes to continue.
Step 4, the next window is the Process Monitor License Agreement; click on Agree to its terms and conditions. And the installation will start.
The final step is the application interface shown in the figure below. You can check the interface of the process monitor application. It contains various options tabs, as listed below, and also, some graphical options are shown in the figure.
- File Tab
- Edit Tab
- Event Tab
- Filter Tab
- Tools Tab
- Options Tab
- Helps Tab
1. File Tab
The file tab contains some functions to make changes in the process, the options shown below. Here are the alternatives to open, save, back files, etc.
- Open: To open a selected file or process
- Save: To save the process
- Backing Files: To make a backup storage
- Capture Events: To save all the process paths in the record
- Export Configuration: To export the configuration of some processes
- Import Configuration: To import the design into it
- Exit: Leave the process monitoring window
2. Edit Tab
The Edit tab is used to make changes in the currently running process that can be changed during the running process. There is some option to make some modifications.
- Copy: To copy some process
- Find: To find a particular process
- Find Highlight: To see highlighted processes
- Find Bookmark: To find bookmarks in process, if any
- Auto Scroll: To scroll the process window automatically
- Clear Display: To clear the process monitor window
3. Event Tab
The Event tab is used to check any event properties, show the highlighted events, etc., and manages the details of the currently running processes.
- Properties: Show the detailed information
- Stack: Show the stacking information
- Toggle Bookmark: Toggle in between the bookmarks
- Jump To: Helps to jump from one process to another
- Search Online: Search online event
- Include: To include process details
- Exclude: To exclude process details
- Highlight: Shows the highlighted details
4. Filter Tab
The filter tab is used to make a specific process search for the user to make a particular process to monitor. The filter tab creates filters for search, reset filters, load filters, etc. The details are shown below:
- Enable Advanced Output: It enables advanced output
- Filter: To set filters in the process of monitoring
- Reset Filter: To reset the filters
- Load Filter: To apply the filters
- Save Filter: To save a particular set of filters
- Organize Filter: To make filters organized
- Drop Filtered Events: To drop some filtered events
- Highlight: Highlighted the filtered selections
5. Tools Tab
Like other applications, the Process Monitor also has a tools tab to make changes, check the summaries, system details, etc. The details are shown below:
- System Details: Showing the details of the system
- Process Tree: Showing the process tree of an event
- Process Activity Summary: Only represent summaries of Process Activity
- Registry Summary: Showing the outlines of the registry process
- Stack Summary: Represents the stack details
- Network Summary: Shows the network details
- Cross Reference Summary: Paths that are written and read between differing processes
- Count occurrences: Count values occurrences
6. Options Tab
Using the options tab user can change the interface of the application, like changing the Font, theme, highlight colors, etc. The details are shown below:
- Always on Top: Events on the top
- Font: Modify the font styles
- Highlight Colors: Highlight colors choosing
- Theme: Modify the application theme
- Configure Symbols: Symbol configuration for the application
- Select Columns: Select particular columns
- History Depth: Limits the total number of events during a run
- Profiling Events: Can generate thread profiling events that capture the state of all executing threads at a regular interval
- Enable Boot Logging: This can generate thread profiling events that capture the state of all executing threads at a regular interval
- Show Resolved Network Addresses: It shows the resolved network address
- Hex File Offsets and Lengths: Shows the file offsets and lengths shown below
- Hex Process and Threads IDs: Shows the process and threads IDs
7. Helps Tab
Like other applications, the helps tab is also present for the user to solve any complications regarding the PC’s health. The process monitor, index, and search contents are available in it.
- Help: Shows all contents, indexes, and search
- Command Line Options: It shows the command line arguments details
- About: Shows information about process monitor
What are the Capabilities of Process Monitoring?
Process Monitoring includes powerful monitoring and filtering capabilities and also has some other functionalities listed below:
- More data captured for operation input and output parameters
- Non-destructive filters allow you to set filters without losing data
- The capture of thread stacks for each operation makes it possible, in many cases, to identify the root cause of an operation
- Reliable capture of process details, including image path, command line, user, and session ID
- Configurable and moveable columns for any event property
- Filters can be set for any data field, including fields not configured as columns
- Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
- The process tree tool shows the relationship of all processes referenced in a trace
- Native log format preserves all data for loading in a different Process Monitor instance
- Process tooltip for easy viewing of process image information
- The detail tooltip allows convenient access to formatted data that doesn’t fit in the column
- Cancellable search
- Boot time logging of all operations
Now some functionalities are shown below that are discussed above. The quick and various options from the different tabs are discussed below:
Command Line Options from Helps
The Helps tab has an option as a command line with some arguments to perform some tasks. The details of command line arguments are illustrated in the table and the image below:
| Command Line Arguments | Description |
|---|---|
| /OpenLog<PML file> | Open a previously saved event file |
| /BackingFile<PML file> | Save events in the specified backing file |
| /PagingFile | Save events in the virtual memory |
| /NoConnect | Don’t automatically begin collecting events at startup |
| /NoFilter | Clear the filter at startup |
| /AcceptEula | Accept the EULA automatically (don’t show a dialog) |
| /LoadConfig<file> | Load a previously saved configuration file |
| /Profiling | Enable the thread profiling feature |
| /Minimised | Start the application minimized |
| /WaitForIdle | Wait for an instance of ProcMon to become ready |
| /Terminate | Terminate all instances of ProcMon and exit |
| /Quiet | Don’t confirm filter settings during the startup |
| /Run32 | Run the 32-bit version to load 32-bit log files (x64 only) |
| /Runtime | Run for the specified number of seconds and terminate |
| /HookRegistry | Hook Registry for Softgrid troubleshooting (x86 Vista only) |
| /SaveAs<path> | Export to an XML, CSV, or PML file |
| /SaveAs1<path> | Export including stack traces (XML Only) |
| /SaveAs2<path> | Export including stack traces with symbols (XML Only) |
| /SaveApplyFilter | Apply the current filter before exporting |
| /EnableBootLogging | Configures logging of the next boot |
| /ConvertBootLog<PML file> | Automatically processes a boot log after reboot |
| /RingBuffer | Enable fight recorder mode |
| /RingBufferSize<size> | Ring buffer size in MB |
| /RingBufferLen<len> | Ring buffer length in minutes |
Show Registry Activity
Selecting the Registry Activities shows the currently running process of the device. The registry activity is marked with an arrow in the figure below.
Show File System Activity
Selecting the Registry Activities shows the currently running process of the device. The registry activity is marked with an arrow in the figure below.
Show Network Activity
Selecting the Network Activities shows the currently running process of the device. The Network activity is marked with an arrow in the figure below:
Show Process & Thread Activity
Selecting the Process & Thread Activities shows the currently running process of the device. The Process & Thread activity is marked with an arrow in the figure below:
Show Profiling Events
Selecting the Profiling Activities shows the currently running process of the device. The Profiling activity is marked with an arrow in the figure below:
You can change the application font using the Options tab. The Step by step process to change the application’s Font is shown in the image below.
- Click on the Options Tab
- Click on Font
- On the Font window, select Font
- Select Font Style
- Select Font Size
- Click on OK
You can also change the theme of the application. The theme is set to default; click on Dark to switch it to dark mode. Then restart the system, and the Process Monitor window changed to dark mode.
- Open Options Tab
- Clin on Theme
- Select Dark
- Click OK to restart your device
The information shared above regarding How to Use Process Monitoring in Windows 11 is helpful. Please follow us on HTMD Community and visit our website HTMD Forum if you like our content.
Author
Alok is a Master of Computer Applications (MCA) graduate. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.