How to Use Process Monitor for Troubleshooting

Laurel DevotoBy
how-to-use-process-manager

Many calculations and processes are going on behind the scenes of every program you use, and, for the most part, they aren’t that important for the user to understand. Sometimes, you need the nitty-gritty details of what’s happening in each program on your computer. Process Monitor is a convenient tool to have and understand when that time comes. 

What Is Process Monitor?

Process monitor is a Windows utility that helps you figure out what different programs on your computer are doing. You never see many behind-the-scenes activities as a regular user, like background downloads, processes sharing information, or errors that aren’t relayed to the person using the program. Process monitor can help you see this kind of information.

It isn’t as user-friendly as some Windows utilities and is used mainly by system administrators. In fact, you must have administrator access to the computer you’re using to run the process monitor tool. If you don’t have it yet, contact your system administrator for help. 

What Can I Do With Process Monitor?

Process Monitor is a program designed to give you information. While you can’t use it to troubleshoot issues directly, it can help you figure out exactly what’s going on so that you know what to do. Having more information is always good when fixing problems on your PC.

How to Install Process Monitor?

Process monitor isn’t built into Windows like some other monitoring tools. You have to opt-in by installing it. Before you start, you need a program that can unzip files.

  1. Navigate to the download page for Process Monitor. It’s free from Microsoft and should install quickly, depending on how fast your internet connection is.
  2. Open your download page to find the zipped file.
  3. Right-click on the file and choose the option to unzip to a folder of the same name.
  4. Wait for the process to complete. 
  5. Open the folder.
  6. Double-click procmon.exe and follow any steps that appear to complete the process. When it’s done, Process Monitor should pop up on your screen.
    procmon

You can drag the exe file to a location where it’s easily found and use that to open Process Monitor in the future if you prefer. 

What Options Can I Adjust on Process Monitor?

There are a few things that you can adjust to make the program more user-friendly for you.

  • Process Monitor offers both a dark theme and a light theme. The light theme looks like the standard view of folders in Windows, while the dark scene may be easier on your eyes in low-light conditions. You can change it by going to the Options menu. In order to see your new theme, restart Process Monitor.
    theme
  • You can also change the font to make it easier to read. There are so many different things happening in the program that larger font can make it easier to narrow down on what you’re seeking. However, a smaller font can get more information on your screen. Go to Options and choose Font to make your adjustments. 
    fonts-change
  • To give yourself more information on the screen, go to Options and Select Columns. Here, you can choose which options appear. If you add too many, you may need to scroll left and right to see all the available information.
    select-columns

What Information Can You View in Process Monitor?

There are many columns to choose from. The name, operation, time of day, path, detail, and the result are automatically shown. You can hide or show the others as desired by changing your columns.

Application details let you get more information about the process the monitor reports on. 

  • Process name
  • Image path
  • Command-line
  • Company name
  • Description
  • Version
  • Architecture

Event details give you more information about the specific event occurring in the reported application.

  • Sequence number
  • Event class
  • Operation
  • Date and time
  • Time of day
  • Category
  • Path
  • Detail
  • Result
  • Relative Time
  • Duration
  • Completion time

Process Management gives you more information about the exact process taking place. 

  • User name
  • Session ID
  • Authentication ID
  • Integrity
  • Process ID
  • Thread ID
  • Parent PID
  • Virtualized

You choose which columns you want to show based on the information you’re trying to find. You don’t need to have each column enabled to get more details on the collected events. 

If you want to see any of this information about a particular event, here’s how.

  1. Scroll to the line of the event you want to read about in Process Monitor.
  2. Right-click on the line.
  3. Choose Properties.
    properties
  4. Click the Event tab to read more about the particular event. You can find information about the date, file path, duration, class, and more.
    events
  5. Click the Process tab to read more about the process itself. It may tell you what company made the software running the process, what that software is, the architecture, whether it’s virtualized, and the modules involved.
    process
  6. Click the Stack tab to see more information about stored modules.
    stack
  7. Press Close to return to the main Process Monitor window when you’re done reading the details.

Within the Properties of any particular event, you can choose to Copy All to save the information to a clipboard. This is helpful if you’re saving data for troubleshooting or sharing with another person. 

Using Filters in Process Monitor

One way to narrow down some of the information and find what you’re looking for is by using filters. There are millions of processes recorded and reported by Process Monitor, so understanding filters is extremely helpful when looking for something specific.

  1. Click Filter at the top of the Process Monitor window.
    filter
  2. Choose Filter from the menu.
    filter-from-filter-menu
  3. Select the variable you want to search for from the first dropdown. Every potential column is an option, so you can search for anything from architecture to virtualized.
    dropdown--menu-of-filter
  4. Select how you want the filter managed from the second dropdown. You can choose from: is, is not, less than, more than, begins with, ends with, contains, or excludes. However, you can only choose one option at a time.
    second-dropdown-menu
  5. Select an option from the third dropdown menu to tell it what variable you’re searching for. The options change depending on your selection in the first two dropdown menus. For example, if you chose Architecture, the options are 32 and 64-bit. If you choose Virtualized, the options are True, False, or N/A.
    third-dropdown-menu
  6. Choose what to do with the result from the fourth dropdown menu. You can include it in the results or exclude it from the results.
    fourth-dropdown
  7. Click Add.
  8. Click Apply. It can take some time for the filter to be applied. For example, when I searched for Virtualized processes marked as True, it required more than six minutes to search for 109 million entries and find the right results.
  9. Click OK. You’ll see the search results that your filter returned. For example, my search for Virtualized processes revealed that the GameOverlay from Steam is considered a Virtuzlied process. I can also see that it repeats very frequently, and the results range from Success to Buffer Overfilled. 

You can add and remove multiple filters in this menu, which can help cut down the many returned results and show you what you need.

Tips and Tricks for Using Process Monitor

  • At the top of the window are four illustrated icons representing Registry Activity, File System Activity, Network Activity, and Process and Thread Activity. You can unselect these to remove the matching results from the list or select them to include the results in the list. If you know what type of activity you’re looking for, adding or removing these can make it easier to find.
    five-illustrated-icon
  • To see the activity in the Process Tree view, click the symbol at the top of the window with three squares connected by lines. This will allow you to see the data differently that might be more useful, depending on your current task.
    process-tree
  • You don’t want to run Process Monitor when you don’t need it because it uses a lot of memory. Your computer may not run as efficiently when it’s active. 
  • You can choose to highlight certain types of events to spot them more easily. In this way, you won’t remove other events from the list and will be able to see what’s happening simultaneously, but certain events will stand out more.
  • You can always clear your filters from the Filter menu. It’s usually quick but may take a while, depending on your system. 

Do I Need to Use Process Monitor?

Many people get by without ever having to use Process Monitor. As you get deeper into computer troubleshooting, though, having heavy-duty monitoring tools can help you better understand and find problems in your computer. 

Much of the information you see in Process Monitor isn’t as easily accessible in other ways. Even if it seems daunting at first, it’s worth the time it takes to explore what the utility has to offer. 

I'm a computer enthusiast who enjoys building new systems, troubleshooting software for my friends, and playing everything from Apex Legends to Golf with Friends. I used to work as a social media manager and love finding new ways to connect with people.

Related Posts

Add A Comment

Leave A Reply