Author: hald1r
Subject: The ProcMon filter question
Posted: 05 April 2013 at 3:04pm
Hi,
I want to set filter so that I can see couple of event categories.
e.g.
I set the Category is Write, so I can see all the file system activities (file created, file deleted...), beside that, I want to include Operation is Process Create and Operation is Process Start so that I can see all the events from this three categories.
Can I achieve this? If I activate Category is Write than I can see only file system related events. If I set (together with this filter setting) Operation is Process Create and Operation is Process Start than I don't see anything. If I set only the later two filters than I can see process create and start events, but not a file system events??? Like they are excluding each other.
Can I see all the events that are covered with Category is Write, Operation is Process Create and Operation is Process Start???
Thanks
Subject: The ProcMon filter question
Posted: 05 April 2013 at 3:04pm
Hi,
I want to set filter so that I can see couple of event categories.
e.g.
I set the Category is Write, so I can see all the file system activities (file created, file deleted...), beside that, I want to include Operation is Process Create and Operation is Process Start so that I can see all the events from this three categories.
Can I achieve this? If I activate Category is Write than I can see only file system related events. If I set (together with this filter setting) Operation is Process Create and Operation is Process Start than I don't see anything. If I set only the later two filters than I can see process create and start events, but not a file system events??? Like they are excluding each other.
Can I see all the events that are covered with Category is Write, Operation is Process Create and Operation is Process Start???
Thanks