Author: SchLois
Subject: Procmon unable to capture File System events
Posted: 06 October 2016 at 1:52pm
Hi CBruce,
Subject: Procmon unable to capture File System events
Posted: 06 October 2016 at 1:52pm
Hi CBruce,
now I have the same or at least a very similar problem.
Yesterday I started ProcMon 3.10 on Server 2012 R2 (running as a VM I think), traced registry, file and network activity, and saved the trace. It does contain file system activity.
I few hours later I did the same on the same machine, while my costumer reproduced the problem I have to solve.
The produced log file doesn't contain any file system activity. First I thought that I had accidently deselected it and gave ProcMon another try.
But file system activity is still selected, but nothing is shown.
All I've tried so far
- reset the filter
- changed to Version 3.31
- deleted HKEY_CURRENT_USER\Software\Sysinternals\Process Monitor
the file activity has stopped working.
I cannot test if a reboot solves the problem, as it's a production server.
Greetings
SchLois