There are two methods of getting the list of processes on a system. The reason for the choice is that the objects that you get back have a bunch of useful methods on them, one of which is GetOwner that retrieves the owner of the process — just what we are looking for.
You can always get the list of things you can do by piping the command to Get-Member. For example:. In order to get the owner information into the objects, we have to do a little work.
Joel Bennett assisted with this small scriptlet:. Although I have split this over multiple lines for readability, you should type this all on the same line. You will notice an awful lot of properties being returned when you run this command. The filters allow you to specify various criteria for events to be added or excluded from the monitoring.
The default filter already excludes events of a standard Windows system activity and the procmon. Click Add to add a new filter to the list. Switch to the ProcMon window. As you can see, it contains events for creating a registry key by the reg. It also contains events of creation Create File and writing to a file WriteFile by the processes cmd. The list of events contains the system process msmpeng. This is the core process of the antimalware detection engine in Windows Defender.
To exclude the events of this process from the ProcMon log, right-click on the process name msmpeng. This process will be added to the ProcMon filter with the Exclude value. In this way, exclude any other trusted processes that are accessing your file or registry key. Now, if any process running on Windows tries to read or write to a tracking file or registry key, you will see this event in Process Monitor.
Running Process Monitor can negatively affect the performance of your computer. The last step of windows process monitoring is checking the process permissions.
You can access this feature by right-clicking on the process, choose Properties, and then go to Security:. Checking the permission can also help find a solution to debug apps and processes. Sometimes, if a process has a hard time running smoothly, it might not have the necessary permissions to do it. Using Task Manager for Windows processes is quite straightforward. If you know where to click, the Task Manager will provide you with all the information about the process to effectively check its performance.
However, it is important to remember which processes you can and cannot kill. We listed some of them in this article to help you navigate them and better understand their role. If the process is stuck, try to check its permissions. Click here to read more about the acquisition. Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
Privacy policy. Download Process Monitor 3. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon , and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.
0コメント