NEWS FROM THE LAB - Friday, November 17, 2006

REALLY want to know what's happening in your system? Posted by Mikko @ 08:06 GMT

Sysinternals has made available a great new tool called Procmon that combines the features of two older Sysinternals utilities: Filemon and Regmon, and adds much more. You can use this tool to monitor very closely what's happening on a system, as it happens.

  "Process Monitor is an advanced monitoring tool for Windows that shows
  real-time file system, Registry and process/thread activity. Process Monitor
  adds an extensive list of enhancements including rich and non-destructive
  filtering, comprehensive event properties such session IDs and user names,
  reliable process information, full thread stacks with integrated symbol
  support for each operation, simultaneous logging to a file, and much more.
  Its uniquely powerful features will make Process Monitor a core utility in
  your system troubleshooting and malware hunting toolkit."


As Microsoft has bought Sysinternals, Procmon is available for download from Microsoft:

Cheers to Mark.

Updated to add: There's been some reports of system crashes while using Procman. See the discussion here. We've seen no problems ourselves but your mileage, as usual, may vary.