{"id":112887,"date":"2024-07-12T15:57:38","date_gmt":"2024-07-12T19:57:38","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=112887"},"modified":"2024-08-01T10:27:51","modified_gmt":"2024-08-01T14:27:51","slug":"capture-windows-logs-using-process-monitor","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","title":{"rendered":"Capture Windows Logs Using Process Monitor"},"content":{"rendered":"\n

When troubleshooting issues on Windows devices, JumpCloud Support may need additional data that resides outside of the JumpCloud agent and Event logs. To determine if an external process is interfering with JumpCloud Agent functionality, a Support Engineer may ask you for a Process Monitor capture.<\/p>\n\n\n\n

What is Process Monitor?<\/h2>\n\n\n\n

Process Monitor (Procmon) is a powerful monitoring tool for Windows operating systems. It lets you closely observe the activities occurring in real time on your device. Process Monitor captures and displays detailed information about processes, threads, file system activity, registry changes, network activity, and more. This comprehensive visibility helps when troubleshooting software issues by providing insights into background program activity.<\/p>\n\n\n\n

Downloading Process Monitor<\/h2>\n\n\n\n

Process Monitor can be found on Microsoft\u2019s SysInternals website. See ProcMon Download<\/a>.<\/p>\n\n\n\n

Capturing a Process Monitor Log<\/h2>\n\n\n\n

To capture a log in Process Monitor<\/strong>:<\/p>\n\n\n\n

    \n
  1. Log in to the Windows device using an account with administrative privileges.<\/li>\n\n\n\n
  2. Run Procmon.exe<\/strong> as administrator.<\/li>\n\n\n\n
  3. Process Monitor begins logging the moment it starts running, but a clean capture is recommended. To stop capturing, click Capture<\/strong>.
    \"\"<\/li>\n\n\n\n
  4. Clear all previously recorded events by clicking Clear<\/strong>.\"\"<\/li>\n\n\n\n
  5. When you’re ready to recreate the issue or scenario, click Capture<\/strong> to begin logging.<\/li>\n\n\n\n
  6. Once you’ve recreated the issue or scenario, click Capture<\/strong> to stop logging.<\/li>\n\n\n\n
  7. Save the Process Monitor by going to File<\/strong> > Save<\/strong>.
    \"\"<\/li>\n\n\n\n
  8. Compress and archive (zip) the PML file.<\/li>\n\n\n\n
  9. Send the log to your JumpCloud Support Engineer for further review.<\/li>\n<\/ol>\n\n\n\n

    Capturing a Boot Process Monitor Log<\/h2>\n\n\n\n

    You may need to troubleshoot an issue related to your boot process which requires additional configuration in Process Monitor.<\/p>\n\n\n\n

    To enable boot logging in Process Monitor<\/strong>:<\/p>\n\n\n\n

      \n
    1. Follow steps 1-4 in the previous section<\/a> to launch Procmon, stop the default capture, and clear any previously recorded events. <\/li>\n\n\n\n
    2. Go to Options<\/strong> > Enable Boot Logging<\/strong>.<\/li>\n\n\n\n
    3. The Boot Logging Options<\/strong> window appears. Choose the following options:\n
        \n
      • Select Generate profiling events<\/strong>.<\/li>\n\n\n\n
      • Select Every second<\/strong>.
        \"\"<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • Reboot the device and recreate the issue.<\/li>\n\n\n\n
      • Log in to the the Windows device. When at the desktop, run Procmon.exe<\/strong>.<\/li>\n\n\n\n
      • The Process Monitor<\/strong> dialogue box appears. Click Yes<\/strong> and save the log file.
        \"\"<\/li>\n\n\n\n
      • Close Process Monitor.<\/li>\n\n\n\n
      • Compress and archive (zip) the PML file.<\/li>\n\n\n\n
      • Send the log to your JumpCloud Support Engineer for further review.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

        When troubleshooting issues on Windows devices, JumpCloud Support may need additional data that resides outside of the JumpCloud agent and […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[3161,2852,3136,3127,2924],"support_tag":[3160],"coauthors":[3011],"acf":[],"yoast_head":"\nCapture Windows Logs Using Process Monitor - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Capture Windows Logs Using Process Monitor\" \/>\n<meta property=\"og:description\" content=\"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-01T14:27:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\",\"url\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\",\"name\":\"Capture Windows Logs Using Process Monitor - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"datePublished\":\"2024-07-12T19:57:38+00:00\",\"dateModified\":\"2024-08-01T14:27:51+00:00\",\"description\":\"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"width\":590,\"height\":202},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Capture Windows Logs Using Process Monitor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Capture Windows Logs Using Process Monitor - JumpCloud","description":"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","og_locale":"en_US","og_type":"article","og_title":"Capture Windows Logs Using Process Monitor","og_description":"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.","og_url":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","og_site_name":"JumpCloud","article_modified_time":"2024-08-01T14:27:51+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","url":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","name":"Capture Windows Logs Using Process Monitor - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","datePublished":"2024-07-12T19:57:38+00:00","dateModified":"2024-08-01T14:27:51+00:00","description":"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","width":590,"height":202},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Capture Windows Logs Using Process Monitor"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887\/revisions"}],"predecessor-version":[{"id":113509,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887\/revisions\/113509"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=112887"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=112887"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=112887"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=112887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}