Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts

    Process Monitor Problem

    I recently downloaded the latest Sysinternals Suite, basically to update Autoruns.exe, for use on both Win7 & Win10.
    Autoruns opens OK on both , but I can't get Procmon.exe to open on either, although as I recall it worked fine in the past.
    I'm a bit stumped as to how to troubleshoot this, anyone got ideas?

    Alex

  2. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 579 Times in 464 Posts
    Right-click on the procmon.exe file and check its properties... is it v3.20.0.0?

    Have you tried running Procmon directly from the Sysinternals web page? If so, what result?

    Have you tried temporarily disabling any AV you are using?

    Hope this helps...

  3. The Following User Says Thank You to Rick Corbett For This Useful Post:

    Fascist Nation (2016-01-03)

  4. #3
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    lastly you can download it separately and see if it still won't run.

  5. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts
    It is v3.20.0.0, and I've tried running it with AV and Anti Malware off, still no result.
    I get the usual 'Do you want to run this file' message, then nothing.
    I don't even get this if I run as Administrator, which is to be expected.
    Other Sysinternals apps work OK, such as Autoruns and Perfmon.
    Like I said, I'm stumped.

    Alex

  6. #5
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 579 Times in 464 Posts
    1. Where are you running procmon.exe from, i.e. what's the filepath?

    2. What version of Windows are you running? x32 or x64? (My understanding of procmon.exe is that when run on an x64 version of Windows it spawns a procmon64.exe file and runs that in the background.)

    3. With Task Manager open to the Processes tab, do you see the procmon process appear at all when you run it?

    4. Have you checked Event Viewer (eventvwr.msc) for any relevant entries in Application or System (under Windows Logs)?

    5. Have you checked Reliability Monitor for any relevant entries? (Enter perfmon /rel in a Run dialog or commandline window - Win 7 onwards)

    Hope this helps...

  7. #6
    3 Star Lounger
    Join Date
    Sep 2010
    Location
    Yarra Glen, Victoria, Australia
    Posts
    213
    Thanks
    0
    Thanked 39 Times in 25 Posts
    If you do not see the "Do you want to run" message when you run it as administrator, that suggests a security issue. Using Windows Explorer or similar, navigate to the executable file (I would guess C:\Program Files\Process Monitor\Procmon.exe), right-click on it, then Properties, then Security. The user (or group) that you are running under needs to have "Full control". If you do not see your own user name in the list, add it in and give it "Full control". Could also be the dreaded UAC getting in the way, so check your settings. I can run Process Monitor under Windows 7 x64 with no problems, and as suggested it does spawn a procmon64.exe process.

    Do you also have Process Explorer? Does it work? If not then Task Manager will do, but try splitting your screen so that you can run Process Explorer (or Task Manager) in one part, and have the command where you try to launch Process Monitor in the other part. Launch Process Monitor while carefully watching the other part of the screen. Do you see procmon.exe appear briefly, then go red and/or disappear? If so, then "something" is preventing it from running and is killing it. An entry in one of your event logs should indicate what the problem is.

    (Interesting catch-22 situation. For any other program which will not start, I would suggest to run it under Process Monitor ...... )
    Last edited by Bundaburra; 2016-01-05 at 04:26.

  8. #7
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts
    Thanks guys. I followed Bundaburra's suggestion and ran Process Explorer in half a screen while starting Procmon in the other half. Process Monitor does start briefly then red lines, and if I try starting as Administrator, a second prog I couldn't identify also tries to start but is red lined.

    I've examined logs with Event Viewer after these tests, but no mention appears anywhere. Further advice on where I might expect an appropriate message to appear would be helpful. Running perfmon /rel yielded nothing.
    I should also mention that I dual boot Win7 and Win10, both x64, and I get exactly the same pattern in both.
    Regarding the security issue, procmon.exe has full control allowed for Everybody, and is in a separate partition to the operating systems.

    I remain stumped.

    Alex
    Last edited by A1ex; 2016-01-05 at 12:41. Reason: Additional info

  9. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 576 Times in 479 Posts
    When it crashes in W7, you'll get a popup window with a dropdown option that shows you some details:
    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: Procmon.exe
    Application Version: 3.20.0.0
    Application Timestamp: 5563c057
    Fault Module Name: Procmon.exe
    Fault Module Version: 3.20.0.0
    Fault Module Timestamp: 5563c057
    Exception Code: c0000005
    Exception Offset: 0005d889
    OS Version: 6.1.7601.2.1.0.256.48
    Locale ID: 2057
    Additional Information 1: 0a9e
    Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
    Additional Information 3: 0a9e
    Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
    What do you get?

  10. #9
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts
    It doesn't crash, it just doesn't start, consequently I get no response at all.

    Alex

  11. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,620
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Have you tried running it in Safe Mode or in a clean boot ?

    I don't have the suite and just run Process Explorer from my Downloads folder, having installed it from https://technet.microsoft.com/en-us/...sexplorer.aspx

    Event Viewer may have an Event ID 1001 for it.

  12. #11
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts
    I tried safe mode and got exactly the same response - nothing. This is in both W10 and W7.
    Your link is to Process Explorer, I have no problem with that, it runs perfectly, in fact I've been using it to help troubleshoot Procmon.

    When I tried in safe mode I got no response in Process Explorer, not even a red bar!

    I have downloaded the Procmon.zip file from Sysinternals but got exactly the same result.

  13. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 576 Times in 479 Posts
    Uninstall your security software from one of the OS's and test, disabling them is sometimes not enough.

  14. #13
    jwoods
    Guest
    Check the Windows Event Logs and see if there are any errors related to Process Monitor.

    After opening Event Viewer, expand the Custom Views folder and click on Administrative Events.

    The Administrative Events contain Warnings, Errors, and Critical events from all event logs.

  15. #14
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,620
    Thanks
    147
    Thanked 877 Times in 839 Posts
    Quote Originally Posted by A1ex View Post
    I tried safe mode and got exactly the same response - nothing. This is in both W10 and W7.
    Your link is to Process Explorer, I have no problem with that, it runs perfectly, in fact I've been using it to help troubleshoot Procmon.

    When I tried in safe mode I got no response in Process Explorer, not even a red bar!

    I have downloaded the Procmon.zip file from Sysinternals but got exactly the same result.
    In Post #7 you said that Process Explorer red lines which is why I linked it, but have had no need to run Procmon.

    Safe Mode with Networking would bypass a 3rd party AV program but Windows Firewall would be active in Safe Mode etc.

    Which AV program are you using ?

    If for some reason you are getting a bad download and either firewall is trying to read them as you are opening them, then you may get a Sharing Violation error, but that doesn't seem to be happening.

    A possible workaround could be if you could download/save it onto another machine and then copy it across to run its .exe.

  16. #15
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Skelmersdale, Lancashire, UK
    Posts
    253
    Thanks
    44
    Thanked 10 Times in 10 Posts
    Quote Originally Posted by satrow View Post
    Uninstall your security software from one of the OS's and test, disabling them is sometimes not enough.
    Surely starting in safe mode is just as good a test.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •