Now click the Add and the OK buttons to return to the main screen. Again, you could watch the information in the main screen for your file to appear in the Path column, but it would probably be easier to click the Filter icon and make an "include" filter so that only activity relative to that file appears.Ĭlick the Filter icon and in the top left dropdown list select "Path" then type "C:\Temp\Indexes.dat" (without the quotes) into the box just to the right of the dropdown list containing the word "is." (See Figure 2.)įigure 2. You want to start this session with a clean slate, so click the Reset button to return the filtering criteria to their default settings then click OK.Īssume the file you want to watch is named "C:\Temp\Indexes.dat". Since you set a filter the last time you ran Process Monitor, it remembers this setting and brings up the Filter window automatically. You can use Process Monitor to watch the file and see what processes are accessing it. For example, its Modified date occasionally changes or sometimes processes crash because of a "file locked by another user" error. In a second scenario, let's say that there is a file on your hard drive that intermittently exhibits odd behavior. Notice that Process Monitor has automatically already created an "include" filter for the process it found so you really don't have to do anything but click Cancel on the filter window and watch for activity from your process in the main screen. "Include" filters always take precedence over "exclude" filters.Ĭlick the Filter icon (the upside-down pyramid). On the other hand, if you have "exclude" filters turned on, then everything except what's in the filter will be displayed. It's important to realize that if there is an "include" filter turned on, then only those entries that match the filter will be displayed. A filter can be set to include entries or to exclude entries. At this point you can filter out everything about that particular process so you can watch it for activity without being distracted by everything else going on.įiltering is a powerful yet simple concept in Process Monitor. Once you have dragged the icon to the window, release the mouse, and Process Monitor will go to the row where that window's process is found. You use this by clicking and dragging the icon to the window where your process is running. exe name, you can use the "Include Process from Window" icon (eighth from the left). If it is found, Process Monitor stops scrolling and highlights the row where it first finds the process name. If you don't see it, try searching for it by clicking the binoculars icon ("Find") and typing the process name (include its extension, e.g. Launch Process Monitor and see if you can observe your process scrolling by under the Process Name column. As with all diagnoses, there may be several approaches you can take, but since this tip is focusing on Process Monitor we'll use its capabilities to see what's going on. You'd like to know if it's hung or if it is in fact doing something that you just can't detect at the moment. In this first scenario, imagine that you have a process running, but it doesn't seem to be doing anything.
#Win7 process monitor how to
In this tip I'll show you how to actually use some of its features in diagnosis. I introduced this tool in the tip titled Understanding Process Monitor. Process Monitor from Sysinternals is a great diagnostic tool when you want to figure out what is going on with process and/or files.
0 kommentar(er)
