Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview
This article contains steps to get process monitor logs and system events while the device is starting up.
Product and Environment
Non-Sophos product
Prerequisite
Download and extract Process Monitor.
Getting process monitor logs and system events using Process Monitor
Normal process monitor log
- Run
Procmon64.exefrom the extracted Process Monitor file. Note: The application will start logging once it starts. - Click File > Capture Events to stop the logging.
- Click Edit > Clear Display.
- Reproduce the issue and capture the logs.
- Click Filter > Enable Advanced Output.
- Stop the capture and save the logs.
- Select All events and click OK.
- Zip the PML file and attach it to your reply to Sophos Support for your existing ticket or request them for FTP credentials.
Boot process monitor log
- Do steps one to four when getting the process monitor log.
- Click Options > Enable Boot Logging.
- Select Every second and click OK.
- Click Filter > Enable Advanced Output.
- Restart your device and reproduce the issue.
- Run
Procmon64.exe. - Click Yes once prompted.
- Zip the PML file and attach it to your reply to Sophos Support for your existing ticket or request them for FTP credentials.
Sign up for the Sophos Support Notification Service to receive proactive SMS alerts for Sophos products and Sophos Central services.
Updated disclaimer
[edited by: Qoosh at 8:07 PM (GMT -7) on 31 Mar 2023]