Get process monitor logs and system events using Process Monitor

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

This article contains steps to get process monitor logs and system events while the device is starting up.

Product and Environment

Non-Sophos product

Prerequisite

Download and extract Process Monitor.

Getting process monitor logs and system events using Process Monitor

Normal process monitor log

1. Run Procmon64.exe from the extracted Process Monitor file. Note: The application will start logging once it starts.
2. Click File > Capture Events to stop the logging.
3. Click Edit > Clear Display.
4. Reproduce the issue and capture the logs.
5. Click Filter > Enable Advanced Output.
6. Stop the capture and save the logs.
7. Select All events and click OK.
8. Zip the PML file and attach it to your reply to Sophos Support for your existing ticket or request them for FTP credentials.

Boot process monitor log

1. Do steps one to four when getting the process monitor log.
2. Click Options > Enable Boot Logging.
3. Select Every second and click OK.
4. Click Filter > Enable Advanced Output.
5. Restart your device and reproduce the issue.
6. Run Procmon64.exe.
7. Click Yes once prompted.
8. Zip the PML file and attach it to your reply to Sophos Support for your existing ticket or request them for FTP credentials.

Sign up for the Sophos Support Notification Service to receive proactive SMS alerts for Sophos products and Sophos Central services.